Prosím o kontrolu logu - hučící větrák, zpomalený počítač, zamrzání stránek Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

TomikCR
Level 1
Level 1
Příspěvky: 73
Registrován: srpen 07
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu - hučící větrák, zpomalený počítač, zamrzání stránek

Příspěvekod TomikCR » 27 kvě 2019 20:47

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by TomikCR on po 27. 05. 2019 at 20:09:26,70.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\TomikCR\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

27. 5. 2019 20:13:50 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Raptr deleted successfully
C:\Program Files\HP deleted successfully
C:\Users\TomikCR\AppData\Roaming\Opera Software deleted successfully
C:\Users\TomikCR\AppData\Local\Opera Software deleted successfully
C:\Users\TomikCR\AppData\Local\WMTools Downloaded Files deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\TomikCR\AppData\Roaming\Mozilla\Firefox\Profiles\d1xemxoz.default\prefs.js:
user_pref("keyword.URL", "https://duckduckgo.com/?q={searchTerms}");

Added to C:\Users\TomikCR\AppData\Roaming\Mozilla\Firefox\Profiles\d1xemxoz.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\TomikCR\AppData\Roaming\Mozilla\Firefox\Profiles\yf1ddynd.default-1512513727351\prefs.js:

Added to C:\Users\TomikCR\AppData\Roaming\Mozilla\Firefox\Profiles\yf1ddynd.default-1512513727351\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\TomikCR\AppData\Roaming\Mozilla\Firefox\Profiles\d1xemxoz.default

user.js not found
---- Lines surfing removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"anttoolbar@ant.com\":{\"d\":\"C:\\\\Users\\\\TomikCR\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox
---- FireFox user.js and prefs.js backups ----

prefs_201927.05._2034_.backup

ProfilePath: C:\Users\TomikCR\AppData\Roaming\Mozilla\Firefox\Profiles\yf1ddynd.default-1512513727351

user.js not found
---- FireFox user.js and prefs.js backups ----


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Raptr not found
C:\Users\TomikCR\AppData\Roaming\brave deleted
C:\Users\TomikCR\.android deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted

==== Orphaned Tasks deleted from Registry ======================

Opera N deleted
Opera N Saturday deleted
Opera N Sunday deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\TomikCR\AppData\Roaming\Mozilla\Firefox\Profiles\d1xemxoz.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\TomikCR\AppData\Roaming\Mozilla\Firefox\Profiles\yf1ddynd.default-1512513727351
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"firefox@bho.com"="C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt" [17. 06. 2015 20:35]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\TomikCR\AppData\Roaming\Mozilla\Firefox\Profiles\yf1ddynd.default-1512513727351
- C:\Program Files x86\VideoLAN\VLC\npvlc.dll - [?]
0C0C5C207121C7A78414A8250E8E099A - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director
- C:\Program Files x86\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll - [?]
- C:\Program Files x86\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll - [?]
- C:\Program Files x86\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll - [?]


==== Chromium Look ======================

Google Chrome Version: 74.0.3729.169

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

HraniÄŤnĂ­ porucha osobnosti | Doktorka.cz - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnaoencakbgljoiljlafbnknkmalbapk
Otto Kernberg – Wikipedie - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcknjhdldobocpoelbhnbeclifcmfjjc
HUMAN 3.0 - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\meefjekipolcgabfgaclcpdkbghhmoah
Deprese (psychologie) – Wikipedie - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nelenockjlakfgihjccmabmopimionmn
XTractor 2.0 - FB Emails and UIDs Scrapper - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\odnenajaeicndaeiapagpglohiklndhe
Chrome Media Router - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
HUMAN 3.0 - TomikCR\AppData\Local\Google\Chrome\User Data\Default\Extensions\meefjekipolcgabfgaclcpdkbghhmoah
Chrome Media Router - TomikCR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.cz/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.cz/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}

