Kontrola logu Vyřešeno

[Mackyyy]

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by ZDENEK on źt 13.09.2018 at 20:33:52,34.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ZDENEK\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

13.9.2018 20:37:07 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Adobe deleted successfully
C:\PROGRA~2\Seznam.cz deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\246b02000001bbc deleted successfully
C:\PROGRA~3\Client deleted successfully
C:\PROGRA~3\SeekerFoobar deleted successfully
C:\PROGRA~3\{8287f1dd-e2e4-55e0-8287-7f1dde2ec777} deleted successfully
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\ZDENEK\AppData\Roaming\086LM2Jwpkg11OpJ deleted successfully
C:\Users\ZDENEK\AppData\Roaming\WarThunder deleted successfully
C:\Users\ZDENEK\AppData\Roaming\Windows_Activator deleted successfully
C:\Users\Tata\AppData\Local\VirtualStore deleted successfully
C:\Users\ZDENEK\AppData\Local\Downloaded Installations deleted successfully
C:\Users\ZDENEK\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\ZDENEK\AppData\Local\EmieSiteList deleted successfully
C:\Users\ZDENEK\AppData\Local\EmieUserList deleted successfully
C:\Users\ZDENEK\AppData\Local\Notepad++ deleted successfully
C:\Users\ZDENEK\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully
HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully
HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\kq73xhhf.default\prefs.js:

Added to C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\kq73xhhf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\kq73xhhf.default

user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"addSearchEng
---- FireFox user.js and prefs.js backups ----

prefs_13.09.2018_2102_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Adobe not found
C:\PROGRA~2\Seznam.cz not found
C:\PROGRA~3\{8287f1dd-e2e4-55e0-8287-7f1dde2ec777} not found
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\PROGRA~2\MFT 1406 deleted
C:\Users\ZDENEK\AppData\Roaming\discord deleted
C:\Users\ZDENEK\.android deleted
C:\PROGRA~2\TuneUp-Utilities-2014-(+aktivace-a-CZ-Plne-Funkne!) deleted
C:\Users\ZDENEK\AppData\Roaming\libcurl-4.dll deleted
C:\Users\ZDENEK\AppData\Roaming\libcurl.dll deleted
C:\Users\ZDENEK\AppData\Roaming\libeay32.dll deleted
C:\Users\ZDENEK\AppData\Roaming\libgcc_s_dw2-1.dll deleted
C:\Users\ZDENEK\AppData\Roaming\libidn-11.dll deleted
C:\Users\ZDENEK\AppData\Roaming\libpdcurses.dll deleted
C:\Users\ZDENEK\AppData\Roaming\Microsoft.Win32.TaskScheduler.dll deleted
C:\Users\ZDENEK\AppData\Roaming\pthreadGC2-w64.dll deleted
C:\Users\ZDENEK\AppData\Roaming\pthreadGC2.dll deleted
C:\Users\ZDENEK\AppData\Roaming\ssleay32.dll deleted
C:\Users\ZDENEK\AppData\Roaming\zlib1.dll deleted
C:\Users\ZDENEK\AppData\Roaming\LogFile.txt deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\ZDENEK\AppData\Local\Unity deleted
C:\Users\ZDENEK\AppData\Local\CrashRpt deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-1762638149-875449985-1971150987-1000 deleted
C:\windows\SysNative\Tasks\AvastUpdateTaskMachineCore deleted
C:\windows\SysNative\Tasks\AvastUpdateTaskMachineUA deleted
C:\Users\ZDENEK\AppData\LocalLow\Unity deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWOW64\AniGIF.ocx deleted
C:\Users\ZDENEK\AppData\Roaming\Dibg.exe deleted
C:\Users\ZDENEK\AppData\Roaming\nircmd.exe deleted
"C:\Windows\Installer\bb407.msi" deleted
"C:\Users\ZDENEK\AppData\Roaming\winpmltspb6" deleted
"C:\ProgramData\systmsp2pb6" deleted
"C:\Users\ZDENEK\AppData\Roaming\PlaysTV\playstv.cfg" deleted
"C:\Users\Tata\AppData\Local\AVAST Software\APM\Tata\kv_pam.db" not deleted
"C:\Users\ZDENEK\AppData\Local\AVAST Software\APM\ZDENEKFfl2.dat" not deleted
"C:\Users\ZDENEK\AppData\Local\AVAST Software\APM\ZDENEK\kv_pam.db" not deleted
"C:\Users\ZDENEK\AppData\Roaming\PlaysTV" deleted
"C:\Users\Tata\AppData\Local\AVAST Software" not deleted
"C:\Users\ZDENEK\AppData\Local\AVAST Software" not deleted
"C:\Users\Tata\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\Tata\AppData\Local\AVAST Software\APM\Tata" not deleted
"C:\Users\ZDENEK\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\ZDENEK\AppData\Local\AVAST Software\APM\ZDENEK" not deleted

==== Orphaned Tasks deleted from Registry ======================

avastBCLRestartS-1-5-21-1762638149-875449985-1971150987-1000 deleted
AvastUpdateTaskMachineCore deleted
AvastUpdateTaskMachineUA deleted
Imperia Online D1 deleted
Imperia Online N deleted
Imperia Online W1 deleted
Imperia Online W2 deleted
Imperia Online W3 deleted
Imperia Online W4 deleted
Norton Product Installer deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\kq73xhhf.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\kq73xhhf.default
- __MSG_avastAppName__ - %ProfilePath%\extensions\sp@avast.com.xpi
- Avast Online Security - %ProfilePath%\extensions\wrc@avast.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\kq73xhhf.default
95E52427AEC3064F04ED9E3E74172DD3 - C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U181
6242C3450ED73A3A0D437CBA4BA18003 - C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.1810.13
F651A9401D130C314ED5B0C57909C4A0 - C:\Users\ZDENEK\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer
- C:\Users\ZDENEK\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - [?]
- C:\Program Files x86\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - [?]
81D6D6EE6226773449C5CBE9496EDAF6 - C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll - Microsoft® Silverlight
FC18E6D133877BE07C753552705A5B8C - C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll - Silverlight Plug-In


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Maminka\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Tata\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 69.0.3497.92
Opera Browser Version: 48.0.2685.32
Opera Browser Version: 55.0.2994.44
Opera Browser Version: 55.0.2994.56

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - No path found[]

Chrome Media Router - JIRKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Chrome Media Router - ZDENEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
undetermined - JIRKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.PNG

==== Chromium Fix ======================

C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{13552D3B-38FC-4021-BF31-BB920428C6EF}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{13552D3B-38FC-4021-BF31-BB920428C6EF} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
HKCU\SearchScopes\{CD58A60B-0F26-49C8-B0EC-5FAAF44C2D47} - http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415

