Ahoj, poslední týden se počítač chová divně: mažou se různé soubory (typicky nastavení účtů u emailu nebo spuštění při startu), taky se mi posouvá samo datum, ale to už dlouho.
Eset ani Malwarebytes nic nenašli(y?).

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.12:02, on 2.5.2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19236)

FIREFOX: 31.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Asanoth\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
E:\Grafika\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
E:\Komunikace\PopTray 3.20\PopTray.exe
E:\Hudba\Přehrávače\VLC\vlc.exe
C:\Users\Asanoth\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.vscht.cz:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\KANCEL~1\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [MiPhoneManager] "C:\Users\Asanoth\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] E:\Grafika\Photo Studio 15\Program32\ZPSTRAY.EXE
O4 - HKCU\..\Run: [SunsetScreen] E:\Utility\SunsetScreen\SunsetScreen.exe /hidewindow
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: SunsetScreen.lnk = E:\Utility\SunsetScreen\SunsetScreen.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\KANCEL~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://E:\KANCEL~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Kancelář\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Kancelář\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Kancelář\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Kancelář\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BlackBerry Device Manager (Blackberry Device Manager) - Research In Motion Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - E:\bezpečnost\ESET Smart Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - E:\bezpečnost\ESET Smart Security\ekrn.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: Fast Track Pro Audio Device Monitor (FastTrackProAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\Fast Track Pro\AudioDevMon.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) MPI Library Process Manager, Intel (impi_smpd) - Intel Corporation - E:\Technika\Creo 3.0\M020\Common Files\x86e_win64\cma\Bin\IntelMPI\smpd-intel-4.0.3.009-x64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - E:\Bezpečnost\Malwarebytes Anti-Malware\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - c:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - E:\Komunikace\MobileTrans\DriverInstall.exe (file missing)

--
End of file - 12784 bytes

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/files/details ... _tool.html
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Pokud byly nalezeny viry , tak po skenu klikni na „Details…“ a potom na „View log file“. Zkopíruj celý log a vlož ho sem. Potom zavři „threat detail“ a klikni na „Start cleanup“.
Jinak se log nachází zde:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Sophos nic nenašel.

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-04-2019
# Duration: 00:00:15
# OS: Windows 7 Home Premium
# Scanned: 27335
# Detected: 11


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.CleanMyPC C:\Users\Asanoth\AppData\Roaming\CleanMyPC

***** [ Files ] *****

PUP.Optional.Legacy C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.CleanMyPC C:\Windows\System32\Tasks\CMPCUAC

***** [ Registry ] *****

PUP.Optional.CleanMyPC HKCU\Software\CleanMyPC
PUP.Optional.CleanMyPC HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26DDE7F5-0FC2-48A2-A428-F654E9045A3D}
PUP.Optional.CleanMyPC HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26DDE7F5-0FC2-48A2-A428-F654E9045A3D}
PUP.Optional.CleanMyPC HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CMPCUAC
PUP.Optional.CleanMyPC HKLM\Software\CleanMyPC
PUP.Optional.CleanMyPC HKU\.DEFAULT\Software\CleanMyPC
PUP.Optional.CleanMyPC HKU\S-1-5-18\Software\CleanMyPC
PUP.Optional.Legacy HKCU\Software\YahooPartnerToolbar

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Skenování“ , po prohledání klikni na „ Čištění“

Program provede opravu, po automatickém restartu klikni na „Log soubor“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/files/details ... _tool.html
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Pokud byly nalezeny viry , tak po skenu klikni na „Details…“ a potom na „View log file“. Zkopíruj celý log a vlož ho sem. Potom zavři „threat detail“ a klikni na „Start cleanup“.
Jinak se log nachází zde:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

další odkazy:
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-07-2019
# Duration: 00:00:01
# OS: Windows 7 Home Premium
# Cleaned: 11
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Asanoth\AppData\Roaming\CleanMyPC

***** [ Files ] *****

Deleted C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\CMPCUAC

***** [ Registry ] *****

Deleted HKCU\Software\CleanMyPC
Deleted HKCU\Software\YahooPartnerToolbar
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26DDE7F5-0FC2-48A2-A428-F654E9045A3D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26DDE7F5-0FC2-48A2-A428-F654E9045A3D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CMPCUAC
Deleted HKLM\Software\CleanMyPC
Deleted HKU\.DEFAULT\Software\CleanMyPC
Deleted HKU\S-1-5-18\Software\CleanMyPC

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2124 octets] - [04/05/2019 07:19:56]
AdwCleaner[S01].txt - [2185 octets] - [07/05/2019 16:06:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

______________________________________________________________________________________________________
______________________________________________________________________________________________________

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Asanoth (Administrator) on Łt 07.05.2019 at 16.08.10,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 10

Successfully deleted: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\extensions\staged (Folder)
Successfully deleted: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\torrentz-search.xml (File)
Successfully deleted: C:\Users\Asanoth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4E42K0OJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Asanoth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTXDNFP7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Asanoth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X23QQ6P3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Asanoth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYD4Q6O7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4E42K0OJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTXDNFP7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X23QQ6P3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYD4Q6O7 (Temporary Internet Files Folder)

Deleted the following from C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\prefs.js
user_pref(browser.urlbar.suggest.searches, false);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 07.05.2019 at 16.09.48,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller Anti-Malware V13.1.10.0 (x64) [Apr 24 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Asanoth [Administrator]
Started from : C:\Users\Asanoth\Desktop\RogueKiller_portable64.exe
Signatures : 20190423_114402, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/05/07 18:44:47 (Duration : 00:12:54)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] (Microsoft Windows) \{61ECE1FD-9F01-4311-ADA4-C89A64818CB3} -- C:\Windows\system32\pcalua.exe [-a C:\Users\Asanoth\AppData\Local\Temp\jre-8u101-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1] -> Found
[Suspicious.Path (Potentially Malicious)] (Microsoft Windows) \{9351183F-E226-47E2-9D89-3AD4D518261E} -- C:\Windows\system32\pcalua.exe [-a C:\Users\Asanoth\AppData\Local\Temp\jre-8u77-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1] -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
[PUP.InnovativeSolutions (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-3626143423-3778064361-277993632-1000\Software\Innovative Solutions -- N/A -> Found
>>>>>> R5 - Proxy
[PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-3626143423-3778064361-277993632-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- proxy.vscht.cz:3128 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Firefox Config
[PUM.Proxy (Potentially Malicious)] network.proxy.http (C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\prefs.js) -- 202.53.227.210 -> Found
[PUM.Proxy (Potentially Malicious)] network.proxy.http_port (C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\prefs.js) -- 8080 -> Found

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.


Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Tentokrát jsem nebyl moc úspěšný.
Zoek se zasekl na oba pokusy před Zemanou i po ní na FFExtensions asi na 3/4 hodiny, tak jsem ho vypnul.
Zemana našla jenom doplněk "add to search bar", který mi smazala.
Ještě něco předtím smazalo AdBlock a Privacybadgera.
Combofix po spuštění (i přejmenovaném) hlásí, že je 10. května a že vypršel, pak se smaže.

