Prosím o kontrolu logu - janpi

Příspěvekod **Orcus** » 04 pro 2015 22:35

jaro3 píše:Malwarebytes log je kde??

Reklama

janpi · Příspěvekod **janpi** » 05 pro 2015 19:03

Omlouvám se, už se v tom ztrácím.

Po posledním čištění AMalw zatím nevyskakují malá překryvná okna s reklamami (ty bývaly nejméně čtyři), s novým oknem se ale občas otevírají nežádoucí celoplošné stránky, např:

Kód: Vybrat vše

http://www.bet365.com/home/FlashGen4/WebConsoleApp.asp?affiliate=365_377798&cb=10326525614.

Myslím, že první potíže vznikly při návštěvě této a navazujících stránek:

Kód: Vybrat vše

https://www.google.cz/url?sa=t&rct=j&q=&esrc=s&source=web&cd=9&cad=rja&uact=8&ved=0ahUKEwjWjYTYn8XJAhUBVhQKHbfGDf0QFgg6MAg&url=http%3A%2F%2Fwww.itnetwork.cz%2Fmysql&usg=AFQjCNHnh6uj77DKKxQ8iFhS-HXKhmMpsQ&bvm=bv.108538919,d.ZWU

Trochu lepší to je. Děkuji za pomoc. Budeme ještě pokračovat?

Zde je výsledek Antimalware:
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 5. 12. 2015
Čas skenování: 18:09
Protokol: AniMalware.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.12.05.03
Databáze rootkitů: v2015.11.26.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: JHL

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 366651
Uplynulý čas: 16 min, 49 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 1
PUP.Optional.CrossRider, HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\WINDOWS_IE_AC_001\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [3740bee37b10c47225d4efaef50dc937],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 4
PUP.Optional.BestPriceNinja, C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, , [89eeabf6414a1d1912b302f724dfd32d],
PUP.Optional.BestPriceNinja, C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, , [2750138e7615fd3961644baee221669a],
PUP.Optional.BestPriceNinja, C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, , [c4b398096a2180b6a322a950e51e31cf],
PUP.Optional.BestPriceNinja, C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, , [ea8ddcc5aae13ff74382ab4e44bf15eb],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Příspěvekod **jerabina** » 05 pro 2015 22:31

Jasný, pokračujeme. Když už, tak pořádně a úplně ne? Aby to bylo dobré, né lepší ... :-)

Spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

janpi · Příspěvekod **janpi** » 06 pro 2015 11:08

6. prosince 1. krok MbAM
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 6. 12. 2015
Čas skenování: 10:43
Protokol: MbAM1206.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.12.06.02
Databáze rootkitů: v2015.11.26.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: JHL

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 366476
Uplynulý čas: 16 min, 42 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 4
PUP.Optional.BestPriceNinja, C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, , [5783b9e8642745f1da82699116ed15eb],
PUP.Optional.BestPriceNinja, C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, , [c3175b468506bb7bd38918e263a056aa],
PUP.Optional.BestPriceNinja, C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, , [1cbe50519fec88aef8645e9c37cc39c7],
PUP.Optional.BestPriceNinja, C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, , [ca101e83503b59dd322a728827dc2ed2],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

janpi · Příspěvekod **janpi** » 06 pro 2015 11:51

6. prosince 2. krok Zoek:

Zoek.exe v5.0.0.1 Updated 05-December-2015
Tool run by JHL on ne 06. 12. 2015 at 11:09:01,32.
Microsoft Windows 10 Home 10.0.10240 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\JHL\Desktop\Ochrana\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

6. 12. 2015 11:11:25 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\ca373d01-2b6e-4153-b669-af6ed8d41ee2 deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\JHL\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\JHL\AppData\Local\EmieSiteList deleted successfully
C:\Users\JHL\AppData\Local\EmieUserList deleted successfully
C:\Users\JHL\AppData\Local\LSC deleted successfully
C:\Users\JHL\AppData\Local\MediaStory deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3280825375-4193700147-3120515293-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\oldsearch deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\oldsearch deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\JHL\AppData\Roaming\Mozilla\Firefox\Profiles\nx0xzn0u.default-1439135992986\prefs.js:
user_pref("browser.search.defaultengine", "Seznam");
user_pref("browser.search.selectedEngine", "Default");
user_pref("browser.search.order.1", "Seznam");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\JHL\AppData\Roaming\Mozilla\Firefox\Profiles\nx0xzn0u.default-1439135992986\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\JHL\AppData\Roaming\Thunderbird\Profiles\8tt16y79.default\prefs.js:

Added to C:\Users\JHL\AppData\Roaming\Thunderbird\Profiles\8tt16y79.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\ca373d01-2b6e-4153-b669-af6ed8d41ee2 not found
C:\Users\Public\Pokki deleted
C:\PROGRA~3\SMRResults501.dat deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\JHL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\Users\JHL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk deleted
C:\Users\JHL\AppData\Roaming\Mozilla\Firefox\Profiles\nx0xzn0u.default-1439135992986\searchplugins\seznam-avast.xml deleted
C:\Users\JHL\postgresql_94.exe deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\JHL\AppData\Roaming\Mozilla\Firefox\Profiles\nx0xzn0u.default-1439135992986
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\JHL\AppData\Roaming\Thunderbird\Profiles\8tt16y79.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\JHL\AppData\Roaming\Thunderbird\Profiles\8tt16y79.default
- esk slovnk pro kontrolu pravopisu - %ProfilePath%\extensions\cs@dictionaries.addons.mozilla.org
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\JHL\AppData\Roaming\Mozilla\Firefox\Profiles\nx0xzn0u.default-1439135992986
F114FBA6246530B89DD1E04351E0EAC5 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll - Shockwave Flash

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

aleggpabliehgbeagmfhnodcijcmbonb - JHL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb

==== Chromium Fix ======================

C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage deleted successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal deleted successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage deleted successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage-journal deleted successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage deleted successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{43767163-A381-495A-B3B7-2983079CDF65}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{43767163-A381-495A-B3B7-2983079CDF65} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Web Data.tmp was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JHL\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\JHL\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\JHL\AppData\Local\Mozilla\Firefox\Profiles\nx0xzn0u.default-1439135992986\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\JHL\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5733 folders=142 331157556 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\JHL\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ne 06. 12. 2015 at 11:49:24,60 ======================

janpi · Příspěvekod **janpi** » 06 pro 2015 15:01

6. prosince 3. krok FRST první log . Tuto odpověď dělám podruhé, ta první asi neodešla, byla moc dlouhá.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by JHL (administrator) on LENOVO-PC (06-12-2015 11:58:07)
Running from C:\Users\JHL\Downloads
Loaded Profiles: JHL (Available Profiles: JHL)
Platform: Windows 10 Home (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\pg_ctl.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Pokki) C:\Users\JHL\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Ashampoo Development GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Users\JHL\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\JHL\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Pokki) C:\Users\JHL\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Pokki) C:\Users\JHL\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\JHL\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516784 2015-01-12] (Ashampoo Development GmbH & Co. KG)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\Run: [Dropbox Update] => C:\Users\JHL\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-01] (Dropbox, Inc.)
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\JHL\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\JHL\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\MountPoints2: {b7087ab9-e3b3-11e3-8258-806e6f6e6963} - "D:\ppk.exe"
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-11-07]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-03-09]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\JHL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\JHL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{aa61f94b-bf40-446e-8167-52f863cbccd4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKLM -> DefaultScope {43767163-A381-495A-B3B7-2983079CDF65} URL =
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL =
SearchScopes: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-07] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-07] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
IE Session Restore: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001 -> is enabled.
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\JHL\AppData\Roaming\Mozilla\Firefox\Profiles\nx0xzn0u.default-1439135992986
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-07] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\JHL\AppData\Roaming\Mozilla\Firefox\Profiles\nx0xzn0u.default-1439135992986\extensions\s3google@translator.xpi [not found]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-11-20] <==== ATTENTION (Points to *.cfg file)