==== Reset Google Chrome ======================

C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Tata\AppData\Local\Clover\User Data\Default\Preferences was reset successfully
C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\Preferences was reset successfully
C:\Users\ZDENEK\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\ZDENEK\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\ZDENEK\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencesgbak was reset successfully
C:\Users\ZDENEK\AppData\Local\Popcorn-Time\User Data\Default\Preferences was reset successfully
C:\Users\ZDENEK\AppData\Local\Popcorn-Time\User Data\Default\Secure Preferences was reset successfully
C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Preferences.backup was reset successfully
C:\Users\Maminka\Appdata\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Maminka\Appdata\Roaming\Opera Software\Opera Stable\Preferences.backup was reset successfully
C:\Users\Tata\Appdata\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Tata\Appdata\Roaming\Opera Software\Opera Stable\Preferences.backup was reset successfully
C:\Users\ZDENEK\Appdata\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\ZDENEK\Appdata\Roaming\Opera Software\Opera Stable\Preferences.backup was reset successfully
C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\ZDENEK\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\ZDENEK\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\ZDENEK\AppData\Local\Google\Chrome\User Data\Default\Web Datagbak was reset successfully
C:\Users\ZDENEK\AppData\Local\Popcorn-Time\User Data\Default\Web Data was reset successfully
C:\Users\ZDENEK\AppData\Local\Popcorn-Time\User Data\Default\Web Data-journal was reset successfully
C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
C:\Users\Maminka\Appdata\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Maminka\Appdata\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
C:\Users\Tata\Appdata\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Tata\Appdata\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
C:\Users\ZDENEK\Appdata\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\ZDENEK\Appdata\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Maminka\Desktop\Nová složkPre – zástupce.lnk -
C:\Users\Maminka\Desktop\Pohyb a zdraví.lnk -
C:\Users\Maminka\Desktop\Počítač – zástupce.lnk -
C:\Users\Maminka\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Maminka\Desktop\Word 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
C:\Users\Maminka\Desktop\Šotek\Open-Sankore – zástupce.lnk -
C:\Users\Tata\Desktop\Počítač – zástupce.lnk -
C:\Users\ZDENEK\Desktop\Hearts of Iron IV Death or Dishonor.lnk - C:\Program Files (x86)\Hearts of Iron IV Death or Dishonor\hoi4.exe
C:\Users\ZDENEK\Desktop\HP DeskJet 4670 series.lnk - C:\Program Files (x86)\HP\HP DeskJet 4670 series\Bin\HP DeskJet 4670 series.exe -Start UDCDevicePage
C:\Users\ZDENEK\Desktop\Sid Meiers Civilization VI.lnk - C:\Program Files (x86)\Sid Meiers Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
C:\Users\ZDENEK\Desktop\SinusBot.lnk - C:\SinusBot\sinusbot.exe
C:\Users\ZDENEK\Desktop\TeamSpeak 3 Client.lnk - C:\Users\ZDENEK\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\ZDENEK\Desktop\Warband Matchmaking Client.lnk - C:\Program Files (x86)\Warband Matchmaking Client\WBMM_Client.exe
C:\Users\ZDENEK\Desktop\World of Tanks.lnk - C:\Games\World_of_Tanks\WoTLauncher.exe
C:\Users\ZDENEK\Desktop\Programy\AMD OverDrive.lnk - C:\Program Files (x86)\AMD\OverDrive\AMD OverDrive.exe
C:\Users\ZDENEK\Desktop\Programy\ASUS GPU Tweak.lnk - C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
C:\Users\ZDENEK\Desktop\Programy\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\ZDENEK\Desktop\Programy\Avast Internet Security.lnk - C:\Program Files (x86)\AVAST Software\Avast\AvastUI.exe
C:\Users\ZDENEK\Desktop\Programy\Avast SafeZone.lnk - C:\Program Files (x86)\AVAST Software\Avast\AvastUI.exe /sfzonebrowser
C:\Users\ZDENEK\Desktop\Programy\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\ZDENEK\Desktop\Programy\Cheat Engine.lnk - C:\Program Files (x86)\Cheat Engine 6.4\Cheat Engine.exe
C:\Users\ZDENEK\Desktop\Programy\Clover.lnk - C:\Program Files (x86)\Clover\clover.exe
C:\Users\ZDENEK\Desktop\Programy\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\ZDENEK\Desktop\Programy\DeathTaker Driver Setting.lnk - C:\Program Files (x86)\Genius\DeathTaker\DTCfg.exe
C:\Users\ZDENEK\Desktop\Programy\Driver Booster 4.lnk - C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
C:\Users\ZDENEK\Desktop\Programy\Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\ZDENEK\Desktop\Programy\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
C:\Users\ZDENEK\Desktop\Programy\GIGABYTE FORCE.lnk - C:\Program Files (x86)\GIGABYTE FORCE\GIGABYTE FORCE.exe
C:\Users\ZDENEK\Desktop\Programy\HiSuite.lnk - C:\Program Files (x86)\HiSuite\HiSuite.exe
C:\Users\ZDENEK\Desktop\Programy\HP DeskJet 4670 series.lnk - C:\Program Files (x86)\HP\HP DeskJet 4670 series\Bin\HP DeskJet 4670 series.exe -Start UDCDevicePage
C:\Users\ZDENEK\Desktop\Programy\HP Photo Creations.lnk - C:\Users\ZDENEK\AppData\Roaming\HP Photo Creations\PhotoProduct.exe
C:\Users\ZDENEK\Desktop\Programy\HP Print and Scan Doctor.lnk - C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe
C:\Users\ZDENEK\Desktop\Programy\JDownloader 2.lnk - C:\Users\ZDENEK\AppData\Local\JDownloader v2.0\JDownloader2.exe
C:\Users\ZDENEK\Desktop\Programy\Objednání spotřebního materiálu - HP DeskJet 4670 series.lnk -
C:\Users\ZDENEK\Desktop\Programy\OpenOffice 4.1.3.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
C:\Users\ZDENEK\Desktop\Programy\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\ZDENEK\Desktop\Programy\Overwolf.lnk - C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
C:\Users\ZDENEK\Desktop\Programy\paint.net.lnk - C:\Program Files (x86)\paint.net\PaintDotNet.exe
C:\Users\ZDENEK\Desktop\Programy\Samsung AllShare.lnk - C:\Program Files (x86)\Samsung\AllShare\AllShare.exe
C:\Users\ZDENEK\Desktop\Programy\Skype.lnk - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Users\ZDENEK\Desktop\Programy\Spotify.lnk - C:\Users\ZDENEK\AppData\Roaming\Spotify\Spotify.exe
C:\Users\ZDENEK\Desktop\Programy\Spyware Terminator 2015.lnk - C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
C:\Users\ZDENEK\Desktop\Programy\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\ZDENEK\Desktop\Programy\TuneUp Utilities 2014.lnk - C:\Program Files (x86)\TuneUp Utilities 2014\Integrator.exe
C:\Users\ZDENEK\Desktop\Programy\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
C:\Users\ZDENEK\Desktop\Programy\uTorrent.lnk -
C:\Users\ZDENEK\Desktop\Programy\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\ZDENEK\Desktop\Programy\Vítejte u registrace produktu ASUS.lnk -
C:\Users\ZDENEK\Desktop\Programy\Webový odkaz na Centrum zdrojů I.R.I.S..lnk -
C:\Users\ZDENEK\Desktop\Programy\µTorrent.lnk -
C:\Users\ZDENEK\Desktop\Programy\Tor Browser\Start Tor Browser.lnk - C:\Users\ZDENEK\Desktop\Programy\Tor Browser\Browser\firefox.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Avast Driver Updater.lnk - C:\Windows\Installer\{D606EFF9-3813-4875-B455-AECD2E7B0676}\Icon.exe /byUser
C:\Users\Public\Desktop\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Prohlížeč Opera.lnk -
C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk - C:\Windows\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk - C:\Games\Star Wars-The Old Republic\launcher.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Tata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\ZDENEK\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\ZDENEK\AppData\Local\Microsoft\OneDrive\OneDrive.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --check-run=src=programs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater\Avast Driver Updater Help.lnk - C:\Windows\Installer\{D606EFF9-3813-4875-B455-AECD2E7B0676}\Icon.exe -help
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater\Avast Driver Updater.lnk - C:\Windows\Installer\{D606EFF9-3813-4875-B455-AECD2E7B0676}\Icon.exe /byUser
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Star Wars - The Old Republic.lnk - C:\Games\Star Wars-The Old Republic\launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\SWTOR Customer Support.lnk - C:\Games\Star Wars-The Old Republic\SWTOR Customer Support.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Uninstall Star Wars - The Old Republic.lnk - C:\Program Files (x86)\Common Files\BioWare\Uninstall Star Wars - The Old Republic.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\View License.lnk - C:\games\Star Wars-The Old Republic\EUALAs\EUALA_en.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\View Readme.lnk - C:\Games\Star Wars-The Old Republic\readmes\readme_en.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\STAR WARS™ The Old Republic™.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_181\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_181\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_181\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe /LOG
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Nexus Mod Manager (Trace Mode).lnk - C:\Program Files\Nexus Mod Manager\NexusClient.exe -trace
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Nexus Mod Manager.lnk - C:\Program Files\Nexus Mod Manager\NexusClient.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Uninstall Nexus Mod Manager.lnk - C:\Program Files\Nexus Mod Manager\uninstall\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office\Database Compare.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office\Jazykové předvolby Office.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office\Office Upload Center.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office\Protokol telemetrie pro Office.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office\Spreadsheet Compare.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office\Správce nahrávek Skypu pro firmy.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office\Řídicí panel telemetrie pro Office.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Virus Removal Tool\Sophos Virus Removal Tool.lnk - C:\Windows\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\JIRKA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --check-run=src=quicklaunch
C:\Users\JIRKA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\JIRKA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\JIRKA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\JIRKA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Maminka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --check-run=src=quicklaunch
C:\Users\Maminka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Maminka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Maminka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Maminka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Maminka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Maminka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Maminka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Tata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --check-run=src=quicklaunch
C:\Users\Tata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Tata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Tata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Tata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --check-run=src=quicklaunch
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk - C:\Users\ZDENEK\AppData\Local\JDownloader v2.0\JDownloader2.exe
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk - C:\Program Files (x86)\Samsung\AllShare\AllShare.exe
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk - C:\Users\ZDENEK\AppData\Local\Popcorn-Time\Popcorn-Time.exe --user-data-dir="C:\Users\ZDENEK\AppData\Local\Popcorn-Time\User Data"
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\956dcf162a936b0d\Heroes and generals.lnk - C:\Program Files (x86)\Steam\Steam.exe steam://run/227940
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d78513a8998829c\pinned.lnk -
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9f3c4e946e7a4cf\League of Legends.lnk - C:\Program Files (x86)\League of Legends\LeagueClient.exe
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OneNote 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PowerPoint 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Prohlížeč Opera.lnk -
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

==== shortcuts After Repair ======================

C:\Users\ZDENEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk - C:\Users\ZDENEK\AppData\Local\Popcorn-Time\Popcorn-Time.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9FFE606D318357844B55EADCE2B76067 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D606EFF9-3813-4875-B455-AECD2E7B0676} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9FFE606D318357844B55EADCE2B76067 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaysTV deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ZDENEK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\JIRKA\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Maminka\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Tata\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\ZDENEK\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\ZDENEK\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\ZDENEK\AppData\Local\Popcorn-Time\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1506 folders=627 218829048 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\JIRKA\AppData\Local\Temp emptied successfully
C:\Users\Maminka\AppData\Local\Temp emptied successfully
C:\Users\Tata\AppData\Local\Temp emptied successfully
C:\Users\ZDENEK\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ZDENEK\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Tata\AppData\Local\AVAST Software\APM\Tata\kv_pam.db" not found
"C:\Users\ZDENEK\AppData\Local\AVAST Software\APM\ZDENEKFfl2.dat" not found
"C:\Users\ZDENEK\AppData\Local\AVAST Software\APM\ZDENEK\kv_pam.db" not found
"C:\Users\Tata\AppData\Local\AVAST Software" not found
"C:\Users\ZDENEK\AppData\Local\AVAST Software" not found

==== EOF on źt 13.09.2018 at 21:13:44,86 ======================

[Reklama]

[Mackyyy]

C:\ProgramData\RogueKiller\Logs --- tam to najdeš i v textáku.

Právě, že tam jsou jen dva logy, ranní a teď tenhle večerní, ale oba jsou v tomto formátu.

[Mackyyy]

Zemana AntiMalware 2.74.2.150 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2018.9.13
Operating System : Windows 7 64-bit
Processor : 6X AMD FX(tm)-6300 Six-Core Processor
BIOS Mode : Legacy
CUID : 12C48EBDB615467C4FE8B3
Scan Type : Skenování systému
Duration : 17m 16s
Scanned Objects : 232827
Detected Objects : 4
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Tabs Hijack (System)
Status : Skenováno
Object : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Potenciálně nechtěné modifikace
Cleaning Action : Opravit
Related Objects :
Záznam registru - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs = www.google.com

Chrome Shortcut
Status : Skenováno
Object : --app=
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Shortcut

wrc@avast.com
Status : Skenováno
Object : %appdata%\mozilla\firefox\profiles\kq73xhhf.default\extensions\wrc@avast.com.xpi
MD5 : 72F7EBB68166E86CBDB80B0528464938
Publisher : -
Size : 789048
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Opravit
Related Objects :
Rozšíření prohlížeče - wrc@avast.com
Soubor - %appdata%\mozilla\firefox\profiles\kq73xhhf.default\extensions\wrc@avast.com.xpi

Připojení k místní síti
Status : Skenováno
Object : Připojení k místní síti 217.31.204.130
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Změna DNS serverů
Cleaning Action : Opravit
Related Objects :
Server DNS - Připojení k místní síti : 217.31.204.130


Cleaning Result
-------------------------------------------------------
Cleaned : 4
Reported as safe : 0
Failed : 0

[jaro3]

tak udělej nový sken RK , zda se vše smazalo.