RogueKiller Anti-Malware V13.1.10.0 (x64) [Apr 24 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Asanoth [Administrator]
Started from : C:\Users\Asanoth\Desktop\RogueKiller_portable64.exe
Signatures : 20190423_114402, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/05/10 14:14:29 (Duration : 00:12:53)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] \{9351183F-E226-47E2-9D89-3AD4D518261E} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Asanoth\AppData\Local\Temp\jre-8u77-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1) -> Deleted
[Suspicious.Path (Potentially Malicious)] \{61ECE1FD-9F01-4311-ADA4-C89A64818CB3} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Asanoth\AppData\Local\Temp\jre-8u101-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1) -> Deleted
[PUP.InnovativeSolutions (Potentially Malicious)] HKEY_USERS\S-1-5-21-3626143423-3778064361-277993632-1000\Software\Innovative Solutions -- -> Deleted
[PUM.Proxy (Potentially Malicious)] HKEY_USERS\S-1-5-21-3626143423-3778064361-277993632-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- -> Deleted
[PUM.Proxy (Potentially Malicious)] network.proxy.http -- 202.53.227.210 -> Deleted
[PUM.Proxy (Potentially Malicious)] network.proxy.http_port -- 8080 -> Deleted


Zoek.exe Version 5.0.0.2 Updated 03-May-2018
Tool run by Asanoth on p  10.05.2019 at 15.50.33,85.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Asanoth\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2019-05-10-125338.log 8001 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\prefs.js:
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Asanoth\AppData\Roaming\OutWit\outwit-hub\Profiles\uept8xhq.dev-edition-default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Asanoth\AppData\Roaming\OutWit\outwit-hub\Profiles\uept8xhq.dev-edition-default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Asanoth\AppData\Roaming\Thunderbird\Profiles\r3y6gaux.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Asanoth\AppData\Roaming\Thunderbird\Profiles\r3y6gaux.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default

user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"addSearchEng
---- FireFox user.js and prefs.js backups ----

prefs_10.05.2019_16.28_.backup

ProfilePath: C:\Users\Asanoth\AppData\Roaming\OutWit\outwit-hub\Profiles\uept8xhq.dev-edition-default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_10.05.2019_16.28_.backup

ProfilePath: C:\Users\Asanoth\AppData\Roaming\Thunderbird\Profiles\r3y6gaux.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_10.05.2019_16.28_.backup

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Asanoth\AppData\Roaming\OutWit\outwit-hub\Profiles\uept8xhq.dev-edition-default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Asanoth\AppData\Roaming\Thunderbird\Profiles\r3y6gaux.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Proxy Settings ======================

ProfilePath: C:\Users\Asanoth\AppData\Roaming\Thunderbird\Profiles\r3y6gaux.default
user_pref("network.proxy.backup.socks", "172.17.31.1");
user_pref("network.proxy.backup.socks_port", 1100);
user_pref("network.proxy.backup.ssl", "172.17.31.1");
user_pref("network.proxy.backup.ssl_port", 1100);
user_pref("network.proxy.http", "172.17.31.2");
user_pref("network.proxy.http_port", 1100);
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.socks", "172.17.31.2");
user_pref("network.proxy.socks_port", 1100);
user_pref("network.proxy.ssl", "172.17.31.2");
user_pref("network.proxy.ssl_port", 1100);
user_pref("network.proxy.type", 4);


Informace o kontroly
Název produktu : Zemana AntiMalware
Stav kontroly : Dokončena
Datum kontroly : 10.5.2019 15.37.13
Typ kontroly : Inteligentní kontrola
Čas trvání : 00:00:27
Zkontrolované objekty : 1442
Zjištěné objekty : 12
Vyloučené objekty : 0
Automatické odesílání : Ne
Operační systém : Windows 7 x64
Procesor : 4X Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Režim systému BIOS : Legacy
Informace o doméně : WORKGROUP,False,NetSetupWorkgroupName
CUID : 12AE99EFF6C89099E19C2A


Odhalení
MD5 :
Stav : Zkontrolováno
Objekt : conjuga-me - http://conjuga-me.net
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxSearch
Akce : Vymazat
-----------------------------------------------------------------------
MD5 :
Stav : Zkontrolováno
Objekt : edisk - http://edisk.cz
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxSearch
Akce : Vymazat
-----------------------------------------------------------------------
MD5 :
Stav : Zkontrolováno
Objekt : kojnugation - http://konjugator.reverso.net
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxSearch
Akce : Vymazat
-----------------------------------------------------------------------
MD5 :
Stav : Zkontrolováno
Objekt : konjugator - http://konjugator.reverso.net
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxSearch
Akce : Vymazat
-----------------------------------------------------------------------
MD5 :
Stav : Zkontrolováno
Objekt : konjugator - http://konjugator.reverso.net
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxSearch
Akce : Vymazat
-----------------------------------------------------------------------
MD5 :
Stav : Zkontrolováno
Objekt : opensubtitles - http://opensubtitles.org
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxSearch
Akce : Vymazat
-----------------------------------------------------------------------
MD5 :
Stav : Zkontrolováno
Objekt : äśsfd - http://csfd.cz
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxSearch
Akce : Vymazat
-----------------------------------------------------------------------
MD5 :
Stav : Zkontrolováno
Objekt : solarmovies - http://solarmovie.so
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxSearch
Akce : Vymazat
-----------------------------------------------------------------------
MD5 :
Stav : Zkontrolováno
Objekt : thomann (cz) - http://thomann.de
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxSearch
Akce : Vymazat
-----------------------------------------------------------------------
MD5 :
Stav : Zkontrolováno
Objekt : uloĺľ.to - http://ulozto.cz
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxSearch
Akce : Vymazat
-----------------------------------------------------------------------
MD5 :
Stav : Zkontrolováno
Objekt : yts - http://yts.re
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxSearch
Akce : Vymazat
-----------------------------------------------------------------------
MD5 :
Stav : Zkontrolováno
Objekt : torrentz search - http://torrentz.com
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxSearch
Akce : Vymazat
-----------------------------------------------------------------------

Zoek.exe Version 5.0.0.2 Updated 03-May-2018
Tool run by Asanoth on p  10.05.2019 at 14.15.40,38.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Asanoth\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10.5.2019 14.16.56 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

c:\PROGRA~2\AGEIA Technologies deleted successfully
c:\PROGRA~2\Cisco deleted successfully
c:\PROGRA~2\MSXML 4.0 deleted successfully
c:\PROGRA~2\OutWit deleted successfully
C:\PROGRA~2\COMMON~1\AV deleted successfully
C:\PROGRA~3\Advanced Chemistry Development deleted successfully
C:\PROGRA~3\firebird deleted successfully
C:\Users\Asanoth\AppData\Roaming\AdobeUM deleted successfully
C:\Users\Asanoth\AppData\Roaming\HMYGSetting deleted successfully
C:\Users\Asanoth\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Asanoth\AppData\Local\EmieSiteList deleted successfully
C:\Users\Asanoth\AppData\Local\EmieUserList deleted successfully
C:\Users\Asanoth\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3626143423-3778064361-277993632-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} deleted successfully
HKEY_USERS\S-1-5-21-3626143423-3778064361-277993632-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsDrvInst deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsDrvInst deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WsDrvInst deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WsDrvInst deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Asanoth\AppData\Roaming\OutWit\outwit-hub\Profiles\uept8xhq.dev-edition-default\prefs.js:

Added to C:\Users\Asanoth\AppData\Roaming\OutWit\outwit-hub\Profiles\uept8xhq.dev-edition-default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Asanoth\AppData\Roaming\Thunderbird\Profiles\r3y6gaux.default\prefs.js:

Added to C:\Users\Asanoth\AppData\Roaming\Thunderbird\Profiles\r3y6gaux.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default

user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"sendToDevice
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_10.05.2019_14.52_.backup

ProfilePath: C:\Users\Asanoth\AppData\Roaming\OutWit\outwit-hub\Profiles\uept8xhq.dev-edition-default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_10.05.2019_14.52_.backup

ProfilePath: C:\Users\Asanoth\AppData\Roaming\Thunderbird\Profiles\r3y6gaux.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_10.05.2019_14.52_.backup

==== Deleting Files \ Folders ======================

c:\PROGRA~2\AGEIA Technologies not found
c:\PROGRA~2\Cisco not found
c:\PROGRA~2\OutWit not found
C:\PROGRA~3\Advanced Chemistry Development not found
C:\PROGRA~3\HPs deleted
C:\PROGRA~3\HP deleted
C:\Users\Asanoth\AppData\Local\OutWit deleted
C:\Users\Asanoth\AppData\Roaming\calibre deleted
C:\Users\Asanoth\AppData\Roaming\OpenRefine deleted
C:\Users\Asanoth\.android deleted
C:\Users\Asanoth\AppData\Roaming\Wondershare deleted
C:\Users\Asanoth\AppData\Roaming\Rim.Desktop.Exception.log deleted
C:\Users\Asanoth\AppData\Roaming\Rim.Desktop.HttpServerSetup.log deleted
C:\Users\Asanoth\AppData\Roaming\Rim.DesktopHelper.Exception.log deleted
C:\Windows\SysNative\config\systemprofile\AppData\Roaming\ETDCoInstaller.log deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Asanoth\AppData\Local\Wondershare deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Asanoth\Documents\Updater deleted
C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\google-maps-.xml deleted
C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\wikipedia-en.xml deleted
C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\wolframalpha.xml deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Asanoth\AppData\Roaming\OutWit\outwit-hub\Profiles\uept8xhq.dev-edition-default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Asanoth\AppData\Roaming\Thunderbird\Profiles\r3y6gaux.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Proxy Settings ======================