Chrome:
=======
CHR Profile: C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-06]
CHR Extension: (Dokumenty Google) - C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-06]
CHR Extension: (Disk Google) - C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-06]
CHR Extension: (YouTube) - C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-06]
CHR Extension: (Vyhledávání Google) - C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-06]
CHR Extension: (Tabulky Google) - C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-06]
CHR Extension: (Gmail) - C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-06]

Opera:
=======
OPR Extension: (aleggpabliehgbeagmfhnodcijcmbonb) - C:\Users\JHL\AppData\Roaming\Opera Software\Opera Stable\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2015-11-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1871784 2015-08-25] (Maxthon)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 postgresql-x64-9.4; C:\Program Files\PostgreSQL\9.4\bin\pg_ctl.exe [92160 2015-07-13] (PostgreSQL Global Development Group) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223600 2015-01-12] ()
S2 HPSLPSVC; C:\Users\JHL\AppData\Local\Temp\7zS14A1\hpslpsvc64.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [103656 2013-10-21] (GenesysLogic)
R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 cpuz134; \??\C:\Users\JHL\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 DfSdkS; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-06 11:58 - 2015-12-06 11:58 - 00020946 _____ C:\Users\JHL\Downloads\FRST.txt
2015-12-06 11:56 - 2015-12-06 11:58 - 00000000 ____D C:\FRST
2015-12-06 11:55 - 2015-12-06 11:56 - 02369024 _____ (Farbar) C:\Users\JHL\Downloads\FRST64.exe
2015-12-06 11:50 - 2015-12-06 11:50 - 00002514 _____ C:\Users\JHL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-12-06 11:49 - 2015-12-06 11:49 - 00016148 _____ C:\WINDOWS\system32\LENOVO-PC_JHL_HistoryPrediction.bin
2015-12-06 11:38 - 2015-12-06 11:08 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-12-06 11:08 - 2015-12-06 11:35 - 00000000 ____D C:\zoek_backup
2015-12-06 10:34 - 2015-12-06 10:34 - 01309184 _____ C:\Users\JHL\Downloads\zoek.exe
2015-12-04 18:18 - 2015-12-06 11:43 - 00000000 ____D C:\Users\JHL\AppData\Local\CrashDumps
2015-12-04 17:58 - 2015-12-04 18:01 - 00036608 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-12-04 17:58 - 2015-12-04 18:00 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-04 17:57 - 2015-12-04 17:57 - 25023048 _____ C:\Users\JHL\Downloads\RogueKillerX64 (1).exe
2015-12-04 17:51 - 2015-12-04 17:51 - 00002360 _____ C:\Users\JHL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2015-12-04 17:49 - 2015-12-04 17:49 - 00001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-04 17:49 - 2015-12-04 17:49 - 00001232 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-04 17:35 - 2015-12-04 17:35 - 00243880 _____ C:\Users\JHL\Downloads\Firefox Setup Stub 42.0.exe
2015-12-04 17:18 - 2015-12-04 17:18 - 00001649 _____ C:\Users\JHL\Desktop\JRT.txt
2015-12-04 17:03 - 2015-12-04 17:03 - 01599336 _____ (Malwarebytes) C:\Users\JHL\Downloads\JRT (1).exe
2015-12-04 15:48 - 2015-12-04 16:29 - 00000000 ____D C:\Users\JHL\AppData\Local\NPE
2015-12-04 15:48 - 2015-12-04 15:49 - 00000000 ____D C:\ProgramData\Norton
2015-12-04 11:05 - 2015-12-04 16:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-12-04 11:05 - 2015-12-04 11:05 - 00000000 ___HD C:\Lenovo
2015-12-04 09:18 - 2015-12-04 09:18 - 00003182 _____ C:\WINDOWS\System32\Tasks\{5CB662C4-D4F8-48AC-A564-AE818F4E7588}
2015-12-03 17:56 - 2015-12-04 16:27 - 00000000 ____D C:\AdwCleaner
2015-12-03 17:55 - 2015-12-03 17:56 - 01736704 _____ C:\Users\JHL\Downloads\adwcleaner_5.023.exe
2015-12-02 17:09 - 2015-12-02 17:09 - 01031608 _____ (CyberLink) C:\Users\JHL\Downloads\CyberLink_Power2Go_Downloader.exe
2015-12-02 15:25 - 2015-12-06 10:35 - 00000000 ____D C:\Users\JHL\Desktop\Ochrana
2015-12-02 14:07 - 2015-12-02 14:08 - 3156148224 _____ C:\Windows.iso
2015-12-02 13:46 - 2015-12-02 13:46 - 18446336 _____ (Microsoft Corporation) C:\Users\JHL\Downloads\MediaCreationTool.exe
2015-12-02 13:46 - 2015-12-02 13:46 - 00000000 ___HD C:\$Windows.~WS
2015-12-02 13:32 - 2015-12-02 17:31 - 00000000 ___HD C:\$SysReset
2015-11-25 13:11 - 2015-11-25 13:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\JHL\Downloads\HijackThis(2).exe
2015-11-24 11:24 - 2015-11-24 11:24 - 00003475 _____ C:\Users\JHL\Desktop\Sken dokumentu nebo fotografie – zástupce.lnk
2015-11-24 11:12 - 2015-11-24 11:12 - 00002009 _____ C:\Users\JHL\AppData\Local\recently-used.xbel
2015-11-21 17:59 - 2015-11-21 17:59 - 00000000 ____D C:\Users\JHL\Downloads\doublekiller
2015-11-21 17:58 - 2015-11-21 17:58 - 00400720 _____ C:\Users\JHL\Downloads\doublekiller.zip
2015-11-21 17:06 - 2015-11-21 17:08 - 00000000 ____D C:\Users\JHL\AppData\Roaming\Geek Uninstaller
2015-11-21 17:06 - 2015-11-21 17:06 - 00000861 _____ C:\Users\JHL\Desktop\rejstrik – zástupce.lnk
2015-11-21 14:56 - 2015-11-21 14:58 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-21 13:29 - 2015-11-21 13:29 - 00000000 ____D C:\Users\JHL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-11-15 18:11 - 2015-11-15 18:12 - 105636995 _____ (Realtek Semiconductor Corp.) C:\Users\JHL\Downloads\0006-32bit_Win7_Win8_Win81_Win10_R279(1).exe
2015-11-15 18:04 - 2015-11-15 18:06 - 105636995 _____ (Realtek Semiconductor Corp.) C:\Users\JHL\Downloads\0006-32bit_Win7_Win8_Win81_Win10_R279.exe
2015-11-15 17:54 - 2015-11-20 14:54 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-11-15 17:53 - 2015-11-19 13:51 - 00003942 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1447606382
2015-11-15 17:53 - 2015-11-19 13:51 - 00001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-11-15 17:53 - 2015-11-15 17:53 - 00001220 _____ C:\Users\Public\Desktop\Opera.lnk
2015-11-15 17:53 - 2015-11-15 17:53 - 00000000 ____D C:\Users\JHL\AppData\Roaming\Opera Software
2015-11-15 17:53 - 2015-11-15 17:53 - 00000000 ____D C:\Users\JHL\AppData\Local\Opera Software
2015-11-15 17:51 - 2015-12-06 11:54 - 00000000 ____D C:\Users\JHL\AppData\Roaming\Seznam.cz
2015-11-15 17:51 - 2015-12-05 18:34 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-15 17:51 - 2015-11-15 17:51 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-11-15 15:54 - 2015-11-28 15:38 - 00000959 _____ C:\Users\JHL\Desktop\Dotace2015 – zástupce.lnk
2015-11-15 15:51 - 2015-11-15 15:51 - 00000000 ____D C:\Users\JHL\AppData\Local\CEF
2015-11-15 15:38 - 2015-11-25 15:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-15 15:38 - 2015-11-15 15:38 - 00002136 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-15 14:58 - 2015-12-06 10:43 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-15 14:58 - 2015-11-15 14:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-15 14:58 - 2015-11-15 14:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-15 14:58 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-15 14:58 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-15 14:58 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-15 14:56 - 2015-11-15 14:56 - 22908888 _____ (Malwarebytes ) C:\Users\JHL\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-15 14:43 - 2015-11-15 14:43 - 13155552 _____ (Microsoft Corporation) C:\Users\JHL\Downloads\Silverlight_x64.exe
2015-11-13 16:55 - 2015-11-13 16:55 - 00000000 ____D C:\Users\JHL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-11 17:34 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 17:34 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 17:34 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 17:34 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 17:34 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 17:34 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 17:34 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 17:34 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 17:34 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 17:34 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 17:34 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 17:34 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 17:34 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 17:34 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 17:34 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 17:34 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 17:34 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 17:34 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 17:34 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-11 17:34 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 17:34 