Kontrola Logu Vyřešeno

[Max583]

Prosím o kontrolu Logu. Po půl roce co mám nový PC bych chtěl vědět jak na tom je. Žádné extra problémy nemám.
Díky
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:25:10, on 17.02.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)
CHROME: 49.0.2573.0

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files\HotkeyP.exe
C:\Users\Bohumil\Downloads\Rainlendar2\Rainlendar2.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\Bohumil\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://trovi.com?SearchSource=10&CUI=UN ... =CT3266014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Link Finder Toolbar - {c72fe301-5250-4eb9-bd77-d56639c6513e} - C:\Users\Bohumil\AppData\LocalLow\Link_Finder\prxtbLink.dll
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll
O2 - BHO: Link Finder - {c72fe301-5250-4eb9-bd77-d56639c6513e} - C:\Users\Bohumil\AppData\LocalLow\Link_Finder\prxtbLink.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll
O3 - Toolbar: Link Finder Toolbar - {c72fe301-5250-4eb9-bd77-d56639c6513e} - C:\Users\Bohumil\AppData\LocalLow\Link_Finder\prxtbLink.dll
O4 - HKLM\..\Run: [jmekey] C:\windows\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O4 - HKLM\..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Bohumil\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [HotkeyP] C:\Program Files\HotkeyP.exe 0
O4 - HKCU\..\Run: [Rainlendar2] C:\Users\Bohumil\Downloads\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Google Photos Backup] "C:\Users\Bohumil\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Bohumil\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bohumil\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Služba Kaspersky Anti-Virus 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HiSuiteOuc64.exe - Unknown owner - C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - C:\WINDOWS\SysWOW64\ssins.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12639 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[Max583]

a# AdwCleaner v5.034 - Bericht erstellt am 18/02/2016 um 09:18:11
# Aktualisiert am 16/02/2016 von Xplode
# Datenbank : 2016-02-16.2 [Server]
# Betriebssystem : Windows 10 Home (x64)
# Benutzername : Bohumil - LENOVO
# Gestartet von : C:\Users\Bohumil\Desktop\AdwCleaner.exe
# Option : Suchlauf
# Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

Ordner Gefunden : C:\ProgramData\Tbccint
Ordner Gefunden : C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Ordner Gefunden : C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Ordner Gefunden : C:\Users\Bohumil\AppData\Local\Chromium\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Ordner Gefunden : C:\Users\Bohumil\AppData\LocalLow\Link_Finder
Ordner Gefunden : C:\Users\Bohumil\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Bohumil\AppData\LocalLow\Tbccint

***** [ Dateien ] *****


***** [ DLL ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [QyBrowser.exe]
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Stpro.exe
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [BrowserWeb.exe]
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3266014
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3266014
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Schlüssel Gefunden : HKCU\Software\Classes\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C72FE301-5250-4EB9-BD77-D56639C6513E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C72FE301-5250-4EB9-BD77-D56639C6513E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C72FE301-5250-4EB9-BD77-D56639C6513E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C72FE301-5250-4EB9-BD77-D56639C6513E}]
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C72FE301-5250-4EB9-BD77-D56639C6513E}]
Schlüssel Gefunden : HKCU\Software\Reg\Clean
Schlüssel Gefunden : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Tbccint
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
Schlüssel Gefunden : HKLM\SOFTWARE\Reg\Clean
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Daten Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://trovi.com?SearchSource=10&CUI=UN ... =CT3266014
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FF1403E8-1CC7-4B3D-B408-27CC670C522F}
Schlüssel Gefunden : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mystartsearch.com
Schlüssel Gefunden : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.mystartsearch.com
Schlüssel Gefunden : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mystartsearch.com
Schlüssel Gefunden : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mystartsearch.com

***** [ Internetbrowser ] *****

[C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gefunden : fcgnigmofekcllgbiejhmigggmgehkip
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Gefunden : search.yahoo.com
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Gefunden : mystartsearch
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Gefunden : mystartsearch.com
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Gefunden : search.certified-toolbar.com
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Gefunden : webssearches
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Gefunden : delta-homes
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences] [Extension] Gefunden : fcgnigmofekcllgbiejhmigggmgehkip

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5914 Bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 18.02.2016
Čas skenování: 9:23
Protokol: mal.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.02.18.01
Databáze rootkitů: v2016.02.17.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Bohumil

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 361278
Uplynulý čas: 15 min, 13 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 25
PUP.Optional.ClientConnect, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IECT3266014, , [c861ea78c1d8e74f3e9e28a58977c53b],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001_Classes\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C72FE301-5250-4EB9-BD77-D56639C6513E}, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C72FE301-5250-4EB9-BD77-D56639C6513E}, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C72FE301-5250-4EB9-BD77-D56639C6513E}, , [50d9bfa3e1b884b28d5729d5847ebb45],
Adware.ChinAd, HKLM\SOFTWARE\CLASSES\GeePlayer.dir, , [cd5cfe64c7d2ec4a77bcce4eb3516b95],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT3266014, , [3aefd48e5f3ac17593a708c27c8711ef],
PUP.Optional.WikiSearchMe, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, , [2cfd3b271386b97d5ed864b75da77c84],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [6bbe7fe33e5bef47d8b2e23794700ff1],
Adware.ChinAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GeePlayer.dir, , [bd6cf46ec8d1a88efe35bf5d06feb749],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3266014, , [1a0ffd65dcbdae882218f5d53bc809f7],
PUP.Optional.WikiSearchMe, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, , [40e95f038d0cdf5780b676a5be469967],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [a188f072643585b1107acd4c31d327d9],
PUP.Optional.RegCleanPro, HKLM\SOFTWARE\WOW6432NODE\REG\CLEAN\pro, , [5fca481aa6f3989ec192e57821e3ef11],
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, , [9d8c74ee8d0cc76f595d8672c141c33d],
PUP.Optional.WindowsProtectionManager, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WdsManPro, , [77b2d48edcbdfc3a9f02c92f778bb34d],
PUP.Optional.Linkury, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\mtGravelex, , [8b9e5f030f8a47ef38e20beea55d13ed],
PUP.Optional.PriceGong, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [e643550defaa4de9467345b746bd6d93],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1AAEA1A3-2107-481C-9111-F1D542ED9CA4}, , [1a0fc49ec3d6d462b5908e3c7c877e82],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B7A7E145-3E19-48C0-AE5D-29AB29D954DE}, , [51d8ef735c3d79bd64e15e6c21e23ec2],
PUP.Optional.Trovi, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FF1403E8-1CC7-4B3D-B408-27CC670C522F}, , [e8415d05990095a1ae4649c228dcda26],
PUP.Optional.RegCleanPro, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\REG\CLEAN\pro, , [c465154db3e669cd381a98c5956f916f],