ProfilePath: C:\Users\Asanoth\AppData\Roaming\Thunderbird\Profiles\r3y6gaux.default
user_pref("network.proxy.backup.socks", "172.17.31.1");
user_pref("network.proxy.backup.socks_port", 1100);
user_pref("network.proxy.backup.ssl", "172.17.31.1");
user_pref("network.proxy.backup.ssl_port", 1100);
user_pref("network.proxy.http", "172.17.31.2");
user_pref("network.proxy.http_port", 1100);
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.socks", "172.17.31.2");
user_pref("network.proxy.socks_port", 1100);
user_pref("network.proxy.ssl", "172.17.31.2");
user_pref("network.proxy.ssl_port", 1100);
user_pref("network.proxy.type", 4);

Vlož nový log z HJT

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19.02:08, on 10.5.2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19236)

FIREFOX: 31.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Asanoth\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
E:\Grafika\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Users\Asanoth\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\KANCEL~1\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [MiPhoneManager] "C:\Users\Asanoth\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe"
O4 - HKCU\..\Run: [SunsetScreen] E:\Utility\SunsetScreen\SunsetScreen.exe /hidewindow
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] E:\Grafika\Photo Studio 15\Program32\ZPSTRAY.EXE
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: SunsetScreen.lnk = E:\Utility\SunsetScreen\SunsetScreen.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\KANCEL~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://E:\KANCEL~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Kancelář\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Kancelář\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Kancelář\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Kancelář\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BlackBerry Device Manager (Blackberry Device Manager) - Research In Motion Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - E:\bezpečnost\ESET Smart Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - E:\bezpečnost\ESET Smart Security\ekrn.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: Fast Track Pro Audio Device Monitor (FastTrackProAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\Fast Track Pro\AudioDevMon.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) MPI Library Process Manager, Intel (impi_smpd) - Intel Corporation - E:\Technika\Creo 3.0\M020\Common Files\x86e_win64\cma\Bin\IntelMPI\smpd-intel-4.0.3.009-x64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - E:\Bezpečnost\Malwarebytes Anti-Malware\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - c:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11849 bytes








Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05.2019
Ran by Asanoth (administrator) on ASANOTH-PC (ASUSTeK Computer Inc. K52Jc) (10-05-2019 19:03:35)
Running from C:\Users\Asanoth\Desktop
Loaded Profiles: Asanoth (Available Profiles: Asanoth)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "E:\Internet\Firefox\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Avid Technology, Inc. -> M-Audio) C:\Program Files (x86)\M-Audio\Fast Track Pro\AudioDevMon.exe
(Daniel White -> Daniel White) E:\Utility\SunsetScreen\SunsetScreen.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ESET, spol. s r.o. -> ESET) E:\Bezpečnost\ESET Smart Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) E:\Bezpečnost\ESET Smart Security\ekrn.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel(R) Software Products -> Intel Corporation) E:\Technika\Creo 3.0\M020\Common Files\x86e_win64\cma\Bin\IntelMPI\smpd-intel-4.0.3.009-x64.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softland S.R.L. -> Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(SRS Labs, Inc -> SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Xiaomi Technology Inc -> ) C:\Users\Asanoth\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
(ZONER software, a.s. -> ZONER software) E:\Grafika\Photo Studio 15\Program32\ZPSTray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] (Conexant Systems, Inc. -> )
HKLM\...\Run: [ETDWare] => c:\Program Files\Elantech\ETDCtrl.exe [3738344 2015-10-08] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [ETDCtrl] => c:\Program Files\Elantech\ETDCtrl.exe [3738344 2015-10-08] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [egui] => E:\bezpečnost\ESET Smart Security\ecmdS.exe [177928 2019-04-17] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [Eraser] => E:\utility\Eraser\Eraser.exe [1067024 2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-3626143423-3778064361-277993632-1000\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-3626143423-3778064361-277993632-1000\...\Run: [MiPhoneManager] => C:\Users\Asanoth\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [157624 2016-03-11] (Xiaomi Technology Inc -> )
HKU\S-1-5-21-3626143423-3778064361-277993632-1000\...\Run: [SunsetScreen] => E:\Utility\SunsetScreen\SunsetScreen.exe [792112 2018-03-10] (Daniel White -> Daniel White)
HKU\S-1-5-21-3626143423-3778064361-277993632-1000\...\Run: [Zoner Photo Studio Autoupdate] => E:\Grafika\Photo Studio 15\Program32\ZPSTRAY.EXE [774680 2013-06-07] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-3626143423-3778064361-277993632-1000\...\MountPoints2: G - "G:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-3626143423-3778064361-277993632-1000\...\MountPoints2: {aedae160-de2f-11e6-a990-485b3962e84e} - "G:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\...\Drivers32: [VIDC.LWLR] => C:\Windows\SysWOW64\RGBACodec.dll [33928 2014-12-16] (EditShare EMEA (X-Edit Limited) -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\Windows\SysWOW64\advpack.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA CORPORATION -> NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA CORPORATION -> NVIDIA Corporation)
AppInit_DLLs-x32: acaptuser32.dll => C:\Windows\SysWOW64\acaptuser32.dll [61440 2006-01-12] (Adobe Systems, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2014-08-15]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (SRS Labs, Inc -> Acresso Software Inc.)
Startup: C:\Users\Asanoth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SunsetScreen.lnk [2018-10-12]
ShortcutTarget: SunsetScreen.lnk -> E:\Utility\SunsetScreen\SunsetScreen.exe (Daniel White -> Daniel White)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12FAB373-68DB-4F85-854D-CAC182D702DC} - System32\Tasks\Opera scheduled Autoupdate 1408039924 => E:\Internet\Opera\launcher.exe [1235032 2019-01-09] (Opera Software AS -> Opera Software)
Task: {278AA6BA-70D4-4BA5-9115-DF381E1B1DF7} - System32\Tasks\{77CC2F8F-50C3-4041-A59B-750DAE621CB5} => C:\Windows\system32\pcalua.exe -a C:\Users\Asanoth\Desktop\HijackThis.exe -d C:\Users\Asanoth\Desktop
Task: {3FD1216D-E507-4676-8575-4B3000C8A135} - System32\Tasks\{3037881D-6F32-4E92-947E-5C17A5F28006} => "e:\internet\firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/cs/ ... e=tsPlugin
Task: {42AA25B9-6AB2-41A5-A993-0C0BD5F13509} - System32\Tasks\{13FEE408-CAFA-4242-AE0E-DFDA8F052D5E} => C:\Windows\system32\pcalua.exe -a C:\Users\Asanoth\Desktop\189.07_ASUS_NB_win7_winvista_64bit_international.exe -d C:\Users\Asanoth\Desktop
Task: {55A2135A-D568-409E-AC8A-FEF55AA61D96} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1190424 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {73BC9D36-84E3-480E-BC68-EC1316648EAB} - System32\Tasks\{53EB08E4-7C6F-48D7-B110-3F38273C5AE3} => "e:\internet\firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/cs/ ... age=tsMain
Task: {7966CA2B-468E-4348-9B9A-586E2C816618} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [654336 2014-08-01] () [File not signed]
Task: {8C381ACE-ED1B-4648-AE2D-17F10F0E0D0B} - System32\Tasks\{8E20812B-49AA-4640-85C7-A3022DCC7806} => C:\Windows\system32\pcalua.exe -a "e:\hudba\Konvertory a recordery\DVD Audio Ripper SE\Uninstall.exe"
Task: {9359CDBA-27BA-42B3-AED7-8CEACFAA8FA6} - System32\Tasks\{81085124-390B-4AF1-AD15-2630A362BD97} => "e:\internet\firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/cs/ ... age=tsMain
Task: {98270369-FA9E-4ABC-A8B0-3F682BF9AAD3} - System32\Tasks\Alarm => D:\Hudba\Poslech\Rock\Bay city rollers\bay city rollers - bye bye baby.mp3 [2680372 2010-03-02] () [File not signed]
Task: {9E893788-43CC-4C43-B91D-DDB3EA17D639} - System32\Tasks\CCleanerSkipUAC => E:\utility\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd -> Piriform Ltd)
Task: {AA4AC4A5-B4B6-4EAC-9F8A-8995F7F36BFC} - System32\Tasks\{2182E364-8526-4BBC-B3D4-56D2B489F713} => "e:\internet\firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.0.103/cs/a ... =tsInstall
Task: {B1C152AE-2E69-4642-8C3C-06A402DDB422} - System32\Tasks\{53D0F806-50E3-469B-AA3D-4374DE7DD01C} => C:\Windows\system32\pcalua.exe -a C:\Users\Asanoth\Desktop\googleearthwin-peruser.exe -d C:\Users\Asanoth\Desktop
Task: {BC6E6A25-13AE-4649-8C41-4D39ADAC8E55} - System32\Tasks\{D6D2D79C-CD1C-4520-88AD-292C26001236} => "e:\internet\firefox\firefox.exe" hxxp://www.skype.com/go/downloading?sou ... rror=12002
Task: {C05C3DCC-4713-4E91-9394-407DC8E9C6E6} - System32\Tasks\AMHelper => e:\Bezpečnost\Zemana AntiMalware\AntiMalware.exe [638536 2019-04-11] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {CE389FA1-57D1-44A0-A6EE-50345E470D1C} - System32\Tasks\{5F8E6566-1426-4161-BF38-111FE7C38166} => "e:\internet\firefox\firefox.exe" hxxp://www.skype.com/go/downloading?sou ... rror=12007
Task: {CFE359AD-3922-423B-8CC2-127C255B4724} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUSTeK Computer Inc. -> ASUS)
Task: {D18FB9FF-4DAE-445A-83DD-BB81035FD9FE} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-28] (Adobe Inc. -> Adobe)
Task: {D891A347-A68D-4D25-95B1-5AD8F7C1671A} - System32\Tasks\{59B13393-1E9C-496B-A070-13D103906522} => "e:\internet\firefox\firefox.exe" hxxp://www.skype.com/go/downloading?sou ... rror=12029
Task: {DCC0BC3C-F1DA-4957-90B2-C3183BDC02ED} - System32\Tasks\{222234E9-4FAF-4B9F-ADEF-D4EA3EAC3609} => C:\Windows\system32\pcalua.exe -a "E:\Utility\DAEMON Tools Lite\InstallGadget.exe" -d C:\Windows\system32
Task: {ED62A4B4-9A2F-421A-AE6D-6FE8613FB607} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-28] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{03C48911-CF96-4942-B8E2-E8FE0736C466}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{A851281E-FBFC-4EA5-95FE-0F0618FE95B2}: [DhcpNameServer] 178.17.0.11 178.17.0.12