[Mackyyy]

ComboFix 18-08-08.01 - ZDENEK 13.09.2018 21:50:24.1.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8190.5966 [GMT 2:00]
Spuštěný z: c:\users\ZDENEK\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\pre_fileassoc.tmp
c:\users\ZDENEK\AppData\Roaming\kernel
c:\users\ZDENEK\AppData\Roaming\kernel\aes_helper.cl
c:\users\ZDENEK\AppData\Roaming\kernel\alexkarnew.cl
c:\users\ZDENEK\AppData\Roaming\kernel\alexkarold.cl
c:\users\ZDENEK\AppData\Roaming\kernel\animecoin.cl
c:\users\ZDENEK\AppData\Roaming\kernel\blake.cl
c:\users\ZDENEK\AppData\Roaming\kernel\bmw.cl
c:\users\ZDENEK\AppData\Roaming\kernel\ckolivas.cl
c:\users\ZDENEK\AppData\Roaming\kernel\cubehash.cl
c:\users\ZDENEK\AppData\Roaming\kernel\darkcoin.cl
c:\users\ZDENEK\AppData\Roaming\kernel\echo.cl
c:\users\ZDENEK\AppData\Roaming\kernel\fugue.cl
c:\users\ZDENEK\AppData\Roaming\kernel\fuguecoin.cl
c:\users\ZDENEK\AppData\Roaming\kernel\groestl.cl
c:\users\ZDENEK\AppData\Roaming\kernel\groestlcoin.cl
c:\users\ZDENEK\AppData\Roaming\kernel\hamsi.cl
c:\users\ZDENEK\AppData\Roaming\kernel\hamsi_helper.cl
c:\users\ZDENEK\AppData\Roaming\kernel\inkcoin.cl
c:\users\ZDENEK\AppData\Roaming\kernel\jh.cl
c:\users\ZDENEK\AppData\Roaming\kernel\keccak.cl
c:\users\ZDENEK\AppData\Roaming\kernel\luffa.cl
c:\users\ZDENEK\AppData\Roaming\kernel\myriadcoin-groestl.cl
c:\users\ZDENEK\AppData\Roaming\kernel\panama.cl
c:\users\ZDENEK\AppData\Roaming\kernel\psw.cl
c:\users\ZDENEK\AppData\Roaming\kernel\quarkcoin.cl
c:\users\ZDENEK\AppData\Roaming\kernel\qubitcoin.cl
c:\users\ZDENEK\AppData\Roaming\kernel\shavite.cl
c:\users\ZDENEK\AppData\Roaming\kernel\sifcoin.cl
c:\users\ZDENEK\AppData\Roaming\kernel\simd.cl
c:\users\ZDENEK\AppData\Roaming\kernel\skein.cl
c:\users\ZDENEK\AppData\Roaming\kernel\twecoin.cl
c:\users\ZDENEK\AppData\Roaming\kernel\x11mod.cl
c:\users\ZDENEK\AppData\Roaming\kernel\zuikkis.cl
c:\users\ZDENEK\AppData\Roaming\Local
c:\users\ZDENEK\AppData\Roaming\Local\Microsoft\Windows\GameExplorer\GameuxInstallHelper.dll
c:\windows\SysWow64\UNWISE.EXE
X:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2018-08-13 do 2018-09-13 )))))))))))))))))))))))))))))))
.
.
2018-09-13 19:25 . 2018-09-13 19:25 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2018-09-13 19:25 . 2018-09-13 19:25 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2018-09-13 19:25 . 2018-09-13 19:25 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2018-09-13 19:25 . 2018-09-13 19:25 -------- d-----w- c:\users\ZDENEK\AppData\Local\Zemana
2018-09-13 19:21 . 2018-09-13 19:21 -------- d-----w- c:\users\ZDENEK\AppData\Local\Notepad++
2018-09-13 19:15 . 2018-09-13 19:29 -------- d-----w- c:\users\ZDENEK\AppData\Local\AVAST Software
2018-09-13 19:11 . 2014-02-13 21:59 24064 ----a-w- c:\windows\zoek-delete.exe
2018-09-13 19:11 . 2018-09-13 19:58 -------- d-----w- c:\users\ZDENEK\AppData\Local\Temp
2018-09-13 18:33 . 2018-09-13 19:05 -------- d-----w- C:\zoek_backup
2018-09-13 06:27 . 2018-09-13 06:27 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-09-13 06:27 . 2018-09-13 06:27 -------- d-----w- c:\programdata\RogueKiller
2018-09-12 21:35 . 2018-09-12 21:35 -------- d-----w- c:\programdata\Sophos
2018-09-12 21:34 . 2018-09-12 21:34 -------- d-----w- c:\program files (x86)\Sophos
2018-09-12 20:32 . 2018-09-12 20:32 -------- d-----w- c:\users\ZDENEK\AppData\Local\mbam
2018-09-12 20:31 . 2018-07-12 06:42 152688 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-09-12 20:12 . 2018-09-13 09:42 -------- d-----w- c:\users\ZDENEK\AppData\Local\AMD
2018-09-09 11:13 . 2018-09-09 11:14 -------- d-----w- c:\program files (x86)\Warband Matchmaking Client
2018-09-08 07:39 . 2018-09-08 07:39 -------- d-----r- c:\windows\SysWow64\config\systemprofile\OneDrive
2018-09-08 07:26 . 2018-08-30 03:11 3523136 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll
2018-08-30 19:11 . 2018-08-30 19:10 379608 ----a-w- c:\windows\system32\aswBoot.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-09-13 19:11 . 2016-10-13 19:40 65536 ----a-w- c:\windows\system32\spu_storage.bin
2018-09-12 19:07 . 2015-01-18 18:45 215920 ----a-w- c:\windows\system32\drivers\aswStm.sys
2018-09-12 16:41 . 2015-12-22 23:04 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-09-12 16:41 . 2015-12-22 23:04 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-09-11 16:03 . 2015-01-18 18:45 163392 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2018-09-08 07:31 . 2015-01-25 15:30 3764264 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2018-09-04 15:11 . 2015-01-18 18:45 467320 ----a-w- c:\windows\system32\drivers\aswSP.sys
2018-08-30 19:11 . 2015-01-18 18:45 87904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2018-08-30 19:10 . 2015-01-18 18:45 46968 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2018-08-30 19:10 . 2015-01-18 18:45 381560 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2018-08-30 19:10 . 2017-11-17 12:25 199712 ----a-w- c:\windows\system32\drivers\aswArPot.sys
2018-08-30 19:10 . 2015-01-18 18:45 111864 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2018-08-30 19:10 . 2015-01-18 18:45 1027720 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2018-08-30 19:10 . 2017-12-25 09:23 249016 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2018-08-30 19:10 . 2017-03-09 16:47 59568 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2018-08-30 19:10 . 2017-03-09 16:47 346664 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2018-08-30 19:10 . 2017-03-09 16:47 229384 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2018-08-30 19:10 . 2017-03-09 16:47 201320 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2018-08-16 16:54 . 2018-05-16 17:38 62091672 ----a-w- c:\users\ZDENEK\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe
2018-08-06 20:25 . 2018-08-06 20:25 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2018-08-06 20:24 . 2015-01-22 15:56 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2018-07-22 21:50 . 2018-07-22 21:50 27888 ----a-w- c:\windows\system32\wiperrm.exe
2018-07-20 17:10 . 2015-01-19 16:36 110968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2018-08-13 13:12 1389216 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2018-08-13 13:12 1389216 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2018-08-13 13:12 1389216 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2018-08-13 13:12 1389216 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2018-08-13 13:12 1389216 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2018-08-27 55624]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2016-04-07 3639280]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"HP DeskJet 4670 series (NET)"="c:\program files\HP\HP DeskJet 4670 series\Bin\ScanToPCActivationApp.exe" [2017-04-06 3770504]
"Spotify Web Helper"="c:\users\ZDENEK\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2017-07-15 1431664]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2018-06-24 18385368]
"GalaxyClient"="c:\program files (x86)\GOG Galaxy\GalaxyClient.exe" [2018-09-12 6881864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
.
c:\users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Poslat do aplikace OneNote.lnk - c:\program files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr [2017-10-17 172000]
.
c:\users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Poslat do aplikace OneNote.lnk - c:\program files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr [2017-10-17 172000]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *????????? ????????
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"VICTORY Gaming Keyboard"="c:\program files (x86)\Gaming Keyboard\Monitor.exe"
"DeathTaker"=c:\program files (x86)\Genius\DeathTaker\mousehid.exe
.
R2 AODDriver4.2;AODDriver4.2;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [x]
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
R2 avast;Služba %1!s! Update (avast);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 avastm;Služba %1!s! Update (avastm);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 CorsairVBusDriver;Corsair Bus;c:\windows\system32\DRIVERS\CorsairVBusDriver.sys;c:\windows\SYSNATIVE\DRIVERS\CorsairVBusDriver.sys [x]
R3 CorsairVHidDriver;Corsair virtual device;c:\windows\system32\DRIVERS\CorsairVHidDriver.sys;c:\windows\SYSNATIVE\DRIVERS\CorsairVHidDriver.sys [x]
R3 cpuz137;cpuz137;c:\users\ZDENEK\AppData\Local\Temp\cpuz137\cpuz137_x64.sys;c:\users\ZDENEK\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 ew_usbccgpfilter;HwHandSet_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbccgpfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbccgpfilter.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 GalaxyClientService;GalaxyClientService;c:\program files (x86)\GOG Galaxy\GalaxyClientService.exe;c:\program files (x86)\GOG Galaxy\GalaxyClientService.exe [x]
R3 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 HnGSteamService;Heroes & Generals Steam Service;c:\program files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe;c:\program files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
R4 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3.0;AODDriver4.3.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 FoxitReaderService;Foxit Reader Service;c:\program files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [x]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 AmUStor;Al USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 VBAudioVACMME;VB-Audio Virtual Cable (WDM);c:\windows\system32\DRIVERS\vbaudio_cable64_win7.sys;c:\windows\SYSNATIVE\DRIVERS\vbaudio_cable64_win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ZAM
*NewlyCreated* - ZAM_GUARD
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}]
2018-08-20 17:25 1898280 ----a-w- c:\program files (x86)\AVAST Software\Browser\Application\68.0.746.59\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2018-08-13 13:13 1637416 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2018-08-13 13:13 1637416 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2018-08-13 13:13 1637416 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2018-08-13 13:13 1637416 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2018-08-13 13:13 1637416 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-08-30 19:10 1848536 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-08-30 19:10 1848536 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2017-10-18 18381792]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-08-30 242392]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
Trusted Zone: sharepoint.com\gymst
Trusted Zone: sharepoint.com\gymst-files
Trusted Zone: sharepoint.com\gymst-my
Trusted Zone: sharepoint.com\gymst-myfiles
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{d992c12e-cab2-426f-bde3-fb8c53950b0d} - c:\programdata\Package Cache\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\VC_redist.x64.exe
AddRemove-{e2803110-78b3-4664-a479-3611a381656a} - c:\programdata\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
AddRemove-Akamai - c:\users\ZDENEK\AppData\Local\Akamai\uninstall.exe
AddRemove-FXAA Post Process Injector - c:\program files (x86)\Steam\steamapps\common\Skyrim\Uninstal.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f1,24,55,61,26,4a,53,c1,c5,66,15,f7,ea,37,43,89,d8,b0,90,b6,ba,e7,8d,
05,19,ea,78,f4,d7,34,f8,80,f4,d1,31,c2,56,59,5b,a6,5e,56,fc,6c,77,15,b3,03,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\SecuROM\License information*]
"datasecu"=hex:fe,4f,dd,1f,32,35,ee,ea,d2,5f,20,e3,fa,cc,f7,01,51,b3,c4,03,9b,
cf,fa,dd,a9,ed,42,d6,0e,5a,6f,35,d7,c8,8f,a2,5d,46,dd,7d,9c,25,69,88,cc,5a,\
"rkeysecu"=hex:b5,c9,e5,f9,35,0d,12,cd,ec,89,f0,74,71,cf,e1,9d
.
[HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Control Panel\Desktop*]
@Allowed: (Read) (RestrictedCode)
"WheelScrollLines"="7"
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2018-09-13 22:01:13
ComboFix-quarantined-files.txt 2018-09-13 20:01
.
Před spuštěním: Volných bajtů: 140 631 527 424
Po spuštění: Volných bajtů: 139 805 831 168
.
- - End Of File - - 3A38D1B6266BB99029EE2991ECC07314
A36C5E4F47E84449FF07ED3517B43A31