Hodnoty registru: 14
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{C72FE301-5250-4EB9-BD77-D56639C6513E}, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{C72FE301-5250-4EB9-BD77-D56639C6513E}, Link Finder Toolbar, , [50d9bfa3e1b884b28d5729d5847ebb45]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{C72FE301-5250-4EB9-BD77-D56639C6513E}, Link Finder Toolbar, , [50d9bfa3e1b884b28d5729d5847ebb45]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{C72FE301-5250-4EB9-BD77-D56639C6513E}, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, , [9f8a5111bcdd73c37029f94bf70d8a76],
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, , [37f2055d2d6cc274683143015ba95ea2],
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, , [1b0ef1710693e5510e8b45fff1136997],
PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|QyBrowser.exe, 9000, , [ee3b3d25f9a0bc7a807ef159c73dee12]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1AAEA1A3-2107-481C-9111-F1D542ED9CA4}|AppPath, C:\Users\Bohumil\AppData\Local\Tbccint\CT3266014, , [1a0fc49ec3d6d462b5908e3c7c877e82]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B7A7E145-3E19-48C0-AE5D-29AB29D954DE}|AppPath, C:\Users\Bohumil\AppData\Local\Tbccint\CT3266014, , [51d8ef735c3d79bd64e15e6c21e23ec2]
PUP.Optional.BrowserWeb, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|BrowserWeb.exe, 11001, , [e049fa689207ce6818a4b89bae5628d8]
PUP.Optional.Trovi, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FF1403E8-1CC7-4B3D-B408-27CC670C522F}|FaviconURL, http://trovi.com/favicon.ico, , [e8415d05990095a1ae4649c228dcda26]
PUP.Optional.Conduit, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FF1403E8-1CC7-4B3D-B408-27CC670C522F}|SuggestionsURL_JSON, http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, , [bc6d6af81f7a5bdb793ba93212f1748c]
PUP.Optional.Trovi, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FF1403E8-1CC7-4B3D-B408-27CC670C522F}|URL, http://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3266014&CUI=UN16173399322855706&UM=8, , [2dfc263ce3b665d116dec74420e47a86]

Data registru: 1
PUP.Optional.Trovi, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://trovi.com?SearchSource=10&CUI=UN ... =CT3266014, Dobré: (www.google.com), Špatné: (http://trovi.com?SearchSource=10&CUI=UN ... =CT3266014),,[cb5e4d155445e65071145695c73dc43c]

Složky: 12
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\Logs, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint, , [a88187db6831999d1d6fcef425dd619f],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\IE, , [a88187db6831999d1d6fcef425dd619f],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\IE\CT3266014, , [a88187db6831999d1d6fcef425dd619f],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi, , [a88187db6831999d1d6fcef425dd619f],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi\CT3266014, , [a88187db6831999d1d6fcef425dd619f],
PUP.Optional.PriceGong, C:\Users\Bohumil\AppData\LocalLow\PriceGong, , [d2573f23237650e6dface4fc837f09f7],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip, , [78b1fe64edacd06648e1fbf233cf738d],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0, , [78b1fe64edacd06648e1fbf233cf738d],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\icons, , [78b1fe64edacd06648e1fbf233cf738d],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\_metadata, , [78b1fe64edacd06648e1fbf233cf738d],

Soubory: 26
PUP.Optional.ClientConnect, C:\ProgramData\Tbccint\IE\CT3266014\UninstallerUI.exe, , [c861ea78c1d8e74f3e9e28a58977c53b],
PUP.Optional.ClientConnect, C:\ProgramData\Tbccint\Multi\CT3266014\UninstallerUI.exe, , [74b5332f66330531825ab914a25e1ce4],
Trojan.Agent, C:\Users\Bohumil\Downloads\CCleaner 5.05 [awsomesoft].zip, , [00290161fc9d0b2bea1521d55ca4659b],
PUP.Optional.Amonetize, C:\Users\Bohumil\Downloads\Smarty Uninstaller 4.2.1 Download Crack Full Version__15022_i1751749908_il945681.ace, , [aa7fed750990d462e0b26c1658a934cc],
RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe, , [8d9c67fbf1a8d85e0c656df18f7148b8],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\cctoolbar.cfg, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\hk64tbLink.dll, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\hktbLink.dll, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\ldrtbLink.dll, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\prxtbLink.dll, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\sc64tbLink.dll, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\sctbLink.dll, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\tbLink.dll, , [50d9bfa3e1b884b28d5729d5847ebb45],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\IE\CT3266014\configutaion.json, , [a88187db6831999d1d6fcef425dd619f],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\IE\CT3266014\SetupIcon.ico, , [a88187db6831999d1d6fcef425dd619f],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi\CT3266014\configutaion.json, , [a88187db6831999d1d6fcef425dd619f],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi\CT3266014\SetupIcon.ico, , [a88187db6831999d1d6fcef425dd619f],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\background.js, , [78b1fe64edacd06648e1fbf233cf738d],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\manifest.json, , [78b1fe64edacd06648e1fbf233cf738d],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\sitecontent.js, , [78b1fe64edacd06648e1fbf233cf738d],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\icons\128x128.png, , [78b1fe64edacd06648e1fbf233cf738d],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\icons\16x16.png, , [78b1fe64edacd06648e1fbf233cf738d],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\icons\wiki-_16.png, , [78b1fe64edacd06648e1fbf233cf738d],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\icons\wiki_128.png, , [78b1fe64edacd06648e1fbf233cf738d],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\icons\wiki_32.ico, , [78b1fe64edacd06648e1fbf233cf738d],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\_metadata\verified_contents.json, , [78b1fe64edacd06648e1fbf233cf738d],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Cleaning (Vymazat)“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[Max583]