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3626143423-3778064361-277993632-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Kancelář\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Kancelář\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

FireFox:
========
FF ProfilePath: C:\Users\Asanoth\AppData\Roaming\OutWit\outwit-hub\Profiles\uept8xhq.dev-edition-default [2019-05-10]
FF Homepage: OutWit\outwit-hub\Profiles\uept8xhq.dev-edition-default -> about:home
FF NewTab: OutWit\outwit-hub\Profiles\uept8xhq.dev-edition-default -> about:newtab
FF Extension: (OutWit Kernel) - C:\Users\Asanoth\AppData\Roaming\OutWit\outwit-hub\Profiles\uept8xhq.dev-edition-default\Extensions\kernel@outwit.com [2016-05-14] [Legacy] [not signed]
FF ProfilePath: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default [2019-05-10]
FF NewTab: Mozilla\Firefox\Profiles\2c0livc8.default -> about:newtab
FF NetworkProxy: Mozilla\Firefox\Profiles\2c0livc8.default -> backup.ftp", "202.153.128.57 "
FF Session Restore: Mozilla\Firefox\Profiles\2c0livc8.default -> is enabled.
FF Extension: (Privacy Badger) - C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2019-05-02] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (No Name) - C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-05-02]
FF SearchPlugin: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\google-maps.xml [2015-01-21]
FF SearchPlugin: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\mapy-google.xml [2013-09-12]
FF SearchPlugin: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\mapycz.xml [2011-04-06]
FF SearchPlugin: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\obrzky-google.xml [2013-10-01]
FF SearchPlugin: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\peklada-google--1.xml [2014-06-10]
FF SearchPlugin: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\peklada-google-.xml [2014-02-10]
FF SearchPlugin: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\peklada-google.xml [2013-09-09]
FF SearchPlugin: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\slovnk-decz.xml [2010-09-09]
FF SearchPlugin: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\slovnk-encz.xml [2010-08-25]
FF SearchPlugin: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\slovnk-frcz.xml [2013-08-25]
FF SearchPlugin: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\vyhledvn-vide-ve-slub-youtube.xml [2010-08-23]
FF SearchPlugin: C:\Users\Asanoth\AppData\Roaming\Mozilla\Firefox\Profiles\2c0livc8.default\searchplugins\zbocz.xml [2010-08-25]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - E:\Bezpečnost\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-28] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-28] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> E:\KANCEL~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> E:\KANCEL~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @ptc.com/IsoView -> C:\Program Files (x86)\Common Files\PTC\npisoview.dll [2014-10-29] (PTC Inc. -> PTC Inc.)
FF Plugin-x32: @ptc.com/ProductViewLite -> C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll [2014-10-29] (PTC Inc. -> PTC)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] (Research In Motion -> )
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> E:\Hudba\Přehrávače\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> E:\Hudba\Přehrávače\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> E:\Hudba\Přehrávače\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3626143423-3778064361-277993632-1000: @Google.com/GoogleEarthPlugin -> C:\Users\Asanoth\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll [No File]
FF Plugin HKU\S-1-5-21-3626143423-3778064361-277993632-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Asanoth\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-02-07] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
StartMenuInternet: FIREFOX.EXE - E:\Internet\Firefox\firefox.exe