==== Reset Google Chrome ======================

C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\System Profile\Preferences was reset successfully
C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\System Profile\Secure Preferences was reset successfully
C:\Users\TomikCR\AppData\Local\Mumps\User Data\Default\Preferences was reset successfully
C:\Users\TomikCR\AppData\Local\Mumps\User Data\Default\Secure Preferences was reset successfully
C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\System Profile\Web Data was reset successfully
C:\Users\TomikCR\AppData\Local\Mumps\User Data\Default\Web Data was reset successfully
C:\Users\TomikCR\AppData\Local\Mumps\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raptr deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\TomikCR\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\TomikCR\Desktop\Vstup\Rozbočovač\převody z ostatních PC - NEMAZAT\Důležité\vše ze starých PC roztřídit\Tomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\TomikCR\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\System Profile\Cache emptied successfully
C:\Users\TomikCR\AppData\Local\Mumps\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1349 folders=173 727482397 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\TomikCR\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\TomikCR\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on po 27. 05. 2019 at 20:43:34,72 ======================



Reklama
TomikCR
Level 1
Level 1
Příspěvky: 73
Registrován: srpen 07
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu - hučící větrák, zpomalený počítač, zamrzání stránek

Příspěvekod TomikCR » 27 kvě 2019 21:35

Informace o kontroly
Název produktu    :  Zemana AntiMalware
Stav kontroly    :  Dokončena
Datum kontroly    :  27. 5. 2019 21:31:43
Typ kontroly    :  Inteligentní kontrola
Čas trvání    :  00:00:31
Zkontrolované objekty    :  1289
Zjištěné objekty    :  1
Vyloučené objekty    :  0
Automatické odesílání    :  Ne
Operační systém    :  Windows 8.1 x64
Procesor    :  4X AMD A10-5745M APU with Radeon(tm) HD Graphics
Režim systému BIOS    :  UEFI
Informace o doméně    :  WORKGROUP,False,NetSetupWorkgroupName
CUID    :  12905A4B5FC3E374EB1E09


Odhalení
MD5    :  
Stav    :  Zkontrolováno
Objekt    :  http://www.parlamentnilisty.cz/
Vydavatel    :  
Velikost    :  0
Odhalení    :  Hijack:Browser/ChromeHomepage
Akce    :  -
-----------------------------------------------------------------------

TomikCR
Level 1
Level 1
Příspěvky: 73
Registrován: srpen 07
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu - hučící větrák, zpomalený počítač, zamrzání stránek

Příspěvekod TomikCR » 27 kvě 2019 21:42

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:41:22, on 27. 5. 2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.19036)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Users\TomikCR\Downloads\HijackThis (1).exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
O4 - HKCU\..\Run: [GarminExpress] "C:\Program Files (x86)\Garmin\Express\express.exe" /minimized
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP CASL Framework Service (hpqcaslwmiex) - HP - C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem46.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: MRAC Service (mracsvc) - Unknown owner - C:\Windows\System32\mracsvc.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8295 bytes

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39709
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu - hučící větrák, zpomalený počítač, zamrzání stránek

Příspěvekod jaro3 » 27 kvě 2019 22:02

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

TomikCR
Level 1
Level 1
Příspěvky: 73
Registrován: srpen 07
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu - hučící větrák, zpomalený počítač, zamrzání stránek

Příspěvekod TomikCR » 29 kvě 2019 19:13

Ahoj,
ventilátor se naprosto uklidnil takže OK. Jen ještě stránky se načítají trochu pomaleji....v podstatě písmo naskočí ihned ale nějaké dvě tři vteřiny se načítají obrázky. Nebo když je stránka dlouhá a rychle roluju dolů tak je třeba půlka dvě vteřiny šedá a vykresluje se dost pomalu takže je to dost nepříjemné. Jinak je to všechno v pohodě.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39709
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu - hučící větrák, zpomalený počítač, zamrzání stránek

Příspěvekod jaro3 » 29 kvě 2019 19:32

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

TomikCR
Level 1
Level 1
Příspěvky: 73
Registrován: srpen 07
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu - hučící větrák, zpomalený počítač, zamrzání stránek

Příspěvekod TomikCR » 29 kvě 2019 22:22

----------------------------------------------------------------------------
CrystalDiskInfo 8.0.0 (C) 2008-2018 hiyohiyo
Crystal Dew World : https://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 8.1 [6.3 Build 9600] (x64)
Date : 2019/05/29 22:21:58