# AdwCleaner v5.034 - Logfile created 18/02/2016 at 10:53:52
# Updated 16/02/2016 by Xplode
# Database : 2016-02-16.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Bohumil - LENOVO
# Running from : C:\Users\Bohumil\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\Tbccint
Folder Found : C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Folder Found : C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Folder Found : C:\Users\Bohumil\AppData\Local\Chromium\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Folder Found : C:\Users\Bohumil\AppData\LocalLow\Link_Finder
Folder Found : C:\Users\Bohumil\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Bohumil\AppData\LocalLow\Tbccint

***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [QyBrowser.exe]
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Stpro.exe
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [BrowserWeb.exe]
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3266014
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3266014
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Key Found : HKCU\Software\Classes\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C72FE301-5250-4EB9-BD77-D56639C6513E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C72FE301-5250-4EB9-BD77-D56639C6513E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C72FE301-5250-4EB9-BD77-D56639C6513E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C72FE301-5250-4EB9-BD77-D56639C6513E}]
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C72FE301-5250-4EB9-BD77-D56639C6513E}]
Key Found : HKCU\Software\Reg\Clean
Key Found : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Tbccint
Key Found : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
Key Found : HKLM\SOFTWARE\Reg\Clean
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://trovi.com?SearchSource=10&CUI=UN ... =CT3266014
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FF1403E8-1CC7-4B3D-B408-27CC670C522F}
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mystartsearch.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.mystartsearch.com
Key Found : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mystartsearch.com
Key Found : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mystartsearch.com

***** [ Web browsers ] *****

[C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcgnigmofekcllgbiejhmigggmgehkip
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Found : search.yahoo.com
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Found : mystartsearch
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Found : mystartsearch.com
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Found : search.certified-toolbar.com
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Found : webssearches
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Found : delta-homes
[C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences] [Extension] Found : fcgnigmofekcllgbiejhmigggmgehkip

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [5536 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64
Ran by Bohumil (Administrator) on 18.02.2016 at 11:02:48,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\ProgramData\tbccint (Folder)
Successfully deleted: C:\Users\Bohumil\Appdata\LocalLow\pricegong (Folder)
Successfully deleted: C:\Users\Bohumil\Appdata\LocalLow\tbccint (Folder)
Successfully deleted: C:\WINDOWS\hgfs.sys (File)
Successfully deleted: C:\WINDOWS\prleth.sys (File)
Successfully deleted: C:\WINDOWS\prefetch\FREERSDOWNLOADER.EXE-D2523651.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\SIMPLEFREECELL.EXE-C5F92BC5.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\SIMPLEFREECELL.EXE-FBA471BB.pf (File)



Registry: 8

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91BBBABF-282B-421D-B738-AB0E933E9ABE} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FF1403E8-1CC7-4B3D-B408-27CC670C522F} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c72fe301-5250-4eb9-bd77-d56639c6513e} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c72fe301-5250-4eb9-bd77-d56639c6513e} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c72fe301-5250-4eb9-bd77-d56639c6513e} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.02.2016 at 11:04:35,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 18.02.2016
Čas skenování: 11:12
Protokol: mam1.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.02.18.01
Databáze rootkitů: v2016.02.17.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Bohumil

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 361231
Uplynulý čas: 17 min, 44 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 23
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001_Classes\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C72FE301-5250-4EB9-BD77-D56639C6513E}, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C72FE301-5250-4EB9-BD77-D56639C6513E}, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C72FE301-5250-4EB9-BD77-D56639C6513E}, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
Adware.ChinAd, HKLM\SOFTWARE\CLASSES\GeePlayer.dir, Do karantény, [a2874a184b4e95a1bf74829a976d4bb5],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT3266014, Do karantény, [75b479e95a3fbb7bba80eae0c93a50b0],
PUP.Optional.WikiSearchMe, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, Do karantény, [a9803a288e0b4ee8f83ed74438cc3ec2],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, Do karantény, [50d9164c2e6b1f170e7cfa1f3fc5ea16],
Adware.ChinAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GeePlayer.dir, Do karantény, [ba6f1b476a2f36004ce7ee2e46be05fb],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3266014, Do karantény, [78b1035fb8e18da90f2b775330d37b85],
PUP.Optional.WikiSearchMe, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, Do karantény, [c168ca987c1d43f34beb44d754b00ff1],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, Do karantény, [2900de840d8c5bdb2d5d70a943c15ea2],
PUP.Optional.Conduit.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IECT3266014, Do karantény, [0a1f6df5e6b3db5b36da35c648ba11ef],
PUP.Optional.RegCleanPro, HKLM\SOFTWARE\WOW6432NODE\REG\CLEAN\pro, Do karantény, [61c867fb108960d6ff54233a986ca45c],
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, Do karantény, [c8612d35d7c247efe4d23abe996954ac],
PUP.Optional.WindowsProtectionManager, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WdsManPro, Do karantény, [1f0a6101801985b1bbe60eea4db532ce],
PUP.Optional.Linkury, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\mtGravelex, Do karantény, [63c6b1b11e7b21153ae01edbd62cbd43],
PUP.Optional.PriceGong, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Do karantény, [dd4cf66c51489e980cad56a6c241a15f],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1AAEA1A3-2107-481C-9111-F1D542ED9CA4}, Do karantény, [a98064feadecd363a5a0ccfe3dc610f0],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B7A7E145-3E19-48C0-AE5D-29AB29D954DE}, Do karantény, [69c0b3af6f2a4cea5ee74f7b7c87b24e],
PUP.Optional.RegCleanPro, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\REG\CLEAN\pro, Do karantény, [1d0cc2a09405cd693e147de0ba4a20e0],