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - E:\Internet\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-08-16] (Adobe Systems) [File not signed]
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 ekrn; E:\bezpečnost\ESET Smart Security\ekrn.exe [2359312 2019-04-17] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; E:\bezpečnost\ESET Smart Security\ekrn.exe [2359312 2019-04-17] (ESET, spol. s r.o. -> ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-10-08] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 FastTrackProAudioDevMon; C:\Program Files (x86)\M-Audio\Fast Track Pro\AudioDevMon.exe [1688336 2013-05-23] (Avid Technology, Inc. -> M-Audio)
R2 impi_smpd; E:\Technika\Creo 3.0\M020\Common Files\x86e_win64\cma\Bin\IntelMPI\smpd-intel-4.0.3.009-x64.exe [1611168 2016-03-01] (Intel(R) Software Products -> Intel Corporation)
S3 MBAMService; E:\Bezpečnost\Malwarebytes Anti-Malware\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [204576 2014-08-01] (Softland S.R.L. -> Microsoft)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation -> NVIDIA Corporation)
R2 WinDefend; c:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2019-05-10] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2753536 2011-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-16] (Disc Soft Ltd -> Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [145600 2019-03-14] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107744 2019-03-14] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188240 2019-03-14] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50280 2019-03-14] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82472 2019-03-14] (ESET, spol. s r.o. -> ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61152 2019-03-14] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [110000 2019-03-14] (ESET, spol. s r.o. -> ESET)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12223936 2011-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [289280 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [184592 2013-05-23] (Avid Technology, Inc. -> M-Audio)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation -> NVIDIA Corporation)
S3 qcusbnet; C:\Windows\System32\DRIVERS\qcusbnet.sys [428600 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] (SONIX TECHNOLOGY CO. , LTD -> )
S3 Tosrfcom; no ImagePath
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation -> Oracle Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-10 19:03 - 2019-05-10 19:04 - 000027188 _____ C:\Users\Asanoth\Desktop\FRST.txt
2019-05-10 19:03 - 2019-05-10 19:03 - 000000000 ____D C:\FRST
2019-05-10 19:02 - 2019-05-10 19:02 - 000011851 _____ C:\Users\Asanoth\Desktop\hijackthis2.txt
2019-05-10 19:01 - 2019-05-10 19:01 - 002430976 _____ (Farbar) C:\Users\Asanoth\Desktop\FRST64.exe
2019-05-10 16:26 - 2019-05-10 16:26 - 000000000 ____D C:\zoek
2019-05-10 15:47 - 2019-05-10 15:48 - 000000000 ___SD C:\32788R22FWJFW
2019-05-10 15:41 - 2019-05-10 15:42 - 000000000 ____D C:\Qoobox
2019-05-10 15:41 - 2019-05-10 15:41 - 000000000 ____D C:\Windows\erdnt
2019-05-10 15:36 - 2019-05-10 19:03 - 000057808 _____ C:\Windows\ZAM.krnl.trace
2019-05-10 15:36 - 2019-05-10 15:36 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2019-05-10 15:36 - 2019-05-10 15:36 - 000003460 _____ C:\Windows\System32\Tasks\AMHelper
2019-05-10 15:36 - 2019-05-10 15:36 - 000000000 ____D C:\Users\Asanoth\AppData\Local\Zemana
2019-05-10 15:36 - 2019-05-10 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2019-05-10 15:35 - 2019-05-10 15:36 - 000000000 ____D C:\Users\Asanoth\AppData\Local\AMSDK
2019-05-10 14:15 - 2019-05-10 16:28 - 000003193 _____ C:\runcheck.txt
2019-05-10 14:15 - 2019-05-10 16:28 - 000000000 ____D C:\zoek_backup
2019-05-10 14:15 - 2019-05-10 14:15 - 000003116 _____ C:\Users\Asanoth\Desktop\roguekiller2.txt
2019-05-10 13:58 - 2019-05-10 15:40 - 000007263 _____ C:\Users\Asanoth\Desktop\návod.txt
2019-05-10 13:55 - 2019-05-10 13:56 - 011630280 _____ (Zemana Ltd. ) C:\Users\Asanoth\Desktop\AntiMalware_Setup.exe
2019-05-10 13:24 - 2019-05-10 17:18 - 000000000 ____D C:\Users\Asanoth\AppData\Local\CrashDumps
2019-05-07 20:15 - 2019-05-07 20:15 - 002038755 _____ C:\Users\Asanoth\Desktop\zoek.exe
2019-05-07 18:59 - 2019-05-07 18:59 - 000004726 _____ C:\Users\Asanoth\Desktop\roguekiller.txt
2019-05-07 18:44 - 2019-05-07 19:47 - 000000000 ____D C:\ProgramData\RogueKiller
2019-05-07 16:09 - 2019-05-07 16:09 - 000002315 _____ C:\Users\Asanoth\Desktop\JRT.txt
2019-05-07 16:04 - 2019-05-07 16:04 - 001790024 _____ (Malwarebytes) C:\Users\Asanoth\Desktop\JRT.exe
2019-05-07 16:03 - 2019-05-07 16:03 - 033953848 _____ C:\Users\Asanoth\Desktop\RogueKiller_portable64.exe
2019-05-06 21:46 - 2019-05-06 21:46 - 000068076 _____ C:\Users\Asanoth\Desktop\Game.of.Thrones.S08E04.WEB.H264-MEMENTO-HI.srt
2019-05-06 16:05 - 2019-05-06 16:58 - 573162168 _____ C:\Users\Asanoth\Desktop\game.of.thrones.s08e04.web.h264-memento[ettv].mkv
2019-05-04 09:39 - 2019-05-04 09:39 - 000000000 ____D C:\Users\Asanoth\AppData\Local\Adobe
2019-05-04 07:19 - 2019-05-07 16:06 - 000000000 ____D C:\AdwCleaner
2019-05-04 07:17 - 2019-05-04 07:17 - 000050688 _____ (Atribune.org) C:\Users\Asanoth\Desktop\ATF-Cleaner.exe
2019-05-03 21:59 - 2019-05-03 21:59 - 000000000 ____D C:\ProgramData\Sophos
2019-05-03 21:58 - 2019-05-03 21:58 - 000002717 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2019-05-03 21:58 - 2019-05-03 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-05-03 21:51 - 2019-05-03 21:51 - 007025360 _____ (Malwarebytes) C:\Users\Asanoth\Desktop\AdwCleaner.exe
2019-05-03 21:50 - 2019-05-03 21:50 - 000448512 _____ (OldTimer Tools) C:\Users\Asanoth\Desktop\TFC.exe
2019-05-03 21:48 - 2019-05-03 21:55 - 206758184 _____ (Sophos Limited) C:\Users\Asanoth\Desktop\Sophos Virus Removal Tool.exe
2019-05-02 23:11 - 2019-05-02 23:11 - 000003136 _____ C:\Windows\System32\Tasks\{77CC2F8F-50C3-4041-A59B-750DAE621CB5}
2019-05-02 21:24 - 2019-05-02 21:24 - 000388608 _____ (Trend Micro Inc.) C:\Users\Asanoth\Desktop\HijackThis.exe
2019-05-01 07:59 - 2019-05-01 08:37 - 000011923 _____ C:\Users\Asanoth\Desktop\prehled dov.xlsx
2019-04-29 21:57 - 2019-04-29 22:47 - 549458641 _____ C:\Users\Asanoth\Desktop\Game Of Thrones S08E03.mkv
2019-04-22 19:16 - 2019-04-22 19:45 - 312809595 _____ C:\Users\Asanoth\Desktop\Game Of Thrones S08E02.mkv
2019-04-17 15:50 - 2019-04-17 16:24 - 367458956 _____ C:\Users\Asanoth\Desktop\game.of.thrones.s08e01.repack.web.h264-memento.mkv
2019-04-15 20:34 - 2019-04-15 20:35 - 008614724 _____ C:\Users\Asanoth\Desktop\nd.psd
2019-04-14 07:55 - 2019-04-14 07:55 - 001587955 _____ C:\Users\Asanoth\Desktop\eTicket_3081362.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-10 19:03 - 2016-11-20 21:15 - 000000000 ____D C:\Users\Asanoth\AppData\LocalLow\Mozilla
2019-05-10 17:37 - 2014-08-15 20:09 - 000000000 ____D C:\Users\Asanoth\AppData\Roaming\vlc
2019-05-10 17:25 - 2009-07-14 06:45 - 000024240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-10 17:25 - 2009-07-14 06:45 - 000024240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-10 17:24 - 2009-07-14 17:18 - 000669116 _____ C:\Windows\system32\perfh005.dat
2019-05-10 17:24 - 2009-07-14 17:18 - 000141744 _____ C:\Windows\system32\perfc005.dat
2019-05-10 17:24 - 2009-07-14 07:13 - 001584554 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-10 17:24 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-05-10 17:18 - 2014-08-15 09:16 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-10 17:18 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-10 14:53 - 2014-08-14 14:09 - 000000000 ____D C:\Users\Asanoth
2019-05-07 19:47 - 2016-01-18 21:33 - 000034942 _____ C:\Users\Asanoth\Desktop\Cvic_deni.txt
2019-05-04 18:34 - 2016-09-04 09:33 - 000056189 _____ C:\Users\Asanoth\Desktop\Ekonomická bilance V.ods
2019-05-02 20:03 - 2019-03-30 18:59 - 000000000 ____D C:\Users\Asanoth\AppData\Local\ElevatedDiagnostics
2019-04-28 08:12 - 2018-03-27 16:28 - 000004536 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-28 08:12 - 2016-11-06 19:30 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-04-28 08:12 - 2014-08-14 20:15 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-04-28 08:12 - 2014-08-14 20:15 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-28 08:12 - 2014-08-14 20:15 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-28 08:11 - 2014-08-14 20:15 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-04-27 19:04 - 2018-07-19 19:43 - 000000940 _____ C:\Users\Asanoth\Desktop\Výlety.txt