-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ Řadič SATA AMD [ATA]
- ST1000LM014-1EJ1 SATA Disk Device
- hp DVDRAM GU90N SATA CdRom Device
- ATA Channel 0 (0) [ATA]
- ATA Channel 1 (1) [ATA]
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST1000LM014-1EJ164-SSHD : 1000,2 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST1000LM014-1EJ164-SSHD
----------------------------------------------------------------------------
Model : ST1000LM014-1EJ164-SSHD
Firmware : HPM6
Serial Number : W382GMEJ
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ACS-3 Revision 3b
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 13053 hod.
Power On Count : 3115 krát
Temperature : 40 C (104 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----
Drive Letter : C: D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 119 _99 __6 00000D799320 Počet chyb čtení
03 _98 _97 __0 000000000000 Čas na roztočení ploten
04 _97 _97 __0 000000000C28 Počet spuštění/zastavení
05 100 100 _10 000000000000 Počet přemapovaných sektorů
07 _83 _60 _30 00010DC727CF Počet chybných hledání
09 _86 _86 __0 0000000032FD Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _97 _97 __0 000000000C2B Počet cyklů zapnutí zařízení
B7 100 100 __0 000000000000 Specifický pro výrobce
B8 100 100 _97 000000000000 Ukončovacích chyb
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 100 __0 000000000000 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _60 _44 _45 000228190028 Teplota toku vzduchu
BF 100 100 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 00000000005D Počet vypnutí disku
C1 _66 _66 __0 000000010A3D Počet cyklů načítání/vymazání
C2 _40 _56 __0 001400000028 Teplota
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
FE 100 100 __0 000000000000 Ochrana proti pádu

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5733 3832 474D 454A 2020 2020 2020 2020 2020 2020
020: 0000 0000 0004 4850 4D36 2020 2020 5354 3130 3030
030: 4C4D 3031 342D 3145 4A31 3634 2D53 5348 4420 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0010
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 8D0E 0006 004C 004C
080: 03F8 001F 306B 7C09 6123 3069 BC09 6123 203F 005D
090: 005D 8080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5000 C500
110: 7C4B 9049 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 6DB0
130: 7470 6DB0 7470 2020 0002 0140 0108 5000 3C06 3C0A
140: 0000 0078 0000 0008 0000 0000 05FF 0280 0000 0000
150: 0008 0000 0000 0000 0000 0001 0000 0000 7200 8806
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 10B5 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 107E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0080 0000 0000 0000 0000
240: 0000 0000 0000 1003 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 DEA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 2F 00 77 63 20 93 79 0D 00 00 00 03 23
010: 00 62 61 00 00 00 00 00 00 00 04 33 00 61 61 28
020: 0C 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 2F 00 53 3C CF 27 C7 0D 01 00 00 09 32
040: 00 56 56 FD 32 00 00 00 00 00 0A 33 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 61 61 2B 0C 00 00 00
060: 00 00 B7 32 00 64 64 00 00 00 00 00 00 00 B8 33
070: 00 64 64 00 00 00 00 00 00 00 BB 32 00 64 64 00
080: 00 00 00 00 00 00 BC 32 00 64 64 00 00 00 00 00
090: 00 00 BD 3A 00 64 64 00 00 00 00 00 00 00 BE 22
0A0: 00 3C 2C 28 00 19 28 02 00 00 BF 32 00 64 64 00
0B0: 00 00 00 00 00 00 C0 22 00 64 64 5D 00 00 00 00
0C0: 00 00 C1 32 00 42 42 3D 0A 01 00 00 00 00 C2 22
0D0: 00 28 38 28 00 00 00 14 00 00 C4 32 00 64 64 00
0E0: 00 00 00 00 00 00 C5 32 00 64 64 00 00 00 00 00
0F0: 00 00 C6 30 00 64 64 00 00 00 00 00 00 00 C7 32
100: 00 C8 C8 00 00 00 00 00 00 00 FE 32 00 64 64 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 8B 00 00 53
170: 03 00 01 00 02 C2 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 38 04 00 00 02 02 03 03 03 03 03 03
190: 03 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 90 DD 63 EE BC 2A 00 00
1B0: 00 00 00 00 01 00 AC 05 A0 D7 CE 89 05 00 00 00
1C0: 4F 79 09 86 07 00 00 00 00 00 00 00 00 00 00 00
1D0: 01 00 00 00 00 00 00 00 96 09 00 00 01 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9B