Hodnoty registru: 10
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{C72FE301-5250-4EB9-BD77-D56639C6513E}, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{C72FE301-5250-4EB9-BD77-D56639C6513E}, Link Finder Toolbar, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{C72FE301-5250-4EB9-BD77-D56639C6513E}, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Do karantény, [b17875ed049548ee9ffaa1a321e3a45c],
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Do karantény, [0425b5add9c06fc71287ee565fa5966a],
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Do karantény, [8e9b9fc3c4d5e74f74252d1783817e82],
PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|QyBrowser.exe, 9000, Do karantény, [95948cd66336c86ebc42c4865ca833cd]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1AAEA1A3-2107-481C-9111-F1D542ED9CA4}|AppPath, C:\Users\Bohumil\AppData\Local\Tbccint\CT3266014, Do karantény, [a98064feadecd363a5a0ccfe3dc610f0]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B7A7E145-3E19-48C0-AE5D-29AB29D954DE}|AppPath, C:\Users\Bohumil\AppData\Local\Tbccint\CT3266014, Do karantény, [69c0b3af6f2a4cea5ee74f7b7c87b24e]
PUP.Optional.BrowserWeb, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|BrowserWeb.exe, 11001, Do karantény, [0722aeb4b3e62115cfedbd96b3513bc5]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 6
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\Logs, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip, Do karantény, [83a65f033c5dba7c3ced777604fe9d63],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0, Do karantény, [83a65f033c5dba7c3ced777604fe9d63],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\icons, Do karantény, [83a65f033c5dba7c3ced777604fe9d63],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\_metadata, Do karantény, [83a65f033c5dba7c3ced777604fe9d63],

Soubory: 20
Trojan.Agent, C:\Users\Bohumil\Downloads\CCleaner 5.05 [awsomesoft].zip, Do karantény, [f732ff63d1c88fa7fa05a05615eb6f91],
PUP.Optional.Amonetize, C:\Users\Bohumil\Downloads\Smarty Uninstaller 4.2.1 Download Crack Full Version__15022_i1751749908_il945681.ace, Do karantény, [54d56cf6b4e549ed5939b2d0c938f20e],
RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe, Do karantény, [5ccd243e405990a699d8342a25dbeb15],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\cctoolbar.cfg, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\hk64tbLink.dll, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\hktbLink.dll, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\ldrtbLink.dll, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\prxtbLink.dll, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\sc64tbLink.dll, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\sctbLink.dll, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.ConduitTB.Gen, C:\Users\Bohumil\AppData\LocalLow\Link_Finder\tbLink.dll, Do karantény, [8d9c6bf710896ec8a044a7576c9607f9],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\background.js, Do karantény, [83a65f033c5dba7c3ced777604fe9d63],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\manifest.json, Do karantény, [83a65f033c5dba7c3ced777604fe9d63],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\sitecontent.js, Do karantény, [83a65f033c5dba7c3ced777604fe9d63],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\icons\128x128.png, Do karantény, [83a65f033c5dba7c3ced777604fe9d63],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\icons\16x16.png, Do karantény, [83a65f033c5dba7c3ced777604fe9d63],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\icons\wiki-_16.png, Do karantény, [83a65f033c5dba7c3ced777604fe9d63],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\icons\wiki_128.png, Do karantény, [83a65f033c5dba7c3ced777604fe9d63],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\icons\wiki_32.ico, Do karantény, [83a65f033c5dba7c3ced777604fe9d63],
PUP.Optional.WikiSearchMe, C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.7_0\_metadata\verified_contents.json, Do karantény, [83a65f033c5dba7c3ced777604fe9d63],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)
RogueKiller V11.0.12.0 (x64) [Feb 15 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.10586) 64 bits version
Spuštěno : Normální režim
Uživatel : Bohumil [Práva správce]
Started from : C:\Users\Bohumil\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 02/18/2016 12:01:27

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Nalezeno
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Nalezeno
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 77.237.128.2 77.237.128.1 192.168.1.1 ([X][-][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 77.237.128.2 77.237.128.1 192.168.1.1 ([X][-][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2193845d-6135-4c28-a945-38763bbcd903} | DhcpNameServer : 77.237.128.2 77.237.128.1 192.168.1.1 ([X][-][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{92d708c8-a8a6-46d2-85ba-93c13404971c} | DhcpNameServer : 77.237.128.2 77.237.128.1 192.168.1.1 ([X][-][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2193845d-6135-4c28-a945-38763bbcd903} | DhcpNameServer : 77.237.128.2 77.237.128.1 192.168.1.1 ([X][-][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{92d708c8-a8a6-46d2-85ba-93c13404971c} | DhcpNameServer : 77.237.128.2 77.237.128.1 192.168.1.1 ([X][-][-]) -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0x20]) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] 6fc89ac1fc5ed40c08afa9bae13618e7
[BSP] 3e7da328445234df4802ca74a7b8d5e2 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2048 | Size: 1000 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2582528 | Size: 500 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 3606528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 3868672 | Size: 450051 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 925573120 | Size: 25000 MB
User = LL1 ... OK
User = LL2 ... OK

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

[Max583]

Problémy žádné:

RogueKiller V11.0.12.0 (x64) [Feb 15 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.10586) 64 bits version
Spuštěno : Normální režim
Uživatel : Bohumil [Práva správce]
Started from : C:\Users\Bohumil\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 02/18/2016 17:48:19

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 0 -> Nahrazeno (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 0 -> Nahrazeno (0)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : ([X][-][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : ([X][-][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2193845d-6135-4c28-a945-38763bbcd903} | DhcpNameServer : ([X][-][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{92d708c8-a8a6-46d2-85ba-93c13404971c} | DhcpNameServer : ([X][-][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2193845d-6135-4c28-a945-38763bbcd903} | DhcpNameServer : ([X][-][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{92d708c8-a8a6-46d2-85ba-93c13404971c} | DhcpNameServer : ([X][-][-]) -> Nahrazeno ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Nahrazeno (2)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] 6fc89ac1fc5ed40c08afa9bae13618e7
[BSP] 3e7da328445234df4802ca74a7b8d5e2 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2048 | Size: 1000 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2582528 | Size: 500 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 3606528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 3868672 | Size: 450051 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 925573120 | Size: 25000 MB
User = LL1 ... OK
User = LL2 ... OK