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 17:34 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 17:34 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 17:34 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 17:34 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 17:34 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 17:34 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 17:34 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 17:34 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 17:34 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 17:34 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 17:34 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 17:34 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 17:34 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 17:34 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 17:34 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 17:34 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 17:34 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 17:34 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 17:34 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 17:34 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 17:34 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 17:34 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 17:34 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 17:34 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 17:34 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 17:34 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 17:34 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 17:34 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 17:34 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 17:34 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 17:34 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-11 17:34 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-08 17:41 - 2015-11-08 17:41 - 00001086 _____ C:\Users\JHL\Desktop\HLenovo – zástupce.lnk
2015-11-07 13:58 - 2015-11-19 09:09 - 00001023 _____ C:\Users\JHL\Desktop\ZO CSV F na Drop.lnk
2015-11-07 13:57 - 2015-11-13 16:15 - 00001055 _____ C:\Users\JHL\Desktop\Účetnictví F na Drop.lnk
2015-11-07 13:18 - 2015-11-07 13:18 - 00085913 _____ C:\Users\JHL\Downloads\0000000013502093_20150930_D_007_000_M_C(1).pdf
2015-11-07 13:18 - 2015-11-07 13:18 - 00082417 _____ C:\Users\JHL\Downloads\0000000013502093_20151031_D_008_000_M_C.pdf
2015-11-07 13:18 - 2015-11-07 13:18 - 00081006 _____ C:\Users\JHL\Downloads\0000000013502093_20150831_D_006_000_M_C.pdf
2015-11-07 13:03 - 2015-11-07 13:03 - 00001450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Centrum řešení HP.lnk
2015-11-07 13:03 - 2015-11-07 13:03 - 00001444 _____ C:\Users\Public\Desktop\Centrum řešení HP.lnk
2015-11-07 13:03 - 2015-11-07 13:03 - 00001330 _____ C:\Users\Public\Desktop\Nakupujte spotřební materiál HP.lnk
2015-11-07 13:03 - 2015-11-07 13:03 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-11-07 11:10 - 2015-11-07 11:10 - 03774136 _____ (Oleg N. Scherbakov) C:\Users\JHL\Downloads\HPSupportSolutionsFramework-12.0.30.81(1).exe
2015-11-06 17:57 - 2015-11-06 17:57 - 00000000 ____D C:\SUPERDelete
2015-11-06 10:11 - 2015-11-06 10:11 - 00003640 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2015-11-06 09:49 - 2015-11-06 09:49 - 00000000 ____D C:\RegBackup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-06 11:57 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2015-12-06 11:53 - 2015-10-04 18:37 - 00000980 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-06 11:53 - 2015-08-01 14:48 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3280825375-4193700147-3120515293-1001UA.job
2015-12-06 11:49 - 2015-10-04 18:37 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-06 11:49 - 2015-08-02 13:13 - 00000000 __SHD C:\Users\JHL\IntelGraphicsProfiles
2015-12-06 11:48 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-06 11:48 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-06 11:46 - 2015-08-16 09:40 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-06 11:34 - 2015-08-02 12:44 - 00000000 ____D C:\Users\JHL
2015-12-06 11:05 - 2015-03-07 12:10 - 00000000 ____D C:\Users\JHL\AppData\Local\SweetLabs App Platform
2015-12-06 11:04 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-06 10:32 - 2015-03-07 16:39 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A841725E-9E82-45DC-A61D-B4C2638C3E8A}
2015-12-05 18:50 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-05 18:28 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-12-05 17:10 - 2015-03-08 10:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-04 18:38 - 2015-04-04 17:23 - 00000000 ____D C:\Users\JHL\AppData\Local\Google
2015-12-04 17:53 - 2015-11-04 17:53 - 00003228 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJHL
2015-12-04 17:53 - 2015-11-04 17:53 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJHL.job
2015-12-04 17:49 - 2015-10-16 17:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-04 16:32 - 2015-10-31 16:50 - 00003380 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2015-12-04 15:53 - 2015-08-01 14:48 - 00000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3280825375-4193700147-3120515293-1001Core.job
2015-12-04 12:44 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-04 09:24 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-04 09:24 - 2015-03-07 17:41 - 00000000 ____D C:\Users\JHL\AppData\Local\ElevatedDiagnostics
2015-12-04 08:54 - 2015-10-04 18:38 - 00002272 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-03 17:07 - 2015-03-08 08:29 - 00000000 ___RD C:\Users\JHL\Dropbox
2015-12-02 17:48 - 2015-10-04 18:37 - 00004038 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 17:48 - 2015-10-04 18:37 - 00003806 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 15:24 - 2015-08-31 17:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-02 14:13 - 2015-08-02 22:36 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-02 12:52 - 2015-08-02 22:25 - 00676964 _____ C:\WINDOWS\system32\perfh005.dat
2015-12-02 12:52 - 2015-08-02 22:25 - 00136874 _____ C:\WINDOWS\system32\perfc005.dat
2015-12-02 12:52 - 2015-08-02 13:04 - 01631590 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-24 11:17 - 2015-07-27 15:32 - 00000000 ____D C:\Users\JHL\.gimp-2.8
2015-11-24 11:12 - 2015-07-27 15:36 - 00000000 ____D C:\Users\JHL\AppData\Local\gtk-2.0
2015-11-23 10:41 - 2015-06-27 14:49 - 00109168 _____ C:\Users\JHL\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-20 18:05 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\ModemLogs
2015-11-20 18:04 - 2014-05-22 21:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-20 17:52 - 2015-03-14 09:18 - 00000000 ____D C:\Program Files\WinRAR
2015-11-17 17:36 - 2015-04-05 06:56 - 00001568 _____ C:\Users\JHL\Desktop\Cobian.lnk
2015-11-17 14:44 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-15 18:08 - 2014-05-22 20:33 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-11-15 15:38 - 2015-06-23 16:11 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-15 15:37 - 2014-05-22 21:00 - 00000000 ____D C:\ProgramData\Adobe
2015-11-15 15:23 - 2015-04-16 12:45 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-15 15:15 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Vss
2015-11-15 10:30 - 2015-07-10 13:20 - 00380632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-15 10:27 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-14 18:19 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-14 18:16 - 2015-03-08 09:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-14 18:09 - 2015-03-08 09:01 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-13 16:55 - 2015-03-08 08:21 - 00000000 ____D C:\Users\JHL\AppData\Roaming\Dropbox
2015-11-11 17:45 - 2015-08-16 09:40 - 00003900 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-07 13:05 - 2015-03-07 19:26 - 00000000 ____D C:\Users\JHL\AppData\Roaming\HP
2015-11-07 13:05 - 2015-03-07 17:11 - 00182955 _____ C:\WINDOWS\hpoins44.dat
2015-11-07 13:05 - 2015-03-07 17:11 - 00000000 ____D C:\ProgramData\HP
2015-11-07 13:05 - 2013-08-22 14:25 - 00000234 _____ C:\WINDOWS\win.ini
2015-11-07 13:03 - 2015-03-07 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-11-07 13:03 - 2015-03-07 17:13 - 00000000 ____D C:\Program Files (x86)\HP
2015-11-07 12:36 - 2015-09-28 15:42 - 00000000 ____D C:\Users\JHL\Downloads\HP Downloads
2015-11-06 10:44 - 2015-08-02 13:18 - 00002407 _____ C:\Users\JHL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-06 10:44 - 2015-08-02 13:18 - 00000000 ___RD C:\Users\JHL\OneDrive