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 20 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 0A 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00
060: 00 00 B7 00 00 00 00 00 00 00 00 00 00 00 B8 61
070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00
080: 00 00 00 00 00 00 BC 00 00 00 00 00 00 00 00 00
090: 00 00 BD 00 00 00 00 00 00 00 00 00 00 00 BE 2D
0A0: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00
0B0: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00
0C0: 00 00 C1 00 00 00 00 00 00 00 00 00 00 00 C2 00
0D0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0E0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0F0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
100: 00 00 00 00 00 00 00 00 00 00 FE 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19

TomikCR
Level 1
Level 1
Příspěvky: 73
Registrován: srpen 07
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu - hučící větrák, zpomalený počítač, zamrzání stránek

Příspěvekod TomikCR » 29 kvě 2019 22:27

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05.2019
Ran by TomikCR (29-05-2019 22:24:23)
Running from C:\Users\TomikCR\Desktop
Windows 8.1 (Update) (X64) (2014-10-27 13:40:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1268798374-1140181337-1142225549-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1268798374-1140181337-1142225549-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1268798374-1140181337-1142225549-1004 - Limited - Enabled)
TomikCR (S-1-5-21-1268798374-1140181337-1142225549-1002 - Administrator - Enabled) => C:\Users\TomikCR

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.192 - Adobe)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1345, 26.03.2014 - AIMP DevTeam)
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.57.44284 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CamStudio (HKLM-x32\...\CamStudio) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CrystalDiskInfo 8.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.0.0 - Crystal Dew World)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6303 - Název společnosti:) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6303 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - Název společnosti:) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DummyInstaller (HKLM-x32\...\{E2210743-20C9-48E3-BA03-B1E39772E662}) (Version: 1.0.0 - Microsoft)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
FormatFactory 3.9.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.9.5.0 - Free Time)
Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation)
Free Video Cutter 1.3 (HKLM-x32\...\FreeVideoCutter) (Version: - Tomatosoft)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Glary Duplicate Cleaner 5.0.1.20 (HKLM-x32\...\Glary Duplicate Cleaner) (Version: 5.0.1.20 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{9D7BFF2A-F810-4E35-BE2C-A6CB4B9202DB}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.39 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{1E14ACF0-1480-4467-A73D-67C4FD35A5F4}) (Version: 8.7.50.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{A0310A3B-73AB-4E81-ABB6-8D4CEF8C0AA6}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.39 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.39 - Softex Inc.) Hidden
jwDuplFiles 2.0 (HKLM-x32\...\jwDuplFiles_is1) (Version: - jw)
LG United Mobile Drivers (HKLM-x32\...\{73EAAF2F-9A69-409B-832F-2DCD0371CD44}) (Version: 3.11.3.0 - LG Electronics)
Malwarebytes verze 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Medal of Honor™ Warfighter (HKLM-x32\...\{1040143F-FEFB-4B90-8E51-E47D40E14C4E}) (Version: 1.0.0.3 - Electronic Arts)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Název společnosti:)
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Název společnosti:) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.38.25027 - Electronic Arts, Inc.)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - )
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
PicosmosTools 1.3.0.0 (HKLM-x32\...\PicosmosTools) (Version: 1.3.0.0 - Free Time)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.0.2700 - Jan Fiala)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.24 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RogueKiller version 13.2.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.1.0 - Adlice Software)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.17113.1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.17113.1 - Samsung Electronics Co., Ltd.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Splinter Cell Conviction (HKLM-x32\...\Uplay Install 2) (Version: - Ubisoft)
SRWare Iron verze 66.0.3450.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: 66.0.3450.0 - SRWare)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.03 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
XLS Reader (HKLM-x32\...\{30D6D257-BE4B-48F2-8D9E-E787A52A0738}_is1) (Version: 1.0 - )
Zemana AntiMalware verze 3.1.210 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.1.210 - Zemana)