[Mackyyy]

tak udělej nový sken RK , zda se vše smazalo.

Dobře.

[Mackyyy]

Pomocí Notepadu se mi to povedlo předělat. Takže tady to je.

RogueKiller V12.13.0.0 (x64) [Sep 10 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : ZDENEK [Práva správce]
Started from : C:\Users\ZDENEK\Desktop\RogueKiller_portable64.exe
Mód : Smazat -- Datum : 09/13/2018 08:27:54 (Duration : 00:40:20)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 21 ¤¤¤
[Adw.Softcnapp] (X64) HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Clover -> Smazáno
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\IM -> Smazáno
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\WebApp -> Smazáno
[Adw.Softcnapp] (X86) HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Clover -> Smazáno
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\IM -> Smazáno
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\WebApp -> Smazáno
[Adw.Softcnapp] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Clover -> Smazáno
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Bar : https://www.seznam.cz/?clid=22668 -> Nahrazeno (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : https://www.seznam.cz/?clid=22668 -> Nahrazeno (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : https://www.seznam.cz/?clid=22668 -> Nahrazeno (http://search.msn.com/spbasic.htm)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{4910DED9-7F16-4018-BA5A-7AD83A5C594F}C:\users\zdenek\appdata\local\popcorn-time\popcorn-time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\zdenek\appdata\local\popcorn-time\popcorn-time.exe|Name=popcorn-time.exe|Desc=popcorn-time.exe|Defer=User| [-] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{6DFCE1A6-85A6-485E-85BB-9CA880DFEDBC}C:\users\zdenek\appdata\local\popcorn-time\popcorn-time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\zdenek\appdata\local\popcorn-time\popcorn-time.exe|Name=popcorn-time.exe|Desc=popcorn-time.exe|Defer=User| [-] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{4910DED9-7F16-4018-BA5A-7AD83A5C594F}C:\users\zdenek\appdata\local\popcorn-time\popcorn-time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\zdenek\appdata\local\popcorn-time\popcorn-time.exe|Name=popcorn-time.exe|Desc=popcorn-time.exe|Defer=User| [-] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{6DFCE1A6-85A6-485E-85BB-9CA880DFEDBC}C:\users\zdenek\appdata\local\popcorn-time\popcorn-time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\zdenek\appdata\local\popcorn-time\popcorn-time.exe|Name=popcorn-time.exe|Desc=popcorn-time.exe|Defer=User| [-] -> Smazáno
[PUM.Desktop] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Smazáno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Control Panel\Desktop | SCRNSAVE.EXE : C:\Windows\DOGLIC~1.scr [x] -> Nahrazeno (C:\Windows\system32\logon.scr)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 10 ¤¤¤
[PUP.HackTool][Složka] C:\Windows\AutoKMS -> Smazáno
[PUP.HackTool][Soubor] C:\Windows\AutoKMS\AutoKMS.log -> Smazáno
[Adw.Softcnapp][Složka] C:\Users\ZDENEK\AppData\Local\Clover -> Odstran?no p?i restartu [91]
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\87FB.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\Bookmarks -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\Bookmarks.bak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\Current Session -> Odstran?no p?i restartu [20]
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\Current Tabs -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85B9.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85CA.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85CB.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85CC.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85CD.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85CE.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85DF.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85E0.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85E1.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85E2.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85E3.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85F3.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85F4.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85F5.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85F6.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85F7.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\85F8.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\8609.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\860A.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\860B.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\860C.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\860D.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\861D.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\861E.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\861F.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\8620.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\8621.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\8632.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\8633.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\8634.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\8635.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\8636.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\8637.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\8648.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\8649.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\864A.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\864B.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\865B.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\865C.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons\865D.tmp -> Smazáno
[Adw.Softcnapp][Složka] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIcons -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A147.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A158.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A159.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A15A.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A15B.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A15C.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A16C.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A16D.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A16E.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A16F.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A170.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A181.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A182.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A183.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A184.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A185.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A195.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A196.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A197.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A198.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1A9.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1AA.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1AB.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1AC.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1AD.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1BE.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1BF.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1C0.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1C1.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1C2.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1C3.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1D3.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1D4.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1D5.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1D6.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1D7.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1E8.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1E9.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1EA.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1EB.tmp -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld\A1EC.tmp -> Smazáno
[Adw.Softcnapp][Složka] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\JumpListIconsOld -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\Last Session -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\Last Tabs -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default\Preferences -> Smazáno
[Adw.Softcnapp][Složka] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Default -> Odstran?no p?i restartu [91]
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\First Run -> Smazáno
[Adw.Softcnapp][Soubor] C:\Users\ZDENEK\AppData\Local\Clover\User Data\Local State -> Smazáno
[Adw.Softcnapp][Složka] C:\Users\ZDENEK\AppData\Local\Clover\User Data -> Odstran?no p?i restartu [91]
[Tr.Gen0][Složka] C:\Users\ZDENEK\AppData\Local\syslog -> Smazáno
[Adw.Softcnapp][Složka] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover -> Smazáno
[Adw.Softcnapp][Soubor] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover\Clover.lnk -> Smazáno
[Adw.Softcnapp][Soubor] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover\Uninstall Clover.lnk -> Smazáno
[PUP.Gen1][Složka] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genius -> Smazáno
[PUP.Gen1][Soubor] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genius\DeathTaker\DeathTaker Driver Setting.lnk -> Smazáno
[PUP.Gen1][Soubor] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genius\DeathTaker\Odinstalovat aplikaci .lnk -> Smazáno
[PUP.Gen1][Složka] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genius\DeathTaker -> Smazáno
[Adw.Softcnapp][Složka] C:\Program Files (x86)\Clover -> Odstran?no p?i restartu [20]
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\clover.dll -> Odstran?no p?i restartu [5]
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\clover.exe -> Odstran?no p?i restartu [5]
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\License.txt -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\am.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\ar.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\bg.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\bn.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\ca.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\cs.pak -> Odstran?no p?i restartu [20]
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\da.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\de.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\el.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\en-GB.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\en-US.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\es-419.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\es.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\et.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\fa.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\fi.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\fil.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\fr.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\gu.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\he.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\hi.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\hr.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\hu.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\id.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\it.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\ja.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\kn.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\ko.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\lt.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\lv.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\ml.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\mr.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\ms.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\nb.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\nl.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\pl.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\pt-BR.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\pt-PT.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\ro.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\ru.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\sk.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\sl.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\sr.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\sv.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\sw.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\ta.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\te.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\th.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\tr.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\uk.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\vi.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\zh-CN.pak -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\locales\zh-TW.pak -> Smazáno
[Adw.Softcnapp][Složka] C:\Program Files (x86)\Clover\locales -> Odstran?no p?i restartu [91]
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\TabHelper32.dll -> Smazáno
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\TabHelper64.dll -> Odstran?no p?i restartu [5]
[Adw.Softcnapp][Soubor] C:\Program Files (x86)\Clover\uninst.exe -> Smazáno
[PUP.Gen1][Složka] C:\Program Files (x86)\Genius -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\config.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\DTCfg.exe -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\arrow_01.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\arrow_02.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\BE_GUI011.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\AdvanceSetting_icon.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\AdvanceSetting_m01.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\AdvanceSetting_m01.PNG -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\AngleSnapping.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\AssignButton_icon.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\AssignButton_m01.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\Close_icon.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\DeathTaker_Logo.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\DPISetting_Stage.PNG -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\EnableX-Y.PNG -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\GameIcon.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\GameProfiles.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\GameProfiles.PNG -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\GameProfile_Icon.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\GILA LOGO.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\GX_icon.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\Help_icon.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\Help_m01.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\Help_m02.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\LaunchProgram.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\LightOption_icon.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\LightOption_m01.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\LightOption_m01.PNG -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\LoadProfile.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\LV.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\main_m01.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\main_m01.PNG -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\main_m02.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\main_m03.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\ManageMacro_icon.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\ManageMacro_m01.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\ManageMacro_m02.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\ManageMacro_m03.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\ManageMacro_m04.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\ManageMacro_m05.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\Maurus_icon.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\Min_icon.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\Next.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\Play.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\Pre.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\Record.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\Reset_icon.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\SaveProfile.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\seclect.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\sniper.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\StageSetting.PNG -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker\Stop.png -> Smazáno
[PUP.Gen1][Složka] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\DeathTaker -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\help2_1.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\help2_2.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\help_2.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\help_3.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\help_3a.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\help_3ab.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\help_4.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\help_4a.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image\help_4c.jpg -> Smazáno
[PUP.Gen1][Složka] C:\Program Files (x86)\Genius\DeathTaker\Help\+_image -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Arabic.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Bulgarian.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Czech.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_en.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_French.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_German.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Hungarian.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Indonesian.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Italian.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_jp.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Kazakh.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_ko.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Polish.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_PortugueseBrazil.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Romanian.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Russian.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_SC.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Serbian.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Slovak.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Spanish.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_TC.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Thai.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Turkish.html -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\Help\UserInterfaceSetupGuide_Ukrainian.html -> Smazáno
[PUP.Gen1][Složka] C:\Program Files (x86)\Genius\DeathTaker\Help -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\help.txt -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\HIDApi.dll -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\HidDevice.dll -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\KBHook.dll -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\mousehid.exe -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\OSD.exe -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\advanced_down.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\advanced_normal.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\advanced_over.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\arrow_down.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\arrow_down_disable.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\arrow_up.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\arrow_up_disable.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_d.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_d.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_down.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_down1.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_mask.bmp -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_mask1.bmp -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_n.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_n.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_n2.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_normal.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_normal1.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_o.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_o.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_over.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\button_menu_over1.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\color_down.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\color_normal.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\color_over.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\create_macro_down.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\create_macro_normal.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\create_macro_over.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\dpi_stage_disable.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\dpi_stage_disable1.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\dpi_stage_down.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\dpi_stage_mask.bmp -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\dpi_stage_normal.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\dpi_stage_normal1.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\dpi_stage_over.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\dpi_stage_over1.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\macro switch_mask.bmp -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\Macro_down.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\macro_mask.bmp -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\macro_normal.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\Macro_over.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\macro_switch_d.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\macro_switch_mask.bmp -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\macro_switch_n.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\macro_switch_o.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\main_down.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\main_mask.bmp -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\main_normal.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\main_over.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\manage macro_down.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\manage macro_normal.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\manage macro_over.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\menu.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\menu_down.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\menu_mask.bmp -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\menu_normal.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\menu_over.png -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\single key_mask.bmp -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\skin_advance.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\skin_color.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\skin_create_macro.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\skin_dpi_stage.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\skin_macro.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\skin_main.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\skin_menu.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\skin_no_mouse.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\skin_reset.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\skin_select_macro.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\skin_singlekey.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\skin_unplug.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\skin_warn.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\string_trayicon.ini -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\Thumbs.db -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\updatebar_Mask.bmp -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\updatebar_n.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\updatebar_o.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\warning_down.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\warning_mask.bmp -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\warning_normal.jpg -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\skins\warning_over.jpg -> Smazáno
[PUP.Gen1][Složka] C:\Program Files (x86)\Genius\DeathTaker\skins -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Genius\DeathTaker\trayicon.exe -> Smazáno
[PUP.Gen1][Složka] C:\Program Files (x86)\Genius\DeathTaker -> Smazáno
[PUP.Gen1][Složka] C:\Program Files (x86)\Popcorn Time -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Popcorn Time\init.txt -> Smazáno
[PUP.Gen1][Soubor] C:\Program Files (x86)\Popcorn Time\Updater.exe -> Smazáno
[PUP.AutoIt.Gen][Soubor] C:\Program Files (x86)\Sid Meiers Civilization VI\CivilizationVI.exe -> Smazáno
[PUP.AutoIt.Gen][Soubor] C:\Program Files (x86)\SimCity 2013 Offline\En_Laucher.exe -> Smazáno