==================== Files in the root of some directories =======

2014-07-10 08:16 - 2014-07-10 08:16 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-02-28 13:07 - 2019-03-31 21:18 - 000006144 _____ () C:\Users\Asanoth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-09 12:47 - 2016-01-09 12:47 - 000000711 _____ () C:\Users\Asanoth\AppData\Local\recently-used.xbel
2016-02-13 12:03 - 2016-02-13 12:03 - 000007631 _____ () C:\Users\Asanoth\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-03 22:28
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05.2019
Ran by Asanoth (10-05-2019 19:04:37)
Running from C:\Users\Asanoth\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-08-14 12:09:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3626143423-3778064361-277993632-500 - Administrator - Disabled)
Asanoth (S-1-5-21-3626143423-3778064361-277993632-1000 - Administrator - Enabled) => C:\Users\Asanoth
Guest (S-1-5-21-3626143423-3778064361-277993632-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3626143423-3778064361-277993632-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 3D - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 3D - V) (Version: 7.0.70 - Adobe Systems)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Premiere Pro 2.0 (HKLM-x32\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Aktualizace NVIDIA 15.3.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 15.3.33 - NVIDIA Corporation) Hidden
Application Mover (HKLM-x32\...\Application Mover (Shareware)_is1) (Version: 4.2 - Funduc Software Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.1.180604 - )
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
Bontia Studio 5.0 (HKLM-x32\...\{27A8CEC3-F518-40F0-BA50-EDB47150BF33}) (Version: 5.0.4267.0 - Bontia, a.s.)
Book-Maker (HKLM-x32\...\ArtD - Grafický atelier Černý_Book-Maker) (Version: - )
BookWright version 1.0.59 (HKLM-x32\...\{C17978EB-5A2C-40E3-B351-F03A27245BF9}_is1) (Version: 1.0.59 - Blurb, Inc.)
calibre 64bit (HKLM\...\{67283D6C-1305-4045-8CF6-33097EBBD3A5}) (Version: 3.32.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.63 - Conexant)
České (QWERTY) - En/Pt/Fr/De/Tr - Custom - Custom (HKLM\...\{48EB08A0-E477-4B3C-8FA6-361028A027AA}) (Version: 1.0.3.40 - Company)
České (QWERTY) - En/Pt/Fr/De/Tr - Custom (HKLM\...\{91E681EB-A57B-4E8F-BE36-489CEE3C481E}) (Version: 1.0.3.40 - Tadeáš Křehlík)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DC++ 0.843 (HKLM-x32\...\DC++) (Version: 0.843 - Jacek Sieka)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
doPDF (HKLM\...\{2FC5AA08-A4A7-4CA2-87CA-B591CDC29BFA}) (Version: 8.0.915 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{a54197ad-113d-41df-8f35-ad06151b4d42}) (Version: 8.0.915 - Softland)
EasyCleaner (HKLM-x32\...\{F5346614-B7C4-4E94-826A-E2363155233D}) (Version: 2.0.6.380 - ToniArts)
ELAN Touchpad 15.9.5.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.9.5.3 - ELAN Microelectronic Corp.)
EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.0.6348 - Thomson Reuters)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.0.2.7390 - Thomson Reuters)
Eraser 6.2.0.2982 (HKLM\...\{DFCF78CC-3DAD-4C1E-8BC6-94DC5B73461E}) (Version: 6.2.2982 - The Eraser Project)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 12.1.34.0 - ESET, spol. s r.o.)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Gephi 0.9.1 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version: - Gephi)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HP Deskjet 2050 J510 series Nápověda (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
Inkscape 0.91pre2 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LaTeX2RTF (HKLM-x32\...\latex2rtf) (Version: - )
LibreOffice 5.0.4.2 (HKLM-x32\...\{14B5DDCF-61C4-4F1E-A621-844685D60B5A}) (Version: 5.0.4.2 - The Document Foundation)
Light Alloy 4.8.8 (build 2038) (HKLM-x32\...\Light Alloy) (Version: 4.8.8 (build 2038) - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
mailFISH POP3/SMTP Proxy (HKLM-x32\...\mailFISH POP3/SMTP Proxy) (Version: 1.0.6.100 - serFISH.com)
Malwarebytes verze 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Maple 18 (HKLM\...\Maple 18) (Version: 18 - Maplesoft)
M-Audio Fast Track Pro 6.1.10 (x64) (HKLM\...\{44BCF4BB-2486-465D-8C03-50150201B4EA}) (Version: 6.1.10 - M-Audio)
Mi PC Suite (HKU\S-1-5-21-3626143423-3778064361-277993632-1000\...\MiPhoneManager) (Version: - Xiaomi Inc.)
Microsoft .NET Framework 4.7.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Office 2010 pro studenty a domácnosti (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 cs)) (Version: 31.0 - Mozilla)
Mozilla Firefox 63.0.1 (x64 cs) (HKU\S-1-5-21-3626143423-3778064361-277993632-1000\...\Mozilla Firefox 63.0.1 (x64 cs)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 cs)) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 60.6.1 (x86 cs) (HKU\S-1-5-21-3626143423-3778064361-277993632-1000\...\Mozilla Thunderbird 60.6.1 (x86 cs)) (Version: 60.6.1 - Mozilla)
MP3 Splitter & Joiner 3.60 (HKLM-x32\...\MP3 Splitter & Joiner_is1) (Version: - EZ SoftMagic, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
novaPDF 8 Printer Driver (HKLM\...\{5ED19569-C344-4C55-983F-AAF03CE33723}) (Version: 8.0.915 - Softland)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Octave 4.0.0 (HKLM-x32\...\Octave-4.0.0) (Version: 4.0.0 - GNU Octave)
Opera Stable 57.0.3098.116 (HKLM-x32\...\Opera 57.0.3098.116) (Version: 57.0.3098.116 - Opera Software)
Ovládací panel NVIDIA 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 340.52 - NVIDIA Corporation) Hidden
PatchCleaner (HKLM-x32\...\{727DA176-50BB-452C-8DB5-96EE0A573ED4}) (Version: 1.4.20 - HomeDev)
PDFTools Version 1.2 (09/28/2006) (HKLM-x32\...\PDFTools_is1) (Version: 1.0 - www.SheelApps.com - Sheel Khanna)
PTC Creo Direct Version 3.0 Datecode [M020] (HKLM-x32\...\PTC Creo Direct Version 3.0 Datecode [M020]) (Version: 3.0 - PTC)
PTC Creo Layout Version 3.0 Datecode [M020] (HKLM-x32\...\PTC Creo Layout Version 3.0 Datecode [M020]) (Version: 3.0 - PTC)
PTC Creo Parametric Version 3.0 Datecode [M020] (HKLM-x32\...\PTC Creo Parametric Version 3.0 Datecode [M020]) (Version: 3.0 - PTC)
PTC Creo Platform Agent 3.89 (HKLM-x32\...\{E6E271FC-788A-499D-AA23-3FAE03BF4FEC}) (Version: 3.89.0 - PTC)
PTC Creo Simulate Version 3.0 Datecode [M020] (HKLM-x32\...\PTC Creo Simulate Version 3.0 Datecode [M020]) (Version: 3.0 - PTC)
PTC Creo Thumbnail Viewer 3.0 (HKLM\...\{9C980BDC-74F9-4EA6-A2AE-75B36876AF9B}) (Version: 31.14.440 - PTC)
PTC Creo View Express 3.0 (HKLM\...\{8D3C0B3F-0830-413A-BF5C-24BCDCF58547}) (Version: 10.2.30.26 - PTC)
PTC Quality Agent (HKLM\...\{7CAE5F6E-07DA-49B7-A5AE-3EBD062C6303}) (Version: 3.0.0.0 - PTC)
qBittorrent 4.1.3 (HKLM-x32\...\qBittorrent) (Version: 4.1.3 - The qBittorrent project)
QtiPlot 0.9.7.10 (HKLM-x32\...\QtiPlot_is1) (Version: - Ion Vasilief)
Rajče Downloader verze 1.0.0.0 (HKLM-x32\...\{3AA7960E-DEAE-4D21-93BE-7B0E8EE4D0FA}_is1) (Version: 1.0.0.0 - Ladislav Havlát)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype verze 8.42 (HKLM-x32\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Suite Specific (HKLM-x32\...\{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}) (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SunsetScreen (HKLM\...\{155DF28A-39B0-4447-BA5F-4347AC6A3197}) (Version: - Skytopia)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAL-Chorus-LX (64bit) (HKLM\...\{387F3AC2-DC2C-4768-8DA1-DB3E73A130F3}) (Version: 1.0.0 - TAL - Togu Audio Line)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