Packages:
=========
Box for Windows 8 -> C:\Program Files\WindowsApps\134D4F5B.Box_2.1.4.4_neutral__2qk4zy5s3qmee [2017-12-07] (Box, Inc.)
HP Connected Music -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedMusic_1.5.0.253_x86__v10z8vjag6ke6 [2017-12-07] (Hewlett-Packard Company)
McAfee® Central for HP -> C:\Program Files\WindowsApps\2703103D.McAfeeCentral_5.0.177.1_x64__4ehj4w4frejdr [2018-04-03] (.-McAfee Inc-.)
Prima PLAY -> C:\Program Files\WindowsApps\PrimaOn-line.PrimaPLAY_1.0.0.11_x64__v0phzxb1wbfgp [2017-12-07] (Prima On-line)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_1.18.3.0_x64__8wekyb3d8bbwe [2017-12-07] (Microsoft Corporation)
Výběr prohlížeče -> C:\Windows\BrowserChoice [2014-10-29] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Windows -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-08-14] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-06-19] (Foxit Corporation -> Foxit Corporation)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-08-14] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-01-30 19:07 - 2015-01-30 19:07 - 002169344 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2015-01-30 19:09 - 2015-01-30 19:09 - 000065024 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-01-30 19:05 - 2015-01-30 19:05 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2015-01-30 19:05 - 2015-01-30 19:05 - 000035840 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2015-01-30 19:06 - 2015-01-30 19:06 - 000715264 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2010-11-18 21:08 - 2010-11-18 21:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-10-07 07:13 - 2014-10-07 07:13 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2014-10-07 07:04 - 2013-04-02 00:19 - 000574464 _____ (Realtek Semiconductor Corp. ) [File not signed] C:\Windows\system32\Rtlihvs.dll
2019-05-16 23:27 - 2017-12-22 00:15 - 001548288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2019-05-16 23:27 - 2017-12-22 00:15 - 000395776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2019-05-16 23:27 - 2018-04-10 16:01 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2019-05-16 23:27 - 2018-04-10 16:02 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2019-05-16 23:27 - 2018-04-10 16:02 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2019-05-16 23:27 - 2018-04-10 16:02 - 001177600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2019-05-16 23:27 - 2018-04-10 16:02 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2019-05-16 23:27 - 2018-04-10 16:02 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\TomikCR:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\101hotteens.com -> 101hotteens.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\123expressview.com -> 123expressview.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\12don.info -> 12don.info
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\143fuck.com -> 143fuck.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\17gamo.com -> 17gamo.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\17webplace.com -> 17webplace.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1autocity.com -> 1autocity.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1ive.net -> 1ive.net
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1se.ru -> 1se.ru
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1traff.us -> 1traff.us
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1ze.net -> 1ze.net
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\2-antispyware.com -> 2-antispyware.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\2004search.cc -> 2004search.cc

There are 4768 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-05-27 20:14 - 2019-05-27 20:14 - 000000841 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

2019-02-20 19:50 - 2019-05-29 18:08 - 000000402 _____ C:\Windows\system32\drivers\etc\hosts.ics