==================== Files in the root of some directories =======

2015-04-28 17:07 - 2015-04-28 17:52 - 0000053 _____ () C:\Users\JHL\AppData\Roaming\LogFile.txt
2015-11-24 11:12 - 2015-11-24 11:12 - 0002009 _____ () C:\Users\JHL\AppData\Local\recently-used.xbel
2015-08-02 12:40 - 2015-08-02 12:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-07 17:11 - 2015-11-07 13:05 - 0007193 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-06 11:45

==================== End of FRST.txt ============================

janpi · Příspěvekod **janpi** » 06 pro 2015 15:16

Hned na začátek dobrá zpráva, po dlouhé době na mě při otevření prohlížeče nic "nevyskočilo", nechci to ale zakřiknout. Ještě se ozvu.
Při tom předchozím čištění přestal fungovat Firefox (Pokus o načtení konfiguračního souboru selhal. Kontaktujte svého systémového administrátora.), mám náhradu Chrome.
POCHVALA PRO VÁS!!!

6. prosince FRST, druhý log

Druhý log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by JHL (2015-12-06 12:00:13)
Running from C:\Users\JHL\Downloads
Windows 10 Home (X64) (2015-08-02 12:12:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3280825375-4193700147-3120515293-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3280825375-4193700147-3120515293-503 - Limited - Disabled)
Guest (S-1-5-21-3280825375-4193700147-3120515293-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3280825375-4193700147-3120515293-1003 - Limited - Enabled)
JHL (S-1-5-21-3280825375-4193700147-3120515293-1001 - Administrator - Enabled) => C:\Users\JHL

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Access to MySQL Converter 1.0.1 (HKLM-x32\...\Access to MySQL Converter) (Version: 1.0.1 - Converter Freeware Studio)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Any Video Converter 5.7.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Ashampoo WinOptimizer 11 (HKLM-x32\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version: 11.00.70 - Ashampoo GmbH & Co. KG)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
Dropbox (HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
F2400 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.2.2 - Genesys Logic)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{BCDD692B-172D-440A-9A1B-501C71D72CC8}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{E1BB50BA-7CCB-47CD-9FE3-03AAE6EEF862}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
JetBrains PhpStorm 8.0.3 (HKLM-x32\...\PhpStorm 8.0.3) (Version: 139.1348 - JetBrains s.r.o.)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.2.1.1000 - Maxthon International Limited)
Microsoft Access 2000 (HKLM-x32\...\{00100405-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 cs)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Mozilla Thunderbird 38.4.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 38.4.0 (x86 cs)) (Version: 38.4.0 - Mozilla)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Opera Stable 33.0.1990.115 (HKLM-x32\...\Opera 33.0.1990.115) (Version: 33.0.1990.115 - Opera Software)
Pokki (HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\SweetLabs_AP) (Version: 0.269.7.802 - Pokki)
PostgreSQL 9.4 (HKLM\...\PostgreSQL 9.4) (Version: 9.4 - PostgreSQL Global Development Group)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Seznam Software (HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\SeznamInstall) (Version: - Seznam.cz)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Start Menu (HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.800 - Pokki)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.1.3 - Tweaking.com)
VSDC Free Video Editor version 3.1.0.354 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.1.0.354 - Flash-Integro LLC)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.11-0 - Bitnami)
ZD Soft Screen Recorder (HKLM-x32\...\{101CC777-634C-42AF-AF95-7A0282ABF247}) (Version: 8.0.1 - ZD Soft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JHL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\JHL\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\JHL\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Restore Points =========================