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Bohumil on 18.02.2016 at 17:51:05,29.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bohumil\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18.02.2016 17:51:51 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Comms deleted successfully
C:\Users\Bohumil\AppData\Local\ActiveSync deleted successfully
C:\Users\Bohumil\AppData\Local\CrashDumps deleted successfully
C:\Users\Bohumil\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Bohumil\.android deleted
C:\PROGRA~3\Smarty Uninstaller 4 deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox" [04.12.2015 13:12]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eahebamiopdhefndnmappcihfajigkka - https://chrome.google.com/webstore/deta ... ihfajigkka[]

internetquickaccess - Bohumil\AppData\Local\Chromium\User Data\Default\Extensions\ddlhogjgfofpgmkognopimmilcldcepb
Wiki-Search.me - Bohumil\AppData\Local\Chromium\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
AdBlock - Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Seznam Lištička - Email - Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Lištička - Slovník - Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
AdBlock - Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Seznam Lištička - Rychlá volba - Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{91BBBABF-282B-421D-B738-AB0E933E9ABE} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{FF1403E8-1CC7-4B3D-B408-27CC670C522F}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{91BBBABF-282B-421D-B738-AB0E933E9ABE} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences was reset successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences was reset successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data was reset successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bohumil\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bohumil\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bohumil\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Bohumil\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Bohumil\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Bohumil\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=16 folders=5 350077 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Bohumil\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 18.02.2016 at 18:05:32,13 ======================
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:12:04, on 18.02.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)
CHROME: 50.0.2653.0

Boot mode: Normal

Running processes:
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
C:\Program Files\HotkeyP.exe
C:\Users\Bohumil\Downloads\Rainlendar2\Rainlendar2.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\Bohumil\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [jmekey] C:\windows\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O4 - HKLM\..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Bohumil\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [HotkeyP] C:\Program Files\HotkeyP.exe 0
O4 - HKCU\..\Run: [Rainlendar2] C:\Users\Bohumil\Downloads\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Google Photos Backup] "C:\Users\Bohumil\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Bohumil\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bohumil\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Služba Kaspersky Anti-Virus 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HiSuiteOuc64.exe - Unknown owner - C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - C:\WINDOWS\SysWOW64\ssins.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12137 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Bohumil\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bohumil\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"


Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[Max583]

# DelFix v1.011 - Logfile created 21/02/2016 at 07:30:51
# Updated 18/08/2015 by Xplode
# Username : Bohumil - LENOVO
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Bohumil\Desktop\AdwCleaner.exe
Deleted : C:\Users\Bohumil\Desktop\JRT.exe
Deleted : C:\Users\Bohumil\Desktop\HijackThis.exe
Deleted : C:\Users\Bohumil\Desktop\RogueKillerX64.exe
Deleted : C:\Users\Bohumil\Desktop\zoek.exe
Deleted : C:\Users\Bohumil\Downloads\HijackThis (1).exe
Deleted : C:\Users\Bohumil\Downloads\hijackthis.log
Deleted : C:\Users\Bohumil\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #16 [Windows Update | 01/29/2016 14:45:00]
Deleted : RP #18 [Naplánovaný kontrolní bod | 02/09/2016 08:39:50]
Deleted : RP #19 [Windows Update | 02/12/2016 09:57:15]
Deleted : RP #20 [Windows Update | 02/17/2016 09:50:32]
Deleted : RP #21 [JRT Pre-Junkware Removal | 02/18/2016 10:02:50]

New restore point created !

########## - EOF - ##########


Přestala mi chodit tiskárna s Offisů. Už jednou se mi to stalo po nějaký aktualizaci a zase se to rozchodilo po další aktualizaci. Teď to nejde zase ale až do poslední chvíle, před posledním příspěvkem ještě chodila. Z jiného programu jde jen Office s ní nekomunikují.

[jerabina]

To je zajímavé, my jsme na nic ohledně tiskárny nešahali.

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Max583]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Bohumil (administrator) on LENOVO (22-02-2016 10:33:31)
Running from C:\Users\Bohumil\Desktop
Loaded Profiles: Bohumil (Available Profiles: Bohumil)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
() C:\Windows\jmesoft\Service.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Petr Laštovička) C:\Program Files\HotkeyP.exe
() C:\Users\Bohumil\Downloads\Rainlendar2\Rainlendar2.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [212208 2015-09-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [396688 2015-07-17] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [74752 2015-09-29] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Run: [HotkeyP] => C:\Program Files\HotkeyP.exe [65536 2008-07-15] (Petr Laštovička)
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Run: [Rainlendar2] => C:\Users\Bohumil\Downloads\Rainlendar2\Rainlendar2.exe [2611808 2014-03-16] ()
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Run: [Google Photos Backup] => C:\Users\Bohumil\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3787080 2015-08-26] (Google, Inc)
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Policies\Explorer: [NoDrives] 0x00000003
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\MountPoints2: {92bc5892-7d98-11e5-8299-0025ab6d51bb} - "E:\autorun.exe"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 77.237.128.2 77.237.128.1 192.168.1.1
Tcpip\..\Interfaces\{2193845d-6135-4c28-a945-38763bbcd903}: [DhcpNameServer] 77.237.128.2 77.237.128.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM-x32 -> DefaultScope {FF1403E8-1CC7-4B3D-B408-27CC670C522F} URL =
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-23] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-10-23] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-23] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-10-23] (AO Kaspersky Lab)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> hxxp://seznam.cz/

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-11-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2167593211-4253963868-4146078775-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Bohumil\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2167593211-4253963868-4146078775-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Bohumil\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-12-04]