188.175.77.153 Notebook-Tom�

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img3.jpg
DNS Servers: 94.74.192.252 - 94.74.192.244
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "CCleaner Monitoring"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "CCleaner Monitoring"
HKLM\...\StartupApproved\Run32: => "Steam"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\StartupApproved\Run: => "GarminExpress"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1CC34E28-E6C3-4711-9B47-D8EAD2CBCEA5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{9BA61F3C-C2C8-4054-9168-35ECE97EE20C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{6D885129-B6D9-4ECB-91D4-AD966BD89099}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{8C7B268B-3BFF-494F-B644-B2099B5B2E59}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [TCP Query User{B36222F1-0222-4BFD-A2F0-2F33A0C21900}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{E68BA144-7CD2-4E62-8A1E-546787B35C64}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7614C90A-4AFA-4ADA-8636-46988E56B843}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{73465108-B366-494D-9CE4-E1790F6DB230}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{46D02ECA-7F70-4628-B481-1559B37FEAF5}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{53F70477-B064-4A71-AFC4-D258D3D2B9C5}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{073C541A-8F21-4128-97EE-5B4D2AAECD9F}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{5F0FE4F5-3BEB-428F-9242-2A3D9E8F28DD}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{60BDCEBA-C904-4645-A721-D73955C84B83}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{C1FA443D-BEA6-4910-9541-179C82298979}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{47AA6F04-B56C-4E51-A30E-518C1BF30A32}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{692EBF71-F9F4-4C8B-8EEB-9FDED0E20070}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F84D609A-0B14-4C13-AC73-7905CBF27163}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{0959806F-1C68-4E6A-B41E-7D0F3173E088}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{5E7846A6-6E66-4CE2-99DD-7EC34415A395}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{9FC260E1-61E6-49DB-84C6-D6545E69FC41}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{627D54CE-5120-4BAD-AB02-176DC8A5309A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wolfenstein The Old Blood\WolfOldBlood_x64.exe (MachineGames) [File not signed]
FirewallRules: [{BF6D9EB9-E902-4061-94D5-31A205C25313}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wolfenstein The Old Blood\WolfOldBlood_x64.exe (MachineGames) [File not signed]
FirewallRules: [{86A4BDC1-8387-49B0-BC5B-E1BC7C939C3C}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{266C9AFE-147A-4B45-9FC4-890F6ED2B69B}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{4E74BF82-92A6-4B11-9E9D-8E6FD22E5325}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe (City Interactive S.A.) [File not signed]
FirewallRules: [{D6680FE9-B4AB-4E18-B458-28C0C7012DB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe (City Interactive S.A.) [File not signed]
FirewallRules: [{FDED86D2-584F-428E-97CD-73709B9D0FB9}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{7A19DD6E-504C-42A6-AFDC-ECB485EBEB54}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{9C27559B-2275-4197-BDE8-43220765AAD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe (MachineGames) [File not signed]
FirewallRules: [{BB4BF445-99C3-49DB-8B69-9474AF762A1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe (MachineGames) [File not signed]
FirewallRules: [{4F1BA0D9-0A72-4D32-AE5D-AF47A05F4911}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{37A2BC21-31AB-43F6-9491-99F2D939EEA9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{69EC0605-925B-417D-A499-DBD6510B606C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe (Activision Publishing Inc -> )
FirewallRules: [{9061CD86-F8DB-4B68-B3C7-5D81D7D9D72A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe (Activision Publishing Inc -> )
FirewallRules: [{7CE032A4-61F1-416F-9B95-BEEF73471C2D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe (Valve Corp. -> ) [File not signed]
FirewallRules: [{DF5CC741-2046-4D0B-851D-6C223D8AB330}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe (Valve Corp. -> ) [File not signed]
FirewallRules: [TCP Query User{05309AE3-DC54-400C-9928-FCDF471FEE0A}C:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\blacklist_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\blacklist_game.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [UDP Query User{115DDC04-8D88-4A68-ACC4-5DDBE5888403}C:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\blacklist_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\blacklist_game.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{186EC5C2-0784-4BC6-AFAE-BBB8675B6E5F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{AE9FF3DB-0E1D-4E28-A5C3-0FE42067EBD8}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{9F3AD359-2093-4F9E-80CC-8E7783A32B9D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{ACDF59EE-BFE4-484F-9191-90DDBB2502D2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{E9D01CC9-666C-49D2-A12B-637C4F95BF7F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [{1D4B9D9F-EA76-44B7-99EC-337AF4F1D137}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [{DF622A73-8EBF-4756-A660-097AAC1B4635}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warface\WarfaceMycomSteamLoader.exe (my.com .BV -> MY.COM B.V.)