23-11-2015 12:40:31 Scheduled Checkpoint
24-11-2015 11:35:41 Reimage Express Restore Point
02-12-2015 17:18:44 Uniblue PC Mechanic installation
04-12-2015 16:03:56 Norton_Power_Eraser_20151204160352744
04-12-2015 17:14:50 JRT Pre-Junkware Removal
06-12-2015 11:10:47 zoek.exe restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-12-06 11:12 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06F38CF9-4BC3-4915-BFE0-D26B001E5307} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3280825375-4193700147-3120515293-1001Core => C:\Users\JHL\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-01] (Dropbox, Inc.)
Task: {12168751-D8F0-478B-A17D-0DAC5C73582E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {12CF3232-B887-4EE0-82D6-848014924AEE} - \AmiUpdXp -> No File <==== ATTENTION
Task: {134EF208-AF43-44AC-ABA2-8AC5C1C1E011} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {15B5BF4F-D1F1-4C1D-B5B7-46AC2A58C0A4} - System32\Tasks\One-Click Optimizer WO11 => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\WO11.exe [2015-07-09] (Ashampoo Development GmbH & Co. KG)
Task: {16746623-C887-4CCF-BEB3-89D4C7A5FF03} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1A00004C-2630-42BD-B781-74BFC9AE29E3} - \40db1533-f551-4998-8bca-934da85073e3-1-7 -> No File <==== ATTENTION
Task: {1CE5F9B7-3450-4686-9ADE-D0C157284028} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {1E88AE07-AB02-4D04-89F3-4CEABDE857A5} - \40db1533-f551-4998-8bca-934da85073e3-7 -> No File <==== ATTENTION
Task: {1E9E7E8F-5F10-4988-A30D-050EE0E62201} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {271A3556-FF16-4835-8F1A-17B32DC080DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {3C0E2A85-BE31-4D2B-AF2B-D2D6FA66AAF5} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {3D55B308-8EA7-43F8-8780-39A78959512D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {3FBCDE92-5FDB-4E46-BB3D-95CD1782C57A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-14] (Microsoft Corporation)
Task: {40E9AB23-44E1-4405-8D3B-62D63C9F661C} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-12-10] (Maxthon International ltd.)
Task: {43C1FBA8-BA1F-42F6-8B20-1CC345BA7925} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {4548726A-D627-40B9-BB0A-EF9F5E938E36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {4E729D3B-6EDA-482D-B08F-F582FC808B08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {5729D31F-0E42-4A9C-860F-B5010DA4A11A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {58BA2CB1-F88D-4566-90CA-B249551D8434} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {61CED2DB-0BC3-45A6-AFFC-7A29C233FAC1} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {62984A47-6358-4A7E-9810-499C69045793} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {65775924-15ED-4489-9BAC-633DB3061F26} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {678103C6-BCC8-47C5-A252-213A4EFF5106} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {67D9E794-1A7A-4B15-ABB6-D4A064CC38E9} - System32\Tasks\SweetLabs App Platform => C:\Users\JHL\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2015-10-30] (Pokki)
Task: {6AC6C077-F09D-43C5-AB0F-D172DB5956D3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6D1EF81C-2BF5-4AD7-B6DF-5386673AF976} - \40db1533-f551-4998-8bca-934da85073e3-3 -> No File <==== ATTENTION
Task: {6F0AC354-C938-4B0C-9EF0-160636048EF1} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {7DA91E44-572D-447C-ABEE-867B8694EED2} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {7E4CFDD7-0228-4B54-A248-C2FDD3057218} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {83B6AFB0-EF9A-4B0D-9FB8-C507247EC5BC} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
Task: {887B3C7C-0594-42A0-9D43-720B013D2038} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {8F7A92C6-483D-414D-8CAF-A01A13E5DA47} - \40db1533-f551-4998-8bca-934da85073e3-13 -> No File <==== ATTENTION
Task: {A212B2C5-201B-4B20-A0FE-6EF184D111E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A4A3821B-63CF-420D-B8D3-4FF4F71563D0} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {B2062542-BD0E-4757-A7FD-B107B31EB3FD} - \40db1533-f551-4998-8bca-934da85073e3-10_user -> No File <==== ATTENTION
Task: {B3DC791C-9369-4395-8A0F-EC8EA315D1D0} - System32\Tasks\Opera scheduled Autoupdate 1447606382 => C:\Program Files (x86)\Opera\launcher.exe [2015-11-16] (Opera Software)
Task: {BB0C1489-8055-4748-BF5F-C626B92CE8D1} - System32\Tasks\{5CB662C4-D4F8-48AC-A564-AE818F4E7588} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {BC6992CF-58F4-41CF-AF74-A657B8E508FA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BDEE70F3-E753-4846-AA78-B4239C282E6E} - \40db1533-f551-4998-8bca-934da85073e3-5_user -> No File <==== ATTENTION
Task: {C12E4306-532E-499B-8CA3-372A52E84FD2} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {C31C1A6B-97C2-420C-A2D4-38B090F08A7D} - \40db1533-f551-4998-8bca-934da85073e3-1-6 -> No File <==== ATTENTION
Task: {C3A9AA42-E1B2-452E-A692-4A2F6D653558} - \40db1533-f551-4998-8bca-934da85073e3-5 -> No File <==== ATTENTION
Task: {C92F0092-AC08-415F-B8F4-0827B919CF98} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CD5D699D-A6F6-4CEF-BDD8-87AE6AE64C3B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {CDD5F1B6-1111-4522-A0AD-5B52D74E407E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D0965834-54A9-4C02-8CD6-B18A42F413C3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3280825375-4193700147-3120515293-1001UA => C:\Users\JHL\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-01] (Dropbox, Inc.)
Task: {D129D2B1-F6F4-4E13-94B5-07775586F149} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {D573A425-9EB4-46AA-A6B7-D59F8B10F9C4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {DA3758CC-F556-4436-8A7D-0391D21C2BA4} - \40db1533-f551-4998-8bca-934da85073e3-6 -> No File <==== ATTENTION
Task: {DE5E7365-BAEA-44D6-ACEA-8F5EE3757660} - \40db1533-f551-4998-8bca-934da85073e3-11 -> No File <==== ATTENTION
Task: {E31FF12A-4F5B-4473-8AD6-35580F1D1AD6} - \40db1533-f551-4998-8bca-934da85073e3-4 -> No File <==== ATTENTION
Task: {E403ABD0-334E-43C4-87F9-523F89BF4104} - System32\Tasks\HPCeeScheduleForJHL => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {E7195708-C5AD-476B-AFF8-676B87A95811} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {F2FE12A6-01E3-47E3-AA68-6DCACBF6DC39} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {FE8CE565-E4AB-4719-965C-203CEA6F32B4} - \40db1533-f551-4998-8bca-934da85073e3-14 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3280825375-4193700147-3120515293-1001Core.job => C:\Users\JHL\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3280825375-4193700147-3120515293-1001UA.job => C:\Users\JHL\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJHL.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 12:00 - 2015-07-10 12:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-02 22:30 - 2015-08-02 22:30 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 07:29 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-05-22 20:35 - 2011-08-17 04:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-05-22 20:58 - 2013-05-14 19:53 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-31 18:46 - 2015-01-12 16:55 - 00223600 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
2015-08-07 13:33 - 2015-07-13 08:37 - 00178688 _____ () C:\Program Files\PostgreSQL\9.4\bin\LIBPQ.dll
2015-08-07 13:34 - 2014-05-08 07:18 - 02197504 _____ () C:\Program Files\PostgreSQL\9.4\bin\libxml2.dll