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DX001-1CM162-SSHD ATA Device +++++
--- User ---
[MBR] a3aac6b77c87c65f96bf70ac8821c4a1
[BSP] 3836c52fd0fcf6f0aa4b27a6c7e6e0b1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476736 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 976562176 | Size: 477030 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic USB CF Reader +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB SM Reader +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB MS Reader +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\users\ZDENEK\AppData\Local\Temp\cpuz137\cpuz137_x64.sys

Driver::
cpuz137

RegLock::
[HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Control Panel\Desktop*]
@Allowed: (Read) (RestrictedCode)
"WheelScrollLines"="7"
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.


Tohle znáš?
Trusted Zone: sharepoint.com\gymst
Trusted Zone: sharepoint.com\gymst-files
Trusted Zone: sharepoint.com\gymst-my
Trusted Zone: sharepoint.com\gymst-myfiles
považuješ za bezpečné?

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

ostatní zítra..

[Mackyyy]

ComboFix 18-08-08.01 - ZDENEK 14.09.2018 8:26.2.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8190.6023 [GMT 2:00]
Spuštěný z: c:\users\ZDENEK\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\ZDENEK\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\ZDENEK\AppData\Local\Temp\cpuz137\cpuz137_x64.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ137
-------\Service_cpuz137
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2018-08-14 do 2018-09-14 )))))))))))))))))))))))))))))))
.
.
2018-09-14 06:34 . 2018-09-14 06:34 -------- d-----w- c:\users\Tata\AppData\Local\temp
2018-09-14 06:34 . 2018-09-14 06:34 -------- d-----w- c:\users\Prázdná složka\AppData\Local\temp
2018-09-14 06:34 . 2018-09-14 06:34 -------- d-----w- c:\users\Maminka\AppData\Local\temp
2018-09-14 06:34 . 2018-09-14 06:34 -------- d-----w- c:\users\JIRKA\AppData\Local\temp
2018-09-13 19:25 . 2018-09-13 19:25 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2018-09-13 19:25 . 2018-09-13 19:25 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2018-09-13 19:25 . 2018-09-13 19:25 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2018-09-13 19:25 . 2018-09-13 19:25 -------- d-----w- c:\users\ZDENEK\AppData\Local\Zemana
2018-09-13 19:21 . 2018-09-13 19:21 -------- d-----w- c:\users\ZDENEK\AppData\Local\Notepad++
2018-09-13 19:15 . 2018-09-13 19:29 -------- d-----w- c:\users\ZDENEK\AppData\Local\AVAST Software
2018-09-13 19:11 . 2014-02-13 21:59 24064 ----a-w- c:\windows\zoek-delete.exe
2018-09-13 19:11 . 2018-09-14 06:37 -------- d-----w- c:\users\ZDENEK\AppData\Local\Temp
2018-09-13 18:33 . 2018-09-13 19:05 -------- d-----w- C:\zoek_backup
2018-09-13 06:27 . 2018-09-13 06:27 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-09-13 06:27 . 2018-09-13 20:06 -------- d-----w- c:\programdata\RogueKiller
2018-09-12 21:35 . 2018-09-12 21:35 -------- d-----w- c:\programdata\Sophos
2018-09-12 21:34 . 2018-09-12 21:34 -------- d-----w- c:\program files (x86)\Sophos
2018-09-12 20:32 . 2018-09-12 20:32 -------- d-----w- c:\users\ZDENEK\AppData\Local\mbam
2018-09-12 20:31 . 2018-07-12 06:42 152688 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-09-12 20:12 . 2018-09-13 09:42 -------- d-----w- c:\users\ZDENEK\AppData\Local\AMD
2018-09-09 11:13 . 2018-09-09 11:14 -------- d-----w- c:\program files (x86)\Warband Matchmaking Client
2018-09-08 07:39 . 2018-09-08 07:39 -------- d-----r- c:\windows\SysWow64\config\systemprofile\OneDrive
2018-09-08 07:26 . 2018-08-30 03:11 3523136 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-09-14 06:35 . 2016-10-13 19:40 65536 ----a-w- c:\windows\system32\spu_storage.bin
2018-09-12 19:07 . 2015-01-18 18:45 215920 ----a-w- c:\windows\system32\drivers\asw54473a72254ec307.tmp
2018-09-12 19:07 . 2015-01-18 18:45 215920 ----a-w- c:\windows\system32\drivers\asw 11684750ca3214d.tmp
2018-09-12 16:41 . 2015-12-22 23:04 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-09-12 16:41 . 2015-12-22 23:04 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-09-11 16:03 . 2015-01-18 18:45 163392 ----a-w- c:\windows\system32\drivers\aswc228bb18483bad3c.tmp
2018-09-11 16:03 . 2015-01-18 18:45 163392 ----a-w- c:\windows\system32\drivers\aswae6260ab73b9677c.tmp
2018-09-08 07:31 . 2015-01-25 15:30 3764264 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2018-09-04 15:11 . 2015-01-18 18:45 467320 ----a-w- c:\windows\system32\drivers\aswe156206d6b9a43db.tmp
2018-09-04 15:11 . 2015-01-18 18:45 467320 ----a-w- c:\windows\system32\drivers\asw1bcec4a5d11e04a4.tmp
2018-08-30 19:11 . 2015-01-18 18:45 87904 ----a-w- c:\windows\system32\drivers\aswb18d7fdb7951fe1d.tmp
2018-08-30 19:11 . 2015-01-18 18:45 87904 ----a-w- c:\windows\system32\drivers\asw763ac6853b9c7967.tmp
2018-08-30 19:10 . 2015-01-18 18:45 46968 ----a-w- c:\windows\system32\drivers\aswc007a32ab8b5a06f.tmp
2018-08-30 19:10 . 2015-01-18 18:45 46968 ----a-w- c:\windows\system32\drivers\asw 304ef3692d0665f.tmp
2018-08-30 19:10 . 2015-01-18 18:45 381560 ----a-w- c:\windows\system32\drivers\asw8b9f41972460602b.tmp
2018-08-30 19:10 . 2015-01-18 18:45 381560 ----a-w- c:\windows\system32\drivers\asw64596dea08c3aa67.tmp
2018-08-30 19:10 . 2017-11-17 12:25 199712 ----a-w- c:\windows\system32\drivers\aswbdf426c4a03ead01.tmp
2018-08-30 19:10 . 2017-11-17 12:25 199712 ----a-w- c:\windows\system32\drivers\asw9d041134b8294ba3.tmp
2018-08-30 19:10 . 2015-01-18 18:45 111864 ----a-w- c:\windows\system32\drivers\aswee3601940959e81e.tmp
2018-08-30 19:10 . 2015-01-18 18:45 111864 ----a-w- c:\windows\system32\drivers\asw8cb136a46803ad90.tmp
2018-08-30 19:10 . 2015-01-18 18:45 1027720 ----a-w- c:\windows\system32\drivers\asw777647841f24b14c.tmp
2018-08-30 19:10 . 2015-01-18 18:45 1027720 ----a-w- c:\windows\system32\drivers\asw62be035d741df32e.tmp
2018-08-30 19:10 . 2017-12-25 09:23 249016 ----a-w- c:\windows\system32\drivers\asw8ed8f345f6bdfae2.tmp
2018-08-30 19:10 . 2017-12-25 09:23 249016 ----a-w- c:\windows\system32\drivers\asw35bf4b4ba5fcf812.tmp
2018-08-30 19:10 . 2017-03-09 16:47 59568 ----a-w- c:\windows\system32\drivers\aswf5667901ed8801a2.tmp
2018-08-30 19:10 . 2017-03-09 16:47 59568 ----a-w- c:\windows\system32\drivers\aswd979249b1ed849c9.tmp
2018-08-30 19:10 . 2017-03-09 16:47 346664 ----a-w- c:\windows\system32\drivers\asw63b4b55746da7205.tmp
2018-08-30 19:10 . 2017-03-09 16:47 346664 ----a-w- c:\windows\system32\drivers\asw195817f8d58f6d71.tmp
2018-08-30 19:10 . 2017-03-09 16:47 229384 ----a-w- c:\windows\system32\drivers\asw755ca1ad1ce1b27e.tmp
2018-08-30 19:10 . 2017-03-09 16:47 229384 ----a-w- c:\windows\system32\drivers\asw4cf421bb7363f142.tmp
2018-08-30 19:10 . 2017-03-09 16:47 201320 ----a-w- c:\windows\system32\drivers\aswc58ad4944e97f3f3.tmp
2018-08-30 19:10 . 2017-03-09 16:47 201320 ----a-w- c:\windows\system32\drivers\asw 13f0846aedaa6b2.tmp
2018-08-16 16:54 . 2018-05-16 17:38 62091672 ----a-w- c:\users\ZDENEK\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe
2018-08-06 20:25 . 2018-08-06 20:25 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2018-08-06 20:24 . 2015-01-22 15:56 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2018-07-22 21:50 . 2018-07-22 21:50 27888 ----a-w- c:\windows\system32\wiperrm.exe
2018-07-20 17:10 . 2015-01-19 16:36 110968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2018-08-13 13:12 1389216 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2018-08-13 13:12 1389216 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2018-08-13 13:12 1389216 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2018-08-13 13:12 1389216 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2018-08-13 13:12 1389216 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2018-08-27 55624]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2016-04-07 3639280]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"HP DeskJet 4670 series (NET)"="c:\program files\HP\HP DeskJet 4670 series\Bin\ScanToPCActivationApp.exe" [2017-04-06 3770504]