FirewallRules: [{4536DBB5-B147-45B2-A2F0-EBBDDE8013C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warface\WarfaceMycomSteamLoader.exe (my.com .BV -> MY.COM B.V.)
FirewallRules: [TCP Query User{574D986B-805E-4B81-9D0F-552CBF5A7A90}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe (Mail.Ru, LLC -> )
FirewallRules: [UDP Query User{7D5EEF70-0C79-4BDD-857F-331494E4580C}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe (Mail.Ru, LLC -> )
FirewallRules: [{9A33CA2F-5E1F-43EA-862F-1178CF153423}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{DAC7188F-784F-4FF1-BCC1-32BD3CD55AA0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [TCP Query User{D2A7E6F5-66BF-4A06-8434-523326665DBF}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe (New World Interactive LLC -> New World Interactive LLC)
FirewallRules: [UDP Query User{D423CBAE-33E1-4963-A346-FCAB90330724}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe (New World Interactive LLC -> New World Interactive LLC)
FirewallRules: [{D84C10A5-12FA-496B-8B99-7FA0D1ECD198}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Psi Project Legacy\PSI PROJECT LEGACY.exe () [File not signed]
FirewallRules: [{F8063F35-3F26-45DF-BF77-F80A719024A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Psi Project Legacy\PSI PROJECT LEGACY.exe () [File not signed]
FirewallRules: [{09AA2C6F-5F4D-4D86-9D51-F0F447915758}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mumps\nw.exe (The NWJS Community) [File not signed]
FirewallRules: [{5754CA55-9824-44D3-A4A5-24E0BC05502D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mumps\nw.exe (The NWJS Community) [File not signed]
FirewallRules: [{D0C32D11-A332-4E4D-84B3-A49FE199F9B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe (Valve Corp. -> )
FirewallRules: [{C9FAB298-AFB1-4A6F-A6BA-CD6C74D705E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe (Valve Corp. -> )
FirewallRules: [{FA5158E2-A14C-4C82-AC2A-E81671B4903D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOps.exe (Valve Corp. -> )
FirewallRules: [{25B03860-6CE9-4497-9499-E912A867042B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOps.exe (Valve Corp. -> )
FirewallRules: [TCP Query User{2EAB1902-2E54-46F4-9CCB-5CD84CD94D1E}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe (New World Interactive LLC -> New World Interactive LLC)
FirewallRules: [UDP Query User{94C8B6F6-AAD4-4136-8158-B5B375BBC870}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe (New World Interactive LLC -> New World Interactive LLC)
FirewallRules: [{DBAE770F-BEF2-4A12-9AE9-FA126A012267}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Splinter Cell Conviction\src\system\Conviction_game.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{DB858070-7DC0-4CFF-A4AB-ABED4811BEF6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Splinter Cell Conviction\src\system\Conviction_game.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{1B274286-DC7C-494E-8B4F-228156F7A182}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe (City Interactive S.A.) [File not signed]
FirewallRules: [{0968915E-C9E2-4356-BF4C-23F4FA2995C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe (City Interactive S.A.) [File not signed]
FirewallRules: [{92CC7308-332C-4A85-9415-FE3ACE9095C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Turing Test\TheTuringTest\Binaries\Win64\TheTuringTest.exe (Bulkhead Interactive) [File not signed]
FirewallRules: [{35311A43-F6F4-41BA-8A03-C543C8EA8A5E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Turing Test\TheTuringTest\Binaries\Win64\TheTuringTest.exe (Bulkhead Interactive) [File not signed]
FirewallRules: [{6174B5C2-ECEC-4F53-B605-9C940B0AB125}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{3C6B07A5-0FFA-47DF-BD4C-C4A25D70A70D}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{88E36055-0441-42CF-9D08-E2E8684F05C1}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{2D7215B7-3424-418C-A4C7-71F08CA459DE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{E2AFC978-F0CB-42AB-9563-CD0FC7DA5466}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{40AB49F5-FD91-4342-81B3-AF3623379577}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{EC7E9684-746E-4D6E-A740-ECCFBCB9E32F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{A23CF9B2-8D66-4131-B59D-211EBBDF0FDD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{69A0B5C9-932E-41BA-B8E6-D02621048179}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{2C7BE513-7021-4504-B358-EB5B6266A6F3}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\MOHW.exe (Electronic Arts -> Danger Close Games)
FirewallRules: [{1DA81555-8574-4F05-852B-892A891B41AF}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\MOHW.exe (Electronic Arts -> Danger Close Games)
FirewallRules: [{5662E037-4296-465D-88F9-97C9051853B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