2015-10-02 07:57 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-02 07:57 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-15 17:51 - 2015-05-26 12:35 - 00079872 _____ () C:\Users\JHL\AppData\Roaming\Seznam.cz\bin\30350libfoxloader-x64.dll
2015-10-02 07:57 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-02 07:57 - 2015-09-17 06:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-02 07:57 - 2015-09-17 06:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-02 07:57 - 2015-09-17 06:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-02 07:57 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-05-22 20:35 - 2013-10-25 10:23 - 00053248 _____ () C:\windows\SysWOW64\UMonit64.exe
2015-11-15 17:51 - 2015-05-26 12:38 - 00457384 _____ () C:\Users\JHL\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2015-11-15 17:51 - 2015-05-26 12:36 - 00073896 _____ () C:\Users\JHL\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2014-05-22 20:35 - 2011-08-17 04:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2015-11-15 17:51 - 2015-05-26 12:37 - 00078504 _____ () C:\Users\JHL\AppData\Roaming\Seznam.cz\bin\30347libfoxloader.dll
2015-11-15 17:51 - 2015-05-26 12:38 - 00862888 _____ () C:\Users\JHL\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2015-11-15 17:51 - 2015-02-17 09:35 - 00764416 _____ () C:\Users\JHL\AppData\Roaming\Seznam.cz\bin\libchinst.dll
2014-05-22 20:35 - 2011-05-17 21:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2015-04-28 21:15 - 2015-04-28 21:15 - 00569856 _____ () C:\Users\JHL\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 21:15 - 2015-04-28 21:15 - 01400846 _____ () C:\Users\JHL\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll
2015-04-28 21:15 - 2015-04-28 21:15 - 00151054 _____ () C:\Users\JHL\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll
2015-04-28 21:15 - 2015-04-28 21:15 - 00222734 _____ () C:\Users\JHL\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll
2015-12-04 08:53 - 2015-11-24 09:00 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
2015-12-04 08:53 - 2015-11-24 09:00 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\lenovo\lenovowallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Cobian Backup 11 interface"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{2ECBCC7C-190E-4CFD-89C3-E816CE865CE9}C:\xampp\mysql\bin\mysqld.exe] => (Block) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{F8E36524-CE52-49E0-AC78-75A107A2077C}C:\xampp\mysql\bin\mysqld.exe] => (Block) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{BFD7F4F5-08D9-4629-B24D-808DF947D78F}C:\xampp\apache\bin\httpd.exe] => (Block) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{C41889C8-0706-476C-9D7E-D4C2E5B06DAE}C:\xampp\apache\bin\httpd.exe] => (Block) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{92A2E58C-5747-4DA0-9714-BC1710D8098E}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{20B39245-8EE9-4771-BA9D-25D5AF2FD137}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{7D7D60EF-8A59-4FA5-A1A7-959DED92C79C}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{3DCBBDFE-8E25-43C2-ABFE-972001B08E13}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{9A3D1BF8-01E9-43E7-9602-7C77FA44BD92}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1B78BA7B-6906-4A01-93D1-9F4B05A992D0}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{2373A42B-F80C-4199-87DC-640353431547}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{A780659C-5227-4E59-A9BF-86B7EAB9A73D}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{22020DF3-90FD-4672-BB25-F319A3365330}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{AE7B84FE-978D-4914-8F00-54164AEC3B47}] => (Allow) C:\Program Files (x86)\Office12\ONENOTE.EXE
FirewallRules: [{909D9148-5CFE-42C7-8635-0D0AF32C2F6D}] => (Allow) C:\Program Files (x86)\Office12\ONENOTE.EXE
FirewallRules: [{EAD2B47B-07FE-4513-8BE9-8C7E5869A44A}] => (Allow) C:\Program Files (x86)\Office12\GROOVE.EXE
FirewallRules: [{4F5AC371-92BF-4A1A-805F-4252F2647301}] => (Allow) C:\Program Files (x86)\Office12\GROOVE.EXE
FirewallRules: [{59A4732D-B482-41F9-B9F6-CC66F68CA776}] => (Allow) C:\Program Files (x86)\Office12\outlook.exe
FirewallRules: [{10804DB9-6F8F-472F-9408-52E153843066}] => (Allow) C:\Users\JHL\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4DAF850D-3CE8-4756-9BE0-7004A2C20BB5}] => (Allow) C:\Users\JHL\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{469A71DE-A4EE-42F4-9C98-F8BC458F573A}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{05256E83-E350-40DB-8257-8F75169359DD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{B8838F29-4945-4EDA-8D6B-5B36E8BDDD8D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{227FA94E-A1C2-4A6A-A083-7750F7B49521}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{4355FAD1-1432-4700-AE07-F4F8AEC54D32}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{D3A80FF0-8F49-41EB-A181-FFB90BB1EDA9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4AA0824C-4099-4312-AA8C-106B75F369CC}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{55E68A23-A220-4924-AB39-6F414B6B7F28}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{C447B99F-E95F-4EED-9F5E-E601C3158509}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{C062B426-2E46-4C3C-A537-71728DDF0CB5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{9077431F-7F31-4A9D-969F-14473AEAC583}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{73F74A77-ECA4-4EE4-B172-4E207EAB3B22}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E0E3D6E5-56EF-4691-9039-1530747F3014}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{40E170B7-8E2F-4438-A2D1-58736B136AED}C:\program files\netbeans 8.0.2\bin\netbeans64.exe] => (Block) C:\program files\netbeans 8.0.2\bin\netbeans64.exe
FirewallRules: [UDP Query User{22FEF9D7-45AF-4677-A66C-103CB41D5F96}C:\program files\netbeans 8.0.2\bin\netbeans64.exe] => (Block) C:\program files\netbeans 8.0.2\bin\netbeans64.exe
FirewallRules: [{EC92A381-3753-45CC-95FD-886036F9E45A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{49C1A574-8FA3-4AE5-8DB8-F910B360DDBD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{6348E286-1B95-4256-B76A-C4655F9B9E3B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{0BD69676-0766-43D5-BE29-F29C995EE7E6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C2DFFE38-6AE9-45EC-95BE-E426216DFCB7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{0DCA04C4-949D-4EAC-B9AB-9966034237C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{87FC9E06-B091-4A08-A72E-94B641C90DAC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{E003E8D4-2775-487F-8569-A828D962348A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D1D5DDA1-325E-46F6-A923-0AB1EC758CA5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{816FC31B-C38C-49D8-97B1-F6B4174E5B0A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A069FF32-F9E9-45ED-835C-1CC7C4AD1B8A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DA508E68-2418-433B-A7ED-41CE42F4CABA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2015 11:43:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: backgroundTaskHost.exe, verze: 10.0.10240.16384, časové razítko: 0x559f38c5
Název chybujícího modulu: twinapi.appcore.dll, verze: 10.0.10240.16590, časové razítko: 0x563ad512
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000006646f
ID chybujícího procesu: 0x8a0c
Čas spuštění chybující aplikace: 0xbackgroundTaskHost.exe0
Cesta k chybující aplikaci: backgroundTaskHost.exe1
Cesta k chybujícímu modulu: backgroundTaskHost.exe2
ID zprávy: backgroundTaskHost.exe3
Úplný název chybujícího balíčku: backgroundTaskHost.exe4
ID aplikace související s chybujícím balíčkem: backgroundTaskHost.exe5