"Spotify Web Helper"="c:\users\ZDENEK\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2017-07-15 1431664]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2018-06-24 18385368]
"GalaxyClient"="c:\program files (x86)\GOG Galaxy\GalaxyClient.exe" [2018-09-12 6881864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
.
c:\users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Poslat do aplikace OneNote.lnk - c:\program files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr [2017-10-17 172000]
.
c:\users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Poslat do aplikace OneNote.lnk - c:\program files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr [2017-10-17 172000]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *????????? ????????
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"VICTORY Gaming Keyboard"="c:\program files (x86)\Gaming Keyboard\Monitor.exe"
"DeathTaker"=c:\program files (x86)\Genius\DeathTaker\mousehid.exe
.
R2 AODDriver4.2;AODDriver4.2;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [x]
R2 avast;Služba %1!s! Update (avast);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 avastm;Služba %1!s! Update (avastm);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 CorsairVBusDriver;Corsair Bus;c:\windows\system32\DRIVERS\CorsairVBusDriver.sys;c:\windows\SYSNATIVE\DRIVERS\CorsairVBusDriver.sys [x]
R3 CorsairVHidDriver;Corsair virtual device;c:\windows\system32\DRIVERS\CorsairVHidDriver.sys;c:\windows\SYSNATIVE\DRIVERS\CorsairVHidDriver.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 ew_usbccgpfilter;HwHandSet_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbccgpfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbccgpfilter.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 GalaxyClientService;GalaxyClientService;c:\program files (x86)\GOG Galaxy\GalaxyClientService.exe;c:\program files (x86)\GOG Galaxy\GalaxyClientService.exe [x]
R3 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 HnGSteamService;Heroes & Generals Steam Service;c:\program files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe;c:\program files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
R4 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3.0;AODDriver4.3.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
S2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 FoxitReaderService;Foxit Reader Service;c:\program files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [x]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 AmUStor;Al USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 VBAudioVACMME;VB-Audio Virtual Cable (WDM);c:\windows\system32\DRIVERS\vbaudio_cable64_win7.sys;c:\windows\SYSNATIVE\DRIVERS\vbaudio_cable64_win7.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}]
2018-08-20 17:25 1898280 ----a-w- c:\program files (x86)\AVAST Software\Browser\Application\68.0.746.59\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2018-08-13 13:13 1637416 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2018-08-13 13:13 1637416 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2018-08-13 13:13 1637416 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2018-08-13 13:13 1637416 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2018-08-13 13:13 1637416 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2017-10-18 18381792]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
Trusted Zone: sharepoint.com\gymst
Trusted Zone: sharepoint.com\gymst-files
Trusted Zone: sharepoint.com\gymst-my
Trusted Zone: sharepoint.com\gymst-myfiles
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{d992c12e-cab2-426f-bde3-fb8c53950b0d} - c:\programdata\Package Cache\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\VC_redist.x64.exe
AddRemove-{e2803110-78b3-4664-a479-3611a381656a} - c:\programdata\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f1,24,55,61,26,4a,53,c1,c5,66,15,f7,ea,37,43,89,d8,b0,90,b6,ba,e7,8d,
05,19,ea,78,f4,d7,34,f8,80,f4,d1,31,c2,56,59,5b,a6,5e,56,fc,6c,77,15,b3,03,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\SecuROM\License information*]
"datasecu"=hex:fe,4f,dd,1f,32,35,ee,ea,d2,5f,20,e3,fa,cc,f7,01,51,b3,c4,03,9b,
cf,fa,dd,a9,ed,42,d6,0e,5a,6f,35,d7,c8,8f,a2,5d,46,dd,7d,9c,25,69,88,cc,5a,\
"rkeysecu"=hex:b5,c9,e5,f9,35,0d,12,cd,ec,89,f0,74,71,cf,e1,9d
.
[HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Control Panel\Desktop*]
@Allowed: (Read) (RestrictedCode)
"WheelScrollLines"="7"
DUMPHIVE0.003 (REGF)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
.
**************************************************************************
.
Celkový čas: 2018-09-14 08:42:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2018-09-14 06:42
ComboFix2.txt 2018-09-13 20:01
.
Před spuštěním: Volných bajtů: 135 471 218 688
Po spuštění: Volných bajtů: 134 607 138 816
.
- - End Of File - - C1CEB00248E445A7D0C1FE44F0BA0639
A36C5E4F47E84449FF07ED3517B43A31

[Mackyyy]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:45:26, on 14.9.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18739)
Boot mode: Normal

Running processes:
C:\Users\ZDENEK\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [HP DeskJet 4670 series (NET)] "C:\Program Files\HP\HP DeskJet 4670 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH6263J1BJ0663:NW" -scfn "HP DeskJet 4670 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\ZDENEK\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [GalaxyClient] C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart
O4 - Startup: Poslat do aplikace OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Heroes & Generals Steam Service (HnGSteamService) - Reto-Moto ApS - C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Overwolf Updater Windows SCM (OverwolfUpdater) - Overwolf LTD - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 11359 bytes

[Mackyyy]

Trusted Zone: sharepoint.com\gymst
Trusted Zone: sharepoint.com\gymst-files
Trusted Zone: sharepoint.com\gymst-my
Trusted Zone: sharepoint.com\gymst-myfiles


To je ještě něco ze střední, kdy naše škola měla smlouvu s Windows Office 360. Takže každý žák po dobu studia měl Office 360 zdarma a úložný prostor na jejich serverech, což bude mít něco společného s tímto. Nemělo by to být nic vážného.

[Mackyyy]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.09.2018
Ran by ZDENEK (administrator) on ZDENEK-PC (14-09-2018 08:54:19)
Running from C:\Users\ZDENEK\Desktop
Loaded Profiles: ZDENEK (Available Profiles: ZDENEK & JIRKA & Maminka & Tata)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
() C:\Windows\SysWOW64\ASGT.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-18] (Realtek Semiconductor)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1762638149-875449985-1971150987-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [55624 2018-08-27] (Overwolf LTD)
HKU\S-1-5-21-1762638149-875449985-1971150987-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-04-07] (Electronic Arts)
HKU\S-1-5-21-1762638149-875449985-1971150987-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1762638149-875449985-1971150987-1000\...\Run: [HP DeskJet 4670 series (NET)] => C:\Program Files\HP\HP DeskJet 4670 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (HP Inc.)
HKU\S-1-5-21-1762638149-875449985-1971150987-1000\...\Run: [Spotify Web Helper] => C:\Users\ZDENEK\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2017-07-15] (Spotify Ltd)
HKU\S-1-5-21-1762638149-875449985-1971150987-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-1762638149-875449985-1971150987-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [6881864 2018-09-12] (GOG.com)
HKU\S-1-5-21-1762638149-875449985-1971150987-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1762638149-875449985-1971150987-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\logon.scr
Startup: C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2018-03-20]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2018-05-28]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * ????????? ????????