Chrome:
=======
CHR Profile: C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-17]
CHR Extension: (Docs) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Google Drive) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-02-17]
CHR Extension: (Google Sheets) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-17]
CHR Extension: (AdBlock) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-09-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-17]
CHR Extension: (Gmail) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/deta ... ihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/deta ... ihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-08-21] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138544 2015-05-20] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2015-05-20] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 ssinstall; C:\WINDOWS\SysWOW64\ssins.exe [2324216 2015-07-31] (PS Media s.r.o.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-08] (AO Kaspersky Lab)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
R3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-10-23] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-10-23] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-04] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-09-26] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-10-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3068672 2015-09-30] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-22 10:33 - 2016-02-22 10:34 - 00018548 _____ C:\Users\Bohumil\Desktop\FRST.txt
2016-02-22 10:33 - 2016-02-22 10:33 - 00000000 ____D C:\FRST
2016-02-22 10:31 - 2016-02-22 10:31 - 02371072 _____ (Farbar) C:\Users\Bohumil\Desktop\FRST64.exe
2016-02-21 07:32 - 2016-02-21 07:32 - 00001145 _____ C:\Users\Bohumil\Desktop\DelFix.txt
2016-02-21 07:27 - 2016-02-21 07:27 - 00000000 ____D C:\Users\Bohumil\Desktop\backups
2016-02-18 18:07 - 2016-02-18 18:07 - 00000000 ____D C:\Users\Bohumil\AppData\Local\ActiveSync
2016-02-18 18:03 - 2016-02-18 17:51 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-02-18 09:23 - 2016-02-18 09:23 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-18 09:23 - 2016-02-18 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-18 09:23 - 2016-02-18 09:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-18 09:23 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-18 09:23 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-18 09:23 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-17 16:31 - 2016-02-17 16:31 - 00000000 ____D C:\Users\Bohumil\AppData\Local\Bluestacks
2016-02-17 16:26 - 2016-02-17 16:27 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-02-17 16:22 - 2016-02-17 16:24 - 271802696 _____ (BlueStack Systems Inc.) C:\Users\Bohumil\Downloads\BlueStacks2_native.exe
2016-02-17 16:07 - 2016-02-17 16:07 - 00987728 _____ (Google Inc.) C:\Users\Bohumil\Downloads\ChromeSetup (1).exe
2016-02-17 15:34 - 2016-02-17 15:34 - 00000678 _____ C:\Users\Bohumil\Downloads\DisableLockScreen.zip
2016-02-12 11:31 - 2016-02-12 11:31 - 00106496 _____ C:\Users\Bohumil\Downloads\Dodatek smlouvy 051 (1).PDF
2016-02-12 10:48 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-12 10:48 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-12 10:48 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-12 10:48 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-12 10:48 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-12 10:48 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-12 10:48 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-12 10:48 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-12 10:48 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-12 10:48 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-12 10:48 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-12 10:48 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-12 10:48 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-12 10:48 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-12 10:48 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-12 10:48 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-12 10:48 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-12 10:48 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-12 10:48 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-12 10:48 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-12 10:48 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-12 10:48 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-12 10:48 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-12 10:48 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-12 10:48 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-12 10:48 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-12 10:48 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-12 10:48 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-12 10:48 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-12 10:48 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-12 10:48 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-12 10:48 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-12 10:48 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-12 10:48 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-12 10:48 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-12 10:48 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-12 10:48 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-12 10:48 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-12 10:48 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-12 10:48 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-12 10:48 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-12 10:48 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-12 10:48 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-12 10:48 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-12 10:48 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-12 10:48 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-12 10:48 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-12 10:48 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-12 10:48 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-12 10:48 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-12 10:48 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-12 10:48 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-12 10:48 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-12 10:48 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-12 10:48 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-12 10:48 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-12 10:48 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-12 10:48 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-12 10:48 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-12 10:48 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-12 10:48 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-12 10:48 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-12 10:48 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-12 10:48 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-12 10:48 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-09 14:09 - 2016-02-09 14:09 - 00006170 _____ C:\Users\Bohumil\Downloads\SmartShare_PC_SW%28DLNA%29.pdf
2016-02-09 13:08 - 2016-02-09 13:09 - 25639068 _____ C:\Users\Bohumil\Downloads\D_TEST_2016_01.pdf
2016-02-03 14:13 - 2016-02-03 14:22 - 439293630 _____ C:\Users\Bohumil\Downloads\Lollipop 5.1.zip
2016-01-29 10:27 - 2016-01-16 07:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-29 10:27 - 2016-01-16 07:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-29 10:27 - 2016-01-16 07:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-29 10:27 - 2016-01-16 07:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-29 10:27 - 2016-01-16 07:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-29 10:27 - 2016-01-16 07:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-29 10:27 - 2016-01-16 07:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-29 10:27 - 2016-01-16 07:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-29 10:27 - 2016-01-16 07:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-29 10:27 - 2016-01-16 07:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-29 10:27 - 2016-01-16 07:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-29 10:27 - 2016-01-16 07:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-29 10:27 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-29 10:27 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-29 10:27 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-29 10:27 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-29 10:27 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-29 10:27 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-29 10:27 - 2016-01-16 07:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-29 10:27 - 2016-01-16 07:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-29 10:27 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-29 10:27 - 2016-01-16 07:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-29 10:27 - 2016-01-16 06:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-29 10:27 - 2016-01-16 06:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-29 10:27 - 2016-01-16 06:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-29 10:27 - 2016-01-16 06:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-29 10:27 - 2016-01-16 06:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-29 10:27 - 2016-01-16 06:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-29 10:27 - 2016-01-16 06:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-29 10:27 - 2016-01-16 06:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-29 10:27 - 2016-01-16 06:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-29 10:27 - 2016-01-16 06:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-29 10:27 - 2016-01-16 06:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-29 10:27 - 2016-01-16 06:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-29 10:27 - 2016-01-16 06:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-29 10:27 - 2016-01-16 06:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-29 10:27 - 2016-01-16 06:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-29 10:27 - 2016-01-16 06:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-29 10:27 - 2016-01-16 06:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-29 10:27 - 2016-01-16 06:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-29 10:27 - 2016-01-16 06:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-29 10:27 - 2016-01-16 06:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-29 10:27 - 2016-01-16 06:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-29 10:27 - 2016-01-16 06:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-29 10:27 - 2016-01-16 06:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-29 10:27 - 2016-01-16 06:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-29 10:27 - 2016-01-16 06:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-29 10:27 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-29 10:27 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-29 10:27 - 2016-01-16 06:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-29 10:27 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-29 10:27 - 2016-01-16 06:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-29 10:27 - 2016-01-16 06:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-29 10:27 - 2016-01-16 06:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-29 10:27 - 2016-01-16 06:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-29 10:27 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-29 10:27 - 2016-01-16 06:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-29 10:27 - 2016-01-16 06:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-29 10:27 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-29 10:27 - 2016-01-16 06:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-29 10:27 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-29 10:27 - 2016-01-16 06:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-29 10:27 - 2016-01-16 06:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-29 10:27 - 2016-01-16 06:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-29 10:27 - 2016-01-16 06:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-29 10:27 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-29 10:27 - 2016-01-16 06:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-29 10:27 - 2016-01-16 06:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-29 10:27 - 2016-01-16 06:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-29 10:27 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-29 10:27 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-29 10:27 - 2016-01-16 06:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-29 10:27 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-29 10:27 - 2016-01-16 06:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-29 10:27 - 2016-01-16 06:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-29 10:27 - 2016-01-16 06:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-29 10:27 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-29 10:27 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-29 10:27 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-29 10:27 - 2016-01-16 06:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-29 10:27 - 2016-01-16 06:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-29 10:27 - 2016-01-16 06:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-29 10:27 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-29 10:27 - 2016-01-16 06:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-29 10:27 - 2016-01-16 06:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-29 10:27 - 2016-01-16 06:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-29 10:27 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-29 10:27 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-29 10:27 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-29 10:27 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-29 10:27 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-29 10:27 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-29 10:27 - 2016-01-16 06:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-29 10:27 - 2016-01-16 06:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-29 10:27 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-29 10:27 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-29 10:27 - 2016-01-16 06:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-29 10:27 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-29 10:27 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-29 10:27 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-29 10:27 - 2016-01-16 06:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-29 10:27 - 2016-01-16 06:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-29 10:27 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-29 10:27 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-29 10:27 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-29 10:27 - 2016-01-16 06:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-29 10:27 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-29 10:27 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-22 10:33 - 2015-09-21 13:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-22 10:32 - 2015-07-31 18:35 - 00000000 ____D C:\Users\Bohumil\Documents\Soubory aplikace Outlook
2016-02-22 10:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-22 10:25 - 2015-08-01 08:02 - 00004198 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FFA7102A-B417-4557-B83A-BD9454130D74}
2016-02-22 10:24 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-22 10:22 - 2015-09-11 16:26 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-22 10:19 - 2015-08-01 07:53 - 00000000 ____D C:\Users\Bohumil\.rainlendar2
2016-02-22 10:18 - 2015-11-20 13:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-22 10:18 - 2015-11-20 13:04 - 00000000 ____D C:\Users\Bohumil
2016-02-22 10:18 - 2015-11-20 13:00 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-22 10:18 - 2015-07-31 17:45 - 00000000 __SHD C:\Users\Bohumil\IntelGraphicsProfiles
2016-02-21 20:21 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-21 07:31 - 2015-09-22 14:32 - 00001145 _____ C:\DelFix.txt
2016-02-18 17:33 - 2015-09-16 19:44 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-02-18 15:59 - 2015-10-30 19:31 - 00751068 _____ C:\WINDOWS\system32\perfh005.dat
2016-02-18 15:59 - 2015-10-30 19:31 - 00151190 _____ C:\WINDOWS\system32\perfc005.dat
2016-02-18 15:59 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-18 15:59 - 2015-07-31 17:42 - 01774890 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-18 11:32 - 2015-09-17 14:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-17 16:32 - 2015-12-07 15:24 - 00001760 _____ C:\Users\Bohumil\Desktop\Vypnout.lnk
2016-02-17 16:31 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-17 16:12 - 2015-09-08 09:06 - 00002544 _____ C:\Users\Bohumil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2016-02-17 16:10 - 2015-07-31 17:56 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-17 11:44 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-17 10:53 - 2015-08-15 18:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-17 10:51 - 2015-08-15 18:35 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-12 16:41 - 2015-08-01 07:34 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-12 14:31 - 2015-10-30 19:35 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-12 10:58 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-04 11:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-03 20:01 - 2015-10-30 08:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-29 20:04 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 20:04 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 20:04 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 20:04 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 20:04 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 20:04 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 20:04 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr

==================== Files in the root of some directories =======

2015-08-10 16:29 - 2008-07-15 16:33 - 0065536 _____ (Petr Laštovička) C:\Program Files\HotkeyP.exe
2015-11-20 13:01 - 2015-11-20 13:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-17 10:59

==================== End of FRST.txt ============================

Je to na dvakrát je to moc velký

[Max583]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by Bohumil (2016-02-22 10:34:32)
Running from C:\Users\Bohumil\Desktop
Windows 10 Home Version 1511 (X64) (2015-11-20 12:23:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2167593211-4253963868-4146078775-500 - Administrator - Disabled)
Bohumil (S-1-5-21-2167593211-4253963868-4146078775-1001 - Administrator - Enabled) => C:\Users\Bohumil
DefaultAccount (S-1-5-21-2167593211-4253963868-4146078775-503 - Limited - Disabled)
Guest (S-1-5-21-2167593211-4253963868-4146078775-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.11 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
Freemake Video Converter verze 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Google Chrome Canary (HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Google Chrome SxS) (Version: 50.0.2653.0 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Google Photos Backup) (Version: 1.1.0.248 - Google, Inc.)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 41.003.55.00.06 - Huawei Technologies Co.,Ltd)
Integrated Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10120.11107 - Realtek Semiconductor Corp.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5723.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Seznam Instalátor (HKLM-x32\...\ssinstall) (Version: - Seznam.cz)
Seznam Software (HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\SeznamInstall) (Version: - Seznam.cz)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.9 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)
Smarty Uninstaller 4 (HKLM\...\{8C93EE3B-3DC3-46A8-92D5-DE0B7F185722}_is1) (Version: 4.2.1.0 - North American Solutions)
Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version: - File Recovery Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 8 Start menu 2.2 (HKLM-x32\...\Windows 8 Start menu_is1) (Version: - PS Media s.r.o.)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xerox Phaser 3020 XPS (Windows (HKLM-x32\...\Xerox Phaser 3020 XPS (Windows ) (Version: 3.03.13.02:11 - Xerox Corporation)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_CZ_is1) (Version: 16.0.1.9 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Bohumil\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Bohumil\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bohumil\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18D13FC4-7DE0-43DD-9E7A-77D6793DDDFB} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2015-12-10] (Lenovo)
Task: {20633BCC-AE8A-4991-806B-8E2FC42954D3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-08] (Piriform Ltd)
Task: {34001973-DC10-447F-AF0A-7F7E74502485} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {52A0A169-9A69-4D20-944E-A14C18B69AE3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-17] (Microsoft Corporation)
Task: {66473B43-F551-422D-B55E-A6EB1BA20D56} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {75699697-B942-4FD1-86A2-C80574017153} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {7903A59E-1767-41D5-9845-365A1635857F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {7DBF2F11-E932-4853-935C-C7CCC4B1CE44} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {914FA67B-7E72-4BF7-A7B2-0F04FE3E03E5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-11] (Adobe Systems Incorporated)
Task: {ADAB03D3-2AD4-4857-B590-B137AE46FD16} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {B7958610-09AD-41CA-8374-6E880D3A049E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {D432F7B6-08C0-4F98-A973-EB097AE61B3B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {FE48329C-86D6-4C6C-B9F2-03FA85B6BC22} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-08-24 10:42 - 2015-05-20 11:46 - 00138544 _____ () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
2014-11-04 10:06 - 2011-08-17 05:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2015-08-24 10:42 - 2015-05-20 11:46 - 00192304 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
2015-12-04 08:45 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-04 08:45 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-07-17 23:35 - 2015-07-17 23:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-18 12:58 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 12:58 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-15 10:25 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-15 10:25 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-29 10:27 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-29 10:27 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-03-16 18:42 - 2014-03-16 18:42 - 02611808 _____ () C:\Users\Bohumil\Downloads\Rainlendar2\Rainlendar2.exe
2016-01-26 16:40 - 2016-01-26 16:40 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-07-08 22:18 - 2015-07-08 22:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\kpcengine.2.3.dll
2012-05-16 20:01 - 2012-05-16 20:01 - 00140800 _____ () C:\Users\Bohumil\Downloads\Rainlendar2\lua52.dll
2014-03-14 11:11 - 2014-03-14 11:11 - 00250368 _____ () C:\Users\Bohumil\Downloads\Rainlendar2\libical.dll
2014-03-16 18:42 - 2014-03-16 18:42 - 00060512 _____ () C:\Users\Bohumil\Downloads\Rainlendar2\plugins\iCalendarPlugin.dll
2014-03-14 11:11 - 2014-03-14 11:11 - 00065024 _____ () C:\Users\Bohumil\Downloads\Rainlendar2\libicalss.dll
2012-06-17 14:22 - 2012-06-17 14:22 - 00012800 _____ () C:\Users\Bohumil\Downloads\Rainlendar2\lfs.dll
2016-01-26 16:40 - 2016-01-26 16:40 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-26 16:40 - 2016-01-26 16:40 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-11-04 10:05 - 2013-09-04 01:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2010-12-17 21:56 - 2010-12-17 21:56 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2010-01-13 01:55 - 2010-01-13 01:55 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2010-12-17 21:56 - 2010-12-17 21:56 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2010-12-16 21:16 - 2010-12-16 21:16 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2013-03-07 21:54 - 2013-03-07 21:54 - 00071680 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll
2010-01-18 08:34 - 2010-01-18 08:34 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2010-12-17 21:56 - 2010-12-17 21:56 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2013-03-07 21:53 - 2013-03-07 21:53 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2010-01-13 01:55 - 2010-01-13 01:55 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2013-03-07 21:55 - 2013-03-07 21:55 - 00472576 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2013-03-07 21:58 - 2013-03-07 21:58 - 00499488 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2013-03-07 21:54 - 2013-03-07 21:54 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-02-18 17:52 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bohumil\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{b8e51a7c-02af-466e-b343-bf9a5a4f7ccc}.jpg
DNS Servers: 77.237.128.2 - 77.237.128.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: lfsvc => 3
HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "jmesoft"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "Zoner Photo Studio Service 16"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_4C012B0ED3B9B62D2BB8574BEDF83FCD"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "Google Photos Backup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{FA5E779B-9E40-4FFA-B5E5-2CD068A6F77A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{BA3EC141-ED38-4178-A642-1ADD2AF36DB3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{D1DCEA3B-CBBD-4D2B-9500-B11E153BFD51}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{5820E510-94FB-4977-AA4B-5628F33E6020}C:\users\bohumil\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bohumil\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{95550A46-6857-4A56-A560-1E78B7D805ED}C:\users\bohumil\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bohumil\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{44B281DD-340C-4FF9-BB79-A95BBBC4A42D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{C7784EB7-F741-4072-82FD-11933CB865BB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{AF0617D4-A140-43DF-9AB9-6C7CD58F012C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{AA772A9F-F1DA-4C8F-A9CD-002E9684F1B0}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [TCP Query User{5B54D9EB-188E-48F4-AFF6-A37BA1B7A222}C:\users\bohumil\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bohumil\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{F9C175D2-79DD-4F4F-8EE6-EC951874DD3B}C:\users\bohumil\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bohumil\appdata\roaming\utorrent\utorrent.exe

==================== Restore Points =========================

21-02-2016 07:31:04 End of disinfection

==================== Faulty Device Manager Devices =============

Name: HID Non-User Input Data Filter
Description: HID Non-User Input Data Filter
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2016 07:31:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (02/18/2016 11:03:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (02/17/2016 04:32:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (02/17/2016 04:27:39 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (02/17/2016 10:53:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/17/2016 10:50:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (02/12/2016 10:59:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/12/2016 10:57:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (02/09/2016 09:40:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (02/08/2016 10:43:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.


System errors:
=============
Error: (02/22/2016 10:18:04 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: NuidFltr.sys

Error: (02/21/2016 08:21:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_24ca3 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (02/21/2016 08:21:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_24ca3 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (02/21/2016 08:21:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_24ca3 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (02/21/2016 08:21:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_24ca3 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (02/21/2016 08:21:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici

Error: (02/21/2016 08:06:28 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (02/21/2016 07:34:13 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (02/21/2016 07:21:17 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: NuidFltr.sys

Error: (02/21/2016 07:39:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_2eb0b byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.


CodeIntegrity:
===================================
Date: 2016-02-21 19:33:15.715
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-19 13:11:47.923
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-18 12:03:53.749
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-18 11:23:06.710
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-14 09:15:54.150
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-12 16:41:34.659
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-31 09:22:24.865
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-16 11:59:27.084
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-08 19:42:47.394
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-06 14:41:12.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G3250T @ 2.80GHz
Percentage of memory in use: 42%
Total physical RAM: 4008.91 MB
Available physical RAM: 2294.32 MB
Total Virtual: 4712.91 MB
Available Virtual: 2997.98 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:363.49 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0611DBD6)

Partition: GPT.

==================== End of Addition.txt ============================