Error: (12/06/2015 10:59:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: backgroundTaskHost.exe, verze: 10.0.10240.16384, časové razítko: 0x559f38c5
Název chybujícího modulu: twinapi.appcore.dll, verze: 10.0.10240.16590, časové razítko: 0x563ad512
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000006646f
ID chybujícího procesu: 0x1894
Čas spuštění chybující aplikace: 0xbackgroundTaskHost.exe0
Cesta k chybující aplikaci: backgroundTaskHost.exe1
Cesta k chybujícímu modulu: backgroundTaskHost.exe2
ID zprávy: backgroundTaskHost.exe3
Úplný název chybujícího balíčku: backgroundTaskHost.exe4
ID aplikace související s chybujícím balíčkem: backgroundTaskHost.exe5

Error: (12/06/2015 10:57:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: backgroundTaskHost.exe, verze: 10.0.10240.16384, časové razítko: 0x559f38c5
Název chybujícího modulu: twinapi.appcore.dll, verze: 10.0.10240.16590, časové razítko: 0x563ad512
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000006646f
ID chybujícího procesu: 0x1318
Čas spuštění chybující aplikace: 0xbackgroundTaskHost.exe0
Cesta k chybující aplikaci: backgroundTaskHost.exe1
Cesta k chybujícímu modulu: backgroundTaskHost.exe2
ID zprávy: backgroundTaskHost.exe3
Úplný název chybujícího balíčku: backgroundTaskHost.exe4
ID aplikace související s chybujícím balíčkem: backgroundTaskHost.exe5

Error: (12/05/2015 06:19:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: backgroundTaskHost.exe, verze: 10.0.10240.16384, časové razítko: 0x559f38c5
Název chybujícího modulu: twinapi.appcore.dll, verze: 10.0.10240.16590, časové razítko: 0x563ad512
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000006646f
ID chybujícího procesu: 0x1a78
Čas spuštění chybující aplikace: 0xbackgroundTaskHost.exe0
Cesta k chybující aplikaci: backgroundTaskHost.exe1
Cesta k chybujícímu modulu: backgroundTaskHost.exe2
ID zprávy: backgroundTaskHost.exe3
Úplný název chybujícího balíčku: backgroundTaskHost.exe4
ID aplikace související s chybujícím balíčkem: backgroundTaskHost.exe5

Error: (12/05/2015 05:34:19 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5400) Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032

Error: (12/05/2015 05:34:19 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5400) Pokus o vytvoření souboru C:\WINDOWS\system32\edbtmp.log selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření souboru selže a dojde k chybě -1032 (0xfffffbf8).

Error: (12/05/2015 05:34:09 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5400) Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032

Error: (12/05/2015 05:34:09 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5400) Pokus o vytvoření souboru C:\WINDOWS\system32\edbtmp.log selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření souboru selže a dojde k chybě -1032 (0xfffffbf8).

Error: (12/05/2015 05:33:58 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5400) Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032

Error: (12/05/2015 05:33:58 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5400) Pokus o vytvoření souboru C:\WINDOWS\system32\edbtmp.log selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření souboru selže a dojde k chybě -1032 (0xfffffbf8).

System errors:
=============
Error: (12/06/2015 11:52:56 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (12/06/2015 11:52:14 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (12/06/2015 11:51:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba HP Network Devices Support byla ukončena s následující chybou:
%%126

Error: (12/06/2015 11:50:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba HP Network Devices Support byla ukončena s následující chybou:
%%126

Error: (12/06/2015 11:50:56 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (12/06/2015 11:48:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba HP Network Devices Support byla ukončena s následující chybou:
%%126

Error: (12/06/2015 11:48:44 AM) (Source: GeneStor) (EventID: 0) (User: )
Description: GeneStor driver startedGeneStor driver started (2)

Error: (12/06/2015 11:47:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba User Data Access_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.

Error: (12/06/2015 11:47:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba User Data Storage_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.

Error: (12/06/2015 11:47:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Contact Data_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.

CodeIntegrity:
===================================
Date: 2015-12-06 11:46:49.876
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-04 08:57:35.624
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-03 18:24:17.561
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-02 13:41:59.801
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-30 17:44:10.092
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-28 09:14:12.496
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-27 09:19:51.328
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-24 10:58:20.930
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-23 10:57:26.433
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-22 17:06:40.226
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Percentage of memory in use: 71%
Total physical RAM: 1935.74 MB
Available physical RAM: 558.39 MB
Total Virtual: 4239.74 MB
Available Virtual: 2382.41 MB

==================== Drives ================================

Drive c: (Windows10_OS) (Fixed) (Total:458.98 GB) (Free:414.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Dokumenty) (Fixed) (Total:16.58 GB) (Free:14.25 GB) NTFS
Drive z: (Záloha) (Fixed) (Total:429.69 GB) (Free:314.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 25FE6309)

Partition: GPT.

==================== End of Addition.txt ============================

janpi · Příspěvekod **janpi** » 06 pro 2015 16:25

Ještě jedna doplňující zpráva. W Defender uložil 20.11. do karantény: Trojan: Win32/Veediem, dnes jsem smazal

Příspěvekod **jerabina** » 06 pro 2015 17:57

Odinstaluj Ashampoo WinOptimizer 11

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému.

Toto otestuj na Virustotal
C:\Windows\SysWOW64\UMonit64.exe
C:\WINDOWS\hpoins44.dat

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:

HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516784 2015-01-12] (Ashampoo Development GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\JHL\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\JHL\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\...\MountPoints2: {b7087ab9-e3b3-11e3-8258-806e6f6e6963} - "D:\ppk.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3280825375-4193700147-3120515293-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKLM -> DefaultScope {43767163-A381-495A-B3B7-2983079CDF65} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = 
IE Session Restore: HKU\S-1-5-21-3280825375-4193700147-3120515293-1001 -> is enabled.

FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Extension: No Name - C:\Users\JHL\AppData\Roaming\Mozilla\Firefox\Profiles\nx0xzn0u.default-1439135992986\extensions\s3google@translator.xpi [not found]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-11-20] <==== ATTENTION (Points to *.cfg file)

OPR Extension: (aleggpabliehgbeagmfhnodcijcmbonb) - C:\Users\JHL\AppData\Roaming\Opera Software\Opera Stable\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2015-11-20]

R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223600 2015-01-12] ()
S2 HPSLPSVC; C:\Users\JHL\AppData\Local\Temp\7zS14A1\hpslpsvc64.dll [X]

R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] ()
S3 cpuz134; \??\C:\Users\JHL\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 DfSdkS; no ImagePath

C:\ProgramData\RogueKiller
C:\ProgramData\DP45977C.lfl

C:\Program Files (x86)\Ashampoo
C:\Users\JHL\AppData\Local\Temp\7zS14A1\hpslpsvc64.dll

C:\Users\JHL\AppData\Local\Temp\cpuz134\cpuz134_x64.sys

C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage
C:\Users\JHL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal

Task: {12168751-D8F0-478B-A17D-0DAC5C73582E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {12CF3232-B887-4EE0-82D6-848014924AEE} - \AmiUpdXp -> No File <==== ATTENTION
Task: {134EF208-AF43-44AC-ABA2-8AC5C1C1E011} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {15B5BF4F-D1F1-4C1D-B5B7-46AC2A58C0A4} - System32\Tasks\One-Click Optimizer WO11 => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\WO11.exe [2015-07-09] (Ashampoo Development GmbH & Co. KG)
Task: {16746623-C887-4CCF-BEB3-89D4C7A5FF03} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1A00004C-2630-42BD-B781-74BFC9AE29E3} - \40db1533-f551-4998-8bca-934da85073e3-1-7 -> No File <==== ATTENTION
Task: {1CE5F9B7-3450-4686-9ADE-D0C157284028} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {1E88AE07-AB02-4D04-89F3-4CEABDE857A5} - \40db1533-f551-4998-8bca-934da85073e3-7 -> No File <==== ATTENTION
Task: {1E9E7E8F-5F10-4988-A30D-050EE0E62201} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4548726A-D627-40B9-BB0A-EF9F5E938E36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {4E729D3B-6EDA-482D-B08F-F582FC808B08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {58BA2CB1-F88D-4566-90CA-B249551D8434} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {61CED2DB-0BC3-45A6-AFFC-7A29C233FAC1} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {65775924-15ED-4489-9BAC-633DB3061F26} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {678103C6-BCC8-47C5-A252-213A4EFF5106} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6AC6C077-F09D-43C5-AB0F-D172DB5956D3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6D1EF81C-2BF5-4AD7-B6DF-5386673AF976} - \40db1533-f551-4998-8bca-934da85073e3-3 -> No File <==== ATTENTION
Task: {7E4CFDD7-0228-4B54-A248-C2FDD3057218} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8F7A92C6-483D-414D-8CAF-A01A13E5DA47} - \40db1533-f551-4998-8bca-934da85073e3-13 -> No File <==== ATTENTION
Task: {A212B2C5-201B-4B20-A0FE-6EF184D111E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B2062542-BD0E-4757-A7FD-B107B31EB3FD} - \40db1533-f551-4998-8bca-934da85073e3-10_user -> No File <==== ATTENTION
Task: {BB0C1489-8055-4748-BF5F-C626B92CE8D1} - System32\Tasks\{5CB662C4-D4F8-48AC-A564-AE818F4E7588} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {BC6992CF-58F4-41CF-AF74-A657B8E508FA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BDEE70F3-E753-4846-AA78-B4239C282E6E} - \40db1533-f551-4998-8bca-934da85073e3-5_user -> No File <==== ATTENTION
Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {C31C1A6B-97C2-420C-A2D4-38B090F08A7D} - \40db1533-f551-4998-8bca-934da85073e3-1-6 -> No File <==== ATTENTION
Task: {C3A9AA42-E1B2-452E-A692-4A2F6D653558} - \40db1533-f551-4998-8bca-934da85073e3-5 -> No File <==== ATTENTION
Task: {C92F0092-AC08-415F-B8F4-0827B919CF98} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CDD5F1B6-1111-4522-A0AD-5B52D74E407E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DA3758CC-F556-4436-8A7D-0391D21C2BA4} - \40db1533-f551-4998-8bca-934da85073e3-6 -> No File <==== ATTENTION
Task: {DE5E7365-BAEA-44D6-ACEA-8F5EE3757660} - \40db1533-f551-4998-8bca-934da85073e3-11 -> No File <==== ATTENTION
Task: {E31FF12A-4F5B-4473-8AD6-35580F1D1AD6} - \40db1533-f551-4998-8bca-934da85073e3-4 -> No File <==== ATTENTION
Task: {E7195708-C5AD-476B-AFF8-676B87A95811} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {FE8CE565-E4AB-4719-965C-203CEA6F32B4} - \40db1533-f551-4998-8bca-934da85073e3-14 -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3280825375-4193700147-3120515293-1001Core.job => C:\Users\JHL\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3280825375-4193700147-3120515293-1001UA.job => C:\Users\JHL\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJHL.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

C:\Program Files (x86)\Google\Update

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

janpi · Příspěvekod **janpi** » 07 pro 2015 15:27

1. soubor: https://www.virustotal.com/cs/file/ad53 ... 449496944/
2. soubor: https://www.virustotal.com/cs/file/dd1b ... 449497254/

fixlist.txt mám na ploše, spuštěný FRST ale po stisku FIX hlásí ...not found... po OK se FRST vypnul a na ploše fixlog.txt není. Co mám udělat?

Příspěvekod **jerabina** » 07 pro 2015 17:26

Ten soubor jste pojmenoval jako fixlist a uložil jako .txt (textový) soubor? Nebo jste ho pojmenoval fixlist.txt a uložil ho jako textový soubor? On se musí jmenovat fixlist a .txt je pouze jako přípona textového souboru.

janpi · Příspěvekod **janpi** » 07 pro 2015 18:46

Takhle jsem zkopíroval název souboru: fixlist.txt
A tak vypadá nyní ta hláška: No fixlist.txt should be in the same folder/directory the tool is located. Nejsem si jistý, jestli je ta hláška stejná jako předchozí.

Prosím o kontrolu logu - janpi Vyřešeno

Re: Prosím o kontrolu logu - janpi

Re: Prosím o kontrolu logu - janpi

Re: Prosím o kontrolu logu - janpi

Re: Prosím o kontrolu logu - janpi

Re: Prosím o kontrolu logu - janpi

Re: Prosím o kontrolu logu - janpi

Re: Prosím o kontrolu logu - janpi

Re: Prosím o kontrolu logu - janpi

Re: Prosím o kontrolu logu - janpi

Re: Prosím o kontrolu logu - janpi

Re: Prosím o kontrolu logu - janpi

Re: Prosím o kontrolu logu - janpi

Kdo je online