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{87EE952F-F09A-4583-87B0-2A9981D8E4DD}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL =
SearchScopes: HKU\S-1-5-21-1762638149-875449985-1971150987-1000 -> DefaultScope {13552D3B-38FC-4021-BF31-BB920428C6EF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1762638149-875449985-1971150987-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1762638149-875449985-1971150987-1000 -> {13552D3B-38FC-4021-BF31-BB920428C6EF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1762638149-875449985-1971150987-1000 -> {CD58A60B-0F26-49C8-B0EC-5FAAF44C2D47} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-08] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-07-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-09-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-20] (Oracle Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-09-08] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-09-08] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-08] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-08] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-08] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-08] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF DefaultProfile: kq73xhhf.default
FF ProfilePath: C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\kq73xhhf.default [2018-09-13]
FF Homepage: Mozilla\Firefox\Profiles\kq73xhhf.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\kq73xhhf.default -> about:newtab
FF Extension: (Avast SafePrice) - C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\kq73xhhf.default\Extensions\sp@avast.com.xpi [2018-04-10]
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-20] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-08] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-08] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-1762638149-875449985-1971150987-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\ZDENEK\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife, LLP)
FF Plugin HKU\S-1-5-21-1762638149-875449985-1971150987-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ZDENEK\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] ()
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-17] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-17] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6875688 2018-06-13] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2018-08-09] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9659456 2018-08-30] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2018-03-16] (EasyAntiCheat Ltd)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-12] (Foxit Software Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [686664 2018-09-12] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8942664 2018-09-12] (GOG.com)
S3 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [754984 2018-09-11] (Reto-Moto ApS)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] ()
S4 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-07] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2308424 2018-08-27] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2018-08-06] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2015-01-18] (Advanced Micro Devices Inc.)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [90560 2018-01-14] (Alcorlink Corp.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [45528 2017-10-23] (Corsair)
S3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21968 2017-10-23] (Corsair)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-18] (Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-01-30] ()
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2015-01-29] (Qualcomm Atheros Co., Ltd.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-01-20] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-09-13] ()
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-09-13] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-09-13] (Zemana Ltd.)
S2 AODDriver4.2; \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
U2 Plug and Play; no ImagePath
S3 xusb21; system32\DRIVERS\xusb21.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-14 08:54 - 2018-09-14 08:54 - 000019761 _____ C:\Users\ZDENEK\Desktop\FRST.txt
2018-09-14 08:52 - 2018-09-14 08:54 - 000000000 ____D C:\FRST
2018-09-14 08:52 - 2018-09-14 08:52 - 002413568 _____ (Farbar) C:\Users\ZDENEK\Desktop\FRST64.exe
2018-09-14 08:42 - 2018-09-14 08:42 - 000025865 _____ C:\ComboFix.txt
2018-09-13 21:48 - 2018-09-14 08:42 - 000000000 ____D C:\Qoobox
2018-09-13 21:48 - 2018-09-14 08:34 - 000000000 ____D C:\Windows\erdnt
2018-09-13 21:48 - 2018-09-13 21:48 - 005660510 ____R (Swearware) C:\Users\ZDENEK\Desktop\ComboFix.exe
2018-09-13 21:48 - 2011-06-26 08:45 - 000256000 _____ C:\Windows\PEV.exe
2018-09-13 21:48 - 2010-11-07 19:20 - 000208896 _____ C:\Windows\MBR.exe
2018-09-13 21:48 - 2009-04-20 06:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-09-13 21:48 - 2000-08-31 02:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-09-13 21:48 - 2000-08-31 02:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-09-13 21:48 - 2000-08-31 02:00 - 000098816 _____ C:\Windows\sed.exe
2018-09-13 21:48 - 2000-08-31 02:00 - 000080412 _____ C:\Windows\grep.exe
2018-09-13 21:48 - 2000-08-31 02:00 - 000068096 _____ C:\Windows\zip.exe
2018-09-13 21:25 - 2018-09-14 08:54 - 000207757 _____ C:\Windows\ZAM.krnl.trace
2018-09-13 21:25 - 2018-09-14 08:54 - 000188440 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-09-13 21:25 - 2018-09-13 21:25 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-09-13 21:25 - 2018-09-13 21:25 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-09-13 21:25 - 2018-09-13 21:25 - 000001154 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-09-13 21:25 - 2018-09-13 21:25 - 000000000 ____D C:\Users\ZDENEK\AppData\Local\Zemana
2018-09-13 21:25 - 2018-09-13 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-09-13 21:25 - 2018-09-13 21:25 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-09-13 21:24 - 2018-09-13 21:24 - 006625600 _____ (Zemana Ltd. ) C:\Users\ZDENEK\Desktop\Zemana.AntiMalware.Setup.exe
2018-09-13 21:21 - 2018-09-13 21:21 - 000000000 ____D C:\Users\ZDENEK\AppData\Local\Notepad++
2018-09-13 21:15 - 2018-09-13 21:29 - 000000000 ____D C:\Users\ZDENEK\AppData\Local\AVAST Software
2018-09-13 21:11 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2018-09-13 20:33 - 2018-09-13 21:05 - 000000000 ____D C:\zoek_backup
2018-09-13 20:18 - 2018-09-13 20:18 - 002038755 _____ C:\Users\ZDENEK\Desktop\zoek.exe
2018-09-13 18:55 - 2018-09-13 19:58 - 000000599 _____ C:\Users\ZDENEK\Desktop\Nový textový dokument.txt
2018-09-13 08:27 - 2018-09-13 22:06 - 000000000 ____D C:\ProgramData\RogueKiller
2018-09-13 08:27 - 2018-09-13 08:27 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-09-13 08:24 - 2018-09-13 08:25 - 027129912 _____ (Adlice Software) C:\Users\ZDENEK\Desktop\RogueKiller_portable64.exe
2018-09-12 23:35 - 2018-09-12 23:35 - 000000000 ____D C:\ProgramData\Sophos
2018-09-12 23:34 - 2018-09-12 23:34 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-09-12 23:34 - 2018-09-12 23:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-09-12 23:34 - 2018-09-12 23:34 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-09-12 23:31 - 2018-09-12 23:33 - 195958672 _____ (Sophos Limited) C:\Users\ZDENEK\Desktop\Sophos Virus Removal Tool.exe
2018-09-12 23:29 - 2018-09-12 23:29 - 000002368 _____ C:\Users\ZDENEK\Desktop\JRT.txt
2018-09-12 23:24 - 2018-09-12 23:24 - 001790024 _____ (Malwarebytes) C:\Users\ZDENEK\Desktop\JRT.exe
2018-09-12 22:32 - 2018-09-12 22:32 - 000000000 ____D C:\Users\ZDENEK\AppData\Local\mbam
2018-09-12 22:31 - 2018-09-12 22:31 - 000001833 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-12 22:31 - 2018-09-12 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-12 22:31 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-09-12 22:26 - 2018-09-12 22:26 - 007571152 _____ (Malwarebytes) C:\Users\ZDENEK\Desktop\adwcleaner_7.2.3.1.exe
2018-09-12 22:24 - 2018-09-12 22:24 - 007567568 _____ (Malwarebytes) C:\Users\ZDENEK\Desktop\AdwCleaner.exe
2018-09-12 22:13 - 2018-09-12 22:13 - 000448512 _____ (OldTimer Tools) C:\Users\ZDENEK\Desktop\TFC.exe
2018-09-12 22:12 - 2018-09-13 11:42 - 000000000 ____D C:\Users\ZDENEK\AppData\Local\AMD
2018-09-12 22:08 - 2018-09-12 22:08 - 000050688 _____ (Atribune.org) C:\Users\ZDENEK\Desktop\ATF-Cleaner.exe
2018-09-12 21:24 - 2018-09-12 21:24 - 000388608 _____ (Trend Micro Inc.) C:\Users\ZDENEK\Desktop\hijackthis.exe
2018-09-10 21:50 - 2018-09-10 21:50 - 002750801 _____ C:\Users\ZDENEK\Downloads\CJL_publikace.pdf
2018-09-10 21:38 - 2018-09-10 21:38 - 000090533 _____ C:\Users\ZDENEK\Downloads\struktura UZ_2015.pdf
2018-09-10 17:09 - 2018-09-10 17:09 - 000071636 _____ C:\Users\ZDENEK\Downloads\Vypis_vysledku_DT_podzim_2018.zip
2018-09-10 17:09 - 2018-09-10 17:09 - 000071636 _____ C:\Users\ZDENEK\Downloads\Vypis_vysledku_DT_podzim_2018 (1).zip
2018-09-10 12:59 - 2018-09-10 12:59 - 000678093 _____ C:\Users\ZDENEK\Downloads\1369759599-01-03-d9-uvolnovani-diktatorskeho-komunistickeho-rezimu-v-ceskoslovensku-v-60-letech.pptx
2018-09-09 13:13 - 2018-09-09 13:14 - 000000000 ____D C:\Program Files (x86)\Warband Matchmaking Client
2018-09-09 13:13 - 2018-09-09 13:13 - 000002074 _____ C:\Users\ZDENEK\Desktop\Warband Matchmaking Client.lnk
2018-09-08 09:39 - 2018-09-08 09:39 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-09-08 09:39 - 2018-09-08 09:39 - 000002482 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-09-08 09:39 - 2018-09-08 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2018-09-07 00:11 - 2018-09-07 00:11 - 000598012 _____ C:\Users\ZDENEK\Downloads\1712_c01t14.xlsx
2018-09-03 16:44 - 2018-09-03 16:44 - 002860771 _____ C:\Users\ZDENEK\Downloads\Windows_7_Loader.zip
2018-09-03 09:32 - 2018-09-03 09:32 - 000363318 _____ C:\Users\ZDENEK\Downloads\Pisemna_prace_z_ciziho_jazyka_prirucka_2017.pdf
2018-09-02 09:45 - 2018-09-02 09:45 - 000205079 _____ C:\Users\ZDENEK\Desktop\dejepis.pdf
2018-09-01 15:06 - 2018-09-01 15:06 - 000846368 _____ C:\Users\ZDENEK\Downloads\AJ – PL A – zak_fin.pdf
2018-08-31 13:42 - 2018-08-31 13:42 - 000383274 _____ C:\Users\ZDENEK\Desktop\AJ25.pdf
2018-08-29 20:04 - 2018-08-29 20:04 - 637620063 _____ C:\Windows\MEMORY.DMP
2018-08-27 23:26 - 2018-08-27 23:26 - 000675984 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000457512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000386712 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000343192 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000274072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000248624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000089248 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000087352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000031896 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_1.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000028472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140_1.dll