Tone Stack Calculator version 1.3 (HKLM-x32\...\{D1385B9C-DD6D-43FE-B07C-28A80B23422F}_is1) (Version: 1.3 - Duncan Amplification)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Základní software zařízení HP Deskjet 2050 J510 series (HKLM\...\{F61FD928-A74D-4AF9-9667-BE2BB6F2C386}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Základní software zařízení HP Deskjet 2510 series (HKLM\...\{DAF82EFF-285E-46C1-87C9-E846AF5D0F8F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Zemana AntiMalware verze 3.1.66 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.1.66 - Zemana)
Zoom (HKU\S-1-5-21-3626143423-3778064361-277993632-1000\...\ZoomUMX) (Version: 4.3 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => E:\Kancelář\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [2006-01-12] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\utility\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => E:\bezpečnost\ESET Smart Security\shellExt.dll [2019-04-17] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Program managery\WinRar\rarext.dll [2014-06-10] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Program managery\WinRar\rarext32.dll [2014-06-10] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\utility\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => E:\bezpečnost\ESET Smart Security\shellExt.dll [2019-04-17] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Bezpečnost\Malwarebytes Anti-Malware\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\utility\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\utility\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-07-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\utility\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => E:\bezpečnost\ESET Smart Security\shellExt.dll [2019-04-17] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Bezpečnost\Malwarebytes Anti-Malware\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Program managery\WinRar\rarext.dll [2014-06-10] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Program managery\WinRar\rarext32.dll [2014-06-10] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-06-22 10:18 - 2016-06-22 10:18 - 000130933 _____ () [File not signed] C:\Windows\TEMP\ea61bc6a-15ba-440c-8065-d70e53d325ff\AgileDotNetRT64.dll
2016-06-22 10:18 - 2016-06-22 10:18 - 000130933 _____ () [File not signed] C:\Windows\TEMP\fe783e8b-f0bc-4703-9683-464fedcba743\AgileDotNetRT64.dll
2014-09-18 17:19 - 2014-09-18 17:19 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2014-08-15 09:16 - 2014-07-02 20:55 - 000067072 _____ (NVIDIA Corporation) [File not signed] C:\Windows\system32\Nv3DAppShExtR.dll
2014-08-01 11:34 - 2014-08-01 11:34 - 000018944 _____ (Softland) [File not signed] C:\Windows\System32\novamn8.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-05-10 15:52 - 000000841 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;S:\Technika\MiKTeX 2.9\miktex\bin\x64\;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files (x86)\Windows Live\Shared;e:\technika\MiKTeX 2.9\miktex\bin\x64\;E:\Utility\Calibre2\
HKU\S-1-5-21-3626143423-3778064361-277993632-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Asanoth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Asanoth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk => C:\Windows\pss\Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 7.0 => "E:\Kancelář\Acrobat 7.0\Distillr\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: CCleaner Monitoring => "E:\utility\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\Utility\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EaseUS EPM tray => E:\Utility\EaseUS Partition Master 10.1\bin\EpmNews.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Zoner Photo Studio Autoupdate => E:\Grafika\Photo Studio 15\Program32\ZPSTRAY.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9CC5FC57-DB29-437D-A248-4CAB50795B29}] => (Allow) S:\Komunikace\BlackBerry Desktop\Rim.Desktop.exe No File
FirewallRules: [{C9A33F4B-EA8B-4906-9A20-45635BDA419E}] => (Allow) S:\Komunikace\BlackBerry Desktop\Rim.Desktop.exe No File
FirewallRules: [{35842F47-FE32-49D4-A968-75C5AE1D56E5}] => (Allow) LPort=4481
FirewallRules: [{16154AE0-CF34-48D2-B2F1-1C046B7774FE}] => (Allow) LPort=4481
FirewallRules: [{337729EA-3203-4533-96BA-83F735F62F57}] => (Allow) LPort=4482
FirewallRules: [{C29687AC-787A-49AA-A814-224B59E619B7}] => (Allow) LPort=4482
FirewallRules: [{4D928186-8A44-4BCD-861D-7227DE785F41}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7155001F-7ADD-423E-8490-362A9CB9ECB3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CBBD0F70-E1C7-4419-BA5C-3CEA9D41840F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B33DCC70-EBC2-4D6F-9095-4BCD0F9361A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{73616201-9AEB-4F47-9AE5-F82AFBA9E27E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A78491D7-61F7-4920-851F-7B0336BB51CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B6D8C671-9D2B-47A6-8DBF-6E0DCCA8D073}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{45153E03-BA5C-4497-8B8F-C712693EB6E3}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{32BB83AB-6AC9-4102-B6AE-DCB98A40DB52}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4B0937D0-76B6-4565-B2E2-754D75423F2F}] => (Allow) LPort=2869
FirewallRules: [{FD07FF7C-5F49-4356-B1D9-19010BE2ADC9}] => (Allow) LPort=1900
FirewallRules: [{1CE74DA8-EAAE-4514-AF62-742593B624B9}] => (Allow) E:\Video\Lightworks\Lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{A0CA08C6-454E-4DD2-B5F9-2D0ED1CC59B7}] => (Allow) E:\Video\Lightworks\Lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{6951919D-BA01-40D7-AB23-4D2F40D28078}] => (Allow) E:\Video\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [{822384D5-07D0-451B-AAA5-37C2F7EB37D0}] => (Allow) E:\Video\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [{605025EB-3DC9-4E13-A76F-B609C74C227D}] => (Allow) E:\Komunikace\BlackBerry Desktop\Rim.Desktop.exe (Research In Motion -> Research In Motion)
FirewallRules: [{1C8A5D96-BC70-481C-908F-7E09D2AEBE3E}] => (Allow) E:\Komunikace\BlackBerry Desktop\Rim.Desktop.exe (Research In Motion -> Research In Motion)
FirewallRules: [{60AD1E2A-E962-40FB-BB6D-56C7E9BA6370}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe No File
FirewallRules: [{BB3F728B-C764-4DDC-AA0D-E967632C0154}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe No File
FirewallRules: [{50D5DFA0-779C-4FDF-B7C3-18ABC18F8DC3}] => (Allow) E:\Kancelář\Microsoft Office\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B6393993-BAFF-4056-98D9-5A2EB84A9916}] => (Allow) E:\Kancelář\Microsoft Office\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{70D77033-984F-4A4B-82E6-36BA9A841EC2}] => (Allow) C:\Program Files\PTC\Creo 3.0\View Express\i486_nt\obj\productview.exe No File
FirewallRules: [{EADACE77-94B3-426F-925C-7D3C9892539E}] => (Allow) C:\Users\Asanoth\AppData\Local\MiPhoneManager\main\MiPCSuite.exe (Xiaomi Technology Inc -> Xiaomi.Inc)
FirewallRules: [{2802F2A8-73EF-4B51-99A6-9C3BBDF8ED21}] => (Allow) E:\P2P\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{B3312ACF-BB40-4634-BBC3-837CE7354BF4}] => (Allow) E:\P2P\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{3F4B8B89-2501-411A-9659-B4FF1E88ABDF}] => (Allow) E:\Internet\Opera\56.0.3051.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{C755EE5D-994E-490D-996F-C2BCA1096206}] => (Allow) E:\Internet\Opera\57.0.3098.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{1726E702-3771-47E8-AB95-10DC5376542B}] => (Allow) C:\Users\Asanoth\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8CC56932-9D25-4CC4-B45A-B8D530502EC6}] => (Allow) C:\Users\Asanoth\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{FF3B9CD0-B314-436C-A279-C41FE2EF49A1}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4646E803-231B-43A7-9313-161D5C4409C0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