2018-08-22 09:55 - 2018-08-22 09:55 - 000125416 _____ C:\Users\ZDENEK\AppData\Local\GDIPFONTCACHEV1.DAT
2018-08-18 09:57 - 2018-08-18 09:57 - 000437623 _____ C:\Users\ZDENEK\Downloads\EasyBusTicket.pdf
2018-08-18 09:57 - 2018-08-18 09:57 - 000052184 _____ C:\Users\ZDENEK\Downloads\ticket_churchill.pdf
2018-08-18 09:57 - 2018-08-18 09:57 - 000050733 _____ C:\Users\ZDENEK\Downloads\ticket_belfast.pdf
2018-08-16 20:13 - 2018-08-16 20:14 - 000230436 _____ C:\PA7302.DAT
2018-08-16 17:04 - 2018-08-16 17:04 - 000760516 _____ C:\Users\ZDENEK\Downloads\9 Ústava a moc soudní.pdf
2018-08-16 16:57 - 2018-08-16 16:57 - 001022339 _____ C:\Users\ZDENEK\Downloads\8 Ústava a moc výkonná.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-14 08:46 - 2009-07-14 06:45 - 000047824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-14 08:46 - 2009-07-14 06:45 - 000047824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-14 08:37 - 2009-07-14 04:34 - 000000215 _____ C:\Windows\system.ini
2018-09-14 08:36 - 2016-09-17 16:09 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-09-14 08:36 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-14 08:35 - 2016-10-13 21:40 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-09-14 08:35 - 2009-07-14 04:34 - 139460608 _____ C:\Windows\system32\config\software.bak
2018-09-14 08:35 - 2009-07-14 04:34 - 034603008 _____ C:\Windows\system32\config\system.bak
2018-09-14 08:35 - 2009-07-14 04:34 - 008388608 _____ C:\Windows\system32\config\default.bak
2018-09-14 08:35 - 2009-07-14 04:34 - 000221184 _____ C:\Windows\system32\config\sam.bak
2018-09-14 08:35 - 2009-07-14 04:34 - 000036864 _____ C:\Windows\system32\config\security.bak
2018-09-14 08:02 - 2018-05-15 19:22 - 000003162 _____ C:\Windows\System32\Tasks\StartCN
2018-09-14 08:02 - 2018-05-15 19:22 - 000003076 _____ C:\Windows\System32\Tasks\StartDVR
2018-09-14 08:02 - 2018-04-25 14:20 - 000003172 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1762638149-875449985-1971150987-1022
2018-09-14 08:02 - 2018-01-14 00:09 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-09-14 08:02 - 2018-01-14 00:09 - 000002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-09-14 08:02 - 2017-10-18 10:11 - 000003176 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1762638149-875449985-1971150987-1000
2018-09-14 08:02 - 2015-12-23 01:04 - 000004520 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-09-14 08:02 - 2015-12-23 01:04 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-09-14 08:02 - 2015-12-14 23:11 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-09-14 08:02 - 2015-12-14 23:11 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-09-14 08:02 - 2015-12-03 15:13 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-09-14 08:02 - 2015-05-04 15:45 - 000003012 _____ C:\Windows\System32\Tasks\{49065A49-780A-4779-8F94-F6EE7C6E7E5A}
2018-09-14 08:02 - 2015-03-13 14:59 - 000002994 _____ C:\Windows\System32\Tasks\{09FF4C71-8BA8-40A2-99E5-322C1FB732E0}
2018-09-14 08:02 - 2015-03-13 01:30 - 000003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler
2018-09-14 08:02 - 2015-03-13 00:14 - 000002994 _____ C:\Windows\System32\Tasks\{8BB98CEE-9A1B-497E-B085-87F0CF1D0750}
2018-09-14 08:02 - 2015-01-21 20:54 - 000003148 _____ C:\Windows\System32\Tasks\{F38F528D-C592-428C-A0E4-1D0452214952}
2018-09-14 08:02 - 2015-01-18 23:47 - 000003728 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
2018-09-14 08:02 - 2015-01-18 20:31 - 000003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1421605864
2018-09-14 00:31 - 2009-07-14 04:34 - 055574528 _____ C:\Windows\system32\config\components.bak
2018-09-13 23:10 - 2015-01-18 23:51 - 000000000 ____D C:\Program Files (x86)\Steam
2018-09-13 21:54 - 2015-04-26 00:47 - 000000000 ____D C:\ProgramData\TEMP
2018-09-13 21:27 - 2015-01-18 17:41 - 000000000 ____D C:\Users\ZDENEK
2018-09-13 21:18 - 2015-01-22 00:20 - 000000000 ____D C:\ProgramData\Origin
2018-09-13 21:13 - 2015-01-18 23:10 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-09-13 21:04 - 2017-09-27 15:51 - 000000000 ____D C:\Users\Tata\AppData\Local\Google
2018-09-13 21:04 - 2017-09-27 15:46 - 000000000 ____D C:\Users\Maminka\AppData\Local\Google
2018-09-13 21:04 - 2015-04-26 01:18 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2018-09-13 21:04 - 2015-04-26 01:18 - 000000000 ____D C:\Users\Default User\AppData\Local\Google
2018-09-13 21:03 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-09-13 21:03 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-09-13 20:10 - 2016-10-31 23:38 - 000000000 ____D C:\Program Files (x86)\Sid Meiers Civilization VI
2018-09-13 20:10 - 2015-04-25 23:30 - 000000000 ____D C:\Program Files (x86)\SimCity 2013 Offline
2018-09-13 13:41 - 2015-01-18 23:47 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-09-13 11:45 - 2015-03-01 10:37 - 000000000 ____D C:\Users\ZDENEK\AppData\LocalLow\Heroes and Generals
2018-09-12 22:31 - 2016-11-04 19:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-12 22:23 - 2018-03-13 23:10 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2018-09-12 21:07 - 2015-01-18 20:45 - 000215920 _____ (AVAST Software) C:\Windows\system32\Drivers\asw54473a72254ec307.tmp
2018-09-12 21:07 - 2015-01-18 20:45 - 000215920 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 11684750ca3214d.tmp
2018-09-12 18:41 - 2015-12-23 01:04 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-09-12 18:41 - 2015-12-23 01:04 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-12 18:41 - 2015-01-18 21:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-09-12 18:41 - 2015-01-18 21:02 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-11 18:03 - 2015-01-18 20:45 - 000163392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc228bb18483bad3c.tmp
2018-09-11 18:03 - 2015-01-18 20:45 - 000163392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswae6260ab73b9677c.tmp
2018-09-11 07:33 - 2018-01-14 00:09 - 000000000 ____D C:\Program Files\CCleaner
2018-09-08 09:42 - 2017-10-17 16:02 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-08 09:39 - 2017-10-17 16:03 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-09-08 09:39 - 2017-10-17 16:03 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-09-08 09:39 - 2017-10-17 16:03 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy.lnk
2018-09-08 09:39 - 2017-10-17 16:03 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-09-08 09:39 - 2017-10-17 16:03 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-09-08 09:39 - 2017-10-17 16:03 - 000002376 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-09-08 09:37 - 2017-10-05 18:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-09-07 19:54 - 2015-01-18 20:31 - 000000000 ____D C:\Program Files (x86)\Opera
2018-09-04 17:11 - 2015-01-18 20:45 - 000467320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe156206d6b9a43db.tmp
2018-09-04 17:11 - 2015-01-18 20:45 - 000467320 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1bcec4a5d11e04a4.tmp
2018-08-30 21:11 - 2015-01-18 20:45 - 000087904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb18d7fdb7951fe1d.tmp
2018-08-30 21:11 - 2015-01-18 20:45 - 000087904 _____ (AVAST Software) C:\Windows\system32\Drivers\asw763ac6853b9c7967.tmp
2018-08-30 21:10 - 2017-12-25 11:23 - 000249016 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8ed8f345f6bdfae2.tmp
2018-08-30 21:10 - 2017-12-25 11:23 - 000249016 _____ (AVAST Software) C:\Windows\system32\Drivers\asw35bf4b4ba5fcf812.tmp
2018-08-30 21:10 - 2017-11-17 14:25 - 000199712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbdf426c4a03ead01.tmp
2018-08-30 21:10 - 2017-11-17 14:25 - 000199712 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9d041134b8294ba3.tmp
2018-08-30 21:10 - 2017-03-09 18:47 - 000346664 _____ (AVAST Software) C:\Windows\system32\Drivers\asw63b4b55746da7205.tmp
2018-08-30 21:10 - 2017-03-09 18:47 - 000346664 _____ (AVAST Software) C:\Windows\system32\Drivers\asw195817f8d58f6d71.tmp
2018-08-30 21:10 - 2017-03-09 18:47 - 000229384 _____ (AVAST Software) C:\Windows\system32\Drivers\asw755ca1ad1ce1b27e.tmp
2018-08-30 21:10 - 2017-03-09 18:47 - 000229384 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4cf421bb7363f142.tmp
2018-08-30 21:10 - 2017-03-09 18:47 - 000201320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc58ad4944e97f3f3.tmp
2018-08-30 21:10 - 2017-03-09 18:47 - 000201320 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 13f0846aedaa6b2.tmp
2018-08-30 21:10 - 2017-03-09 18:47 - 000059568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf5667901ed8801a2.tmp
2018-08-30 21:10 - 2017-03-09 18:47 - 000059568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd979249b1ed849c9.tmp
2018-08-30 21:10 - 2015-01-18 20:45 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\asw777647841f24b14c.tmp
2018-08-30 21:10 - 2015-01-18 20:45 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\asw62be035d741df32e.tmp
2018-08-30 21:10 - 2015-01-18 20:45 - 000381560 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8b9f41972460602b.tmp
2018-08-30 21:10 - 2015-01-18 20:45 - 000381560 _____ (AVAST Software) C:\Windows\system32\Drivers\asw64596dea08c3aa67.tmp
2018-08-30 21:10 - 2015-01-18 20:45 - 000111864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswee3601940959e81e.tmp
2018-08-30 21:10 - 2015-01-18 20:45 - 000111864 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8cb136a46803ad90.tmp
2018-08-30 21:10 - 2015-01-18 20:45 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc007a32ab8b5a06f.tmp
2018-08-30 21:10 - 2015-01-18 20:45 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 304ef3692d0665f.tmp
2018-08-29 20:04 - 2015-01-19 16:26 - 000000000 ____D C:\Windows\Minidump
2018-08-24 17:38 - 2018-06-27 15:44 - 000000000 ____D C:\Users\ZDENEK\Documents\cossacks
2018-08-20 19:26 - 2018-04-17 13:21 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-08-19 18:21 - 2017-09-27 15:46 - 000000000 ____D C:\Users\Maminka
2018-08-19 18:21 - 2015-01-28 19:23 - 000000000 ____D C:\Users\JIRKA
2018-08-19 18:20 - 2018-04-25 14:18 - 000000000 ___RD C:\Users\Tata\OneDrive
2018-08-19 18:20 - 2017-09-27 15:51 - 000002186 _____ C:\Users\Tata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-08-16 20:10 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf

==================== Files in the root of some directories =======

2002-08-29 19:33 - 2002-08-29 19:33 - 000319488 ____R () C:\Users\ZDENEK\AppData\Roaming\MafiaSetup.exe
2015-01-19 13:25 - 2015-01-19 13:25 - 000008269 _____ () C:\Users\ZDENEK\AppData\Roaming\msvjumf.dat
2015-01-19 13:25 - 2015-01-19 13:25 - 000000035 _____ () C:\Users\ZDENEK\AppData\Roaming\msyaairi.dat
2015-10-31 16:27 - 2015-10-31 16:27 - 000018432 ___SH () C:\Users\ZDENEK\AppData\Roaming\Thumbs.db
2015-10-31 16:27 - 2015-10-31 16:27 - 000018432 ___SH () C:\Users\ZDENEK\AppData\Roaming\Microsoft\Thumbs.db

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-05 13:39

==================== End of FRST.txt ============================