10-05-2019 13:56:26 pred_combofix
10-05-2019 14:16:49 zoek.exe restore point

==================== Faulty Device Manager Devices =============

Name: Periferní zařízení Bluetooth
Description: Periferní zařízení Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Periferní zařízení Bluetooth
Description: Periferní zařízení Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Zařízení Bluetooth (síť PAN)
Description: Zařízení Bluetooth (síť PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Periferní zařízení Bluetooth
Description: Periferní zařízení Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Periferní zařízení Bluetooth
Description: Periferní zařízení Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Periferní zařízení Bluetooth
Description: Periferní zařízení Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Periferní zařízení Bluetooth
Description: Periferní zařízení Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2019 05:18:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0x990
Čas spuštění chybující aplikace: 0x01d507439ac95a12
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ElanTPCfg64.exe
Cesta k chybujícímu modulu: c:\Program Files\Elantech\ETDApi.dll
ID zprávy: d995eb73-7336-11e9-9687-485b3962e84e

Error: (05/10/2019 03:49:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0x10ec
Čas spuštění chybující aplikace: 0x01d507372e306092
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ElanTPCfg64.exe
Cesta k chybujícímu modulu: c:\Program Files\Elantech\ETDApi.dll
ID zprávy: 6c6bbe02-732a-11e9-98ec-485b3962e84e

Error: (05/10/2019 03:32:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0x1024
Čas spuštění chybující aplikace: 0x01d50734d714ae43
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ElanTPCfg64.exe
Cesta k chybujícímu modulu: c:\Program Files\Elantech\ETDApi.dll
ID zprávy: 159c37bd-7328-11e9-be5a-485b3962e84e

Error: (05/10/2019 01:24:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0x588
Čas spuštění chybující aplikace: 0x01d50722de91f30a
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ElanTPCfg64.exe
Cesta k chybujícímu modulu: c:\Program Files\Elantech\ETDApi.dll
ID zprávy: 1cbca6d9-7316-11e9-8fe5-485b3962e84e

Error: (05/07/2019 04:06:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0xf88
Čas spuštění chybující aplikace: 0x01d504de2267f14f
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ElanTPCfg64.exe
Cesta k chybujícímu modulu: c:\Program Files\Elantech\ETDApi.dll
ID zprávy: 60467915-70d1-11e9-a18f-485b3962e84e

Error: (05/07/2019 03:48:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0xfe8
Čas spuštění chybující aplikace: 0x01d504db96b65eb3
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ElanTPCfg64.exe
Cesta k chybujícímu modulu: c:\Program Files\Elantech\ETDApi.dll
ID zprávy: d55cda10-70ce-11e9-84b4-485b3962e84e

Error: (05/06/2019 08:49:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0xf6c
Čas spuštění chybující aplikace: 0x01d5043c80ab0345
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ElanTPCfg64.exe
Cesta k chybujícímu modulu: c:\Program Files\Elantech\ETDApi.dll
ID zprávy: bf47f921-702f-11e9-b413-485b3962e84e

Error: (05/06/2019 04:00:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0xba8
Čas spuštění chybující aplikace: 0x01d504141393ab3c
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ElanTPCfg64.exe
Cesta k chybujícímu modulu: c:\Program Files\Elantech\ETDApi.dll
ID zprávy: 51879f65-7007-11e9-b6b5-485b3962e84e


System errors:
=============
Error: (05/10/2019 05:18:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
VBoxNetAdp

Error: (05/10/2019 04:28:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (05/10/2019 04:28:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (05/10/2019 04:28:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (05/10/2019 04:28:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (05/10/2019 04:28:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (05/10/2019 03:48:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
VBoxNetAdp

Error: (05/10/2019 03:32:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
VBoxNetAdp


CodeIntegrity:
===================================

Date: 2017-12-10 10:52:25.521
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\updfiles\base_nonnups\nod7815.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2017-12-10 10:52:25.111
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\updfiles\base_nonnups\nod7815.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2017-12-10 10:52:24.831
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\updfiles\base_nonnups\nod7815.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2017-12-10 10:52:23.126
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\updfiles\base_nonnups\nod48A5.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2017-12-10 10:52:22.716
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\updfiles\base_nonnups\nod48A5.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2017-12-10 10:52:22.466
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\updfiles\base_nonnups\nod48A5.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2017-12-10 10:52:20.681
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\updfiles\base_nonnups\nod2308.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2017-12-10 10:52:20.221
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\updfiles\base_nonnups\nod2308.dll.nup.raw because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: American Megatrends Inc. K52Jc.205 03/16/2010
Motherboard: ASUSTeK Computer Inc. K52Jc
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 76%
Total physical RAM: 3884.48 MB
Available physical RAM: 924.28 MB
Total Virtual: 7767.11 MB
Available Virtual: 4452.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:47.26 GB) (Free:5.69 GB) NTFS
Drive d: (DATA) (Fixed) (Total:1862.89 GB) (Free:1129.81 GB) NTFS
Drive e: (Software) (Fixed) (Total:191.11 GB) (Free:113.49 GB) NTFS

\\?\Volume{c82a47bc-23aa-11e4-b370-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: CC8C739D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=47.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=191.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Drive c: () (Fixed) (Total:47.26 GB) (Free:5.69 GB) NTFS
Totální nedostatek volného místa na disku!! Něco odinstaluj , smaž. Máš mít nejméně 15-20% volného místa na syst. disku , pro zajištění bezproblémového chodu windows!!

Ten disk je malý , proto musíš přesouvat dokonce i antivir na druhý...
Udělal bych si bitobou kopii disku a pak na jiný větší překopíroval . Jinak bude stále nedostatek místa , to jsou ty problémy , které popisuješ na začátku tématu.. Nemají se kam dávat dočasné soubory , ovladače , aktualizace , protože to volné místo není dostatečné.

To není, že bych tam antivir mít musel, windows mám na jednou oddílu a vešekerý SW včetně Esetu na druhém. Měl jsem něco nastahováno na ploše, teď mám 8 GB. Mj., ta procenta mě vždycky mátla, potřebuje vážně systém na desetkrát větším disku desetkrát tolik místa? :)
Spíš by se mi hodilo vzít kousek, 10-20G, toho druhého oddílu a ten přesunout pod C:. Ale nerad bych přitom o něco přišel, tak jsem to zatím nepokoušel.
Než jsem koupil ten dvouterový disk, míval jsem pravidelně kolem 1GB volného místa, a nastavení účtu v mailu se mi v životě nesmazalo.



Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05.2019
Ran by Asanoth (10-05-2019 23:00:54) Run:1
Running from C:\Users\Asanoth\Desktop
Loaded Profiles: Asanoth (Available Profiles: Asanoth)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3626143423-3778064361-277993632-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
C:\Windows\System32\Tasks\{77CC2F8F-50C3-4041-A59B-750DAE621CB5}
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = => Error: No automatic fix found for this entry.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = => Error: No automatic fix found for this entry.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local => Error: No automatic fix found for this entry.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = => Error: No automatic fix found for this entry.
O1 - Hosts: ::1 localhost => Error: No automatic fix found for this entry.
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') => Error: No automatic fix found for this entry.
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-3626143423-3778064361-277993632-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => removed successfully
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => not found
HKLM\System\CurrentControlSet\Services\AppMgmt => removed successfully
AppMgmt => service removed successfully
C:\Windows\System32\Tasks\{77CC2F8F-50C3-4041-A59B-750DAE621CB5} => moved successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 64546641 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 450597 B
Edge => 0 B
Chrome => 0 B
Firefox => 34270968 B
Opera => 418525575 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 33058 B
LocalService => 0 B
NetworkService => 196294 B
Asanoth => 140498966 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 628 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:01:20 ====