12-05-2019 14:25:42 Naplánovaný kontrolní bod
15-05-2019 18:57:48 Windows Update
18-05-2019 20:50:39 Installed Samsung Kies
20-05-2019 22:27:43 Installed HP Support Assistant
26-05-2019 18:42:35 JRT Pre-Junkware Removal
27-05-2019 20:13:20 zoek.exe restore point

TomikCR
Level 1
Level 1
Příspěvky: 73
Registrován: srpen 07
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu - hučící větrák, zpomalený počítač, zamrzání stránek

Příspěvekod TomikCR » 29 kvě 2019 22:27

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2019 08:45:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (05/27/2019 08:13:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DaS_21.exe, verze: 2.1.0.4, časové razítko: 0x540c90b2
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.19358, časové razítko: 0x5ccfa112
Kód výjimky: 0xe0434352
Posun chyby: 0x00000000000085bc
ID chybujícího procesu: 0xc74
Čas spuštění chybující aplikace: 0x01d514b7f0f1a45e
Cesta k chybující aplikaci: C:\Users\TomikCR\AppData\Local\Temp\DaS_21.exe
Cesta k chybujícímu modulu: C:\Windows\system32\KERNELBASE.dll
ID zprávy: 2fabe491-80ab-11e9-8337-8cdcd48d65de
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/27/2019 08:13:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: DaS_21.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ArgumentOutOfRangeException
na System.Console.SetWindowSize(Int32, Int32)
na DriverAndServicesOut.Program.Main(System.String[])

Error: (05/20/2019 11:45:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HPPerformanceTuneup.exe, verze: 1.0.5.1, časové razítko: 0x5ad0d16c
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.19358, časové razítko: 0x5ccf981a
Kód výjimky: 0xe0434352
Posun chyby: 0x00013ce8
ID chybujícího procesu: 0x1364
Čas spuštění chybující aplikace: 0x01d50f4c1e205e9b
Cesta k chybující aplikaci: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPerformanceTuneup\HPPerformanceTuneup.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\KERNELBASE.dll
ID zprávy: 92e286d2-7b48-11e9-8336-8cdcd48d65de
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/20/2019 11:45:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: HPPerformanceTuneup.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.IO.DirectoryNotFoundException
na System.IO.__Error.WinIOError(Int32, System.String)
na System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
na System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32)
na System.Xml.XmlDownloadManager.GetStream(System.Uri, System.Net.ICredentials, System.Net.IWebProxy, System.Net.Cache.RequestCachePolicy)
na System.Xml.XmlUrlResolver.GetEntity(System.Uri, System.String, System.Type)
na System.Xml.XmlTextReaderImpl.OpenUrlDelegate(System.Object)
na System.Threading.CompressedStack.runTryCode(System.Object)
na System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
na System.Threading.CompressedStack.Run(System.Threading.CompressedStack, System.Threading.ContextCallback, System.Object)
na System.Xml.XmlTextReaderImpl.OpenUrl()
na System.Xml.XmlTextReaderImpl.Read()
na System.Xml.XmlTextReader.Read()
na HPPTU.Model.HPPTUXMLLogging.ReadXML(Int32)
na HPPTU.ViewModel.MainWindowVM.OnPerformanceActionsComplete()
na HPPTU.ViewModel.MainWindowVM.ExecutePerformanceActions(System.Collections.Generic.List`1<Int32>)
na HPPTU.ViewModel.MainWindowVM+<>c__DisplayClass243_0.<ExecuteOptimization>b__0()
na System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (05/20/2019 10:29:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19358_none_6244092fecba36f7.manifest.
Součást 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19358_none_a9f1400701365ffd.manifest.

Error: (05/20/2019 10:09:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19358_none_6244092fecba36f7.manifest.
Součást 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19358_none_a9f1400701365ffd.manifest.

Error: (05/18/2019 10:42:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19358_none_6244092fecba36f7.manifest.
Součást 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19358_none_a9f1400701365ffd.manifest.


System errors:
=============
Error: (05/29/2019 10:03:14 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače ROUTER,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{CA7B9554-2C11-424B-BDEE-2333473482ED}.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.

Error: (05/29/2019 09:54:00 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Název WORKGROUP :1d nelze zaregistrovat v rozhraní s IP adresou 188.175.77.153.
Počítač s IP adresou 188.175.77.190 nepovolil získání názvu
tímto počítačem.

Error: (05/29/2019 06:26:48 PM) (Source: DCOM) (EventID: 10010) (User: Notebook-Tomáš)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/29/2019 06:26:18 PM) (Source: DCOM) (EventID: 10010) (User: Notebook-Tomáš)
Description: Server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/29/2019 06:20:27 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače ROUTER,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{CA7B9554-2C11-424B-BDEE-2333473482ED}.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.

Error: (05/29/2019 06:08:58 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Přidělování DHCP bylo automaticky vypnuto u IP adresy 188.175.77.153, protože tato adresa nepatří do oboru 192.168.137.0/255.255.255.0, ze kterého jsou přidělovány adresy klientům DHCP. Chcete-li přidělování DHCP u této IP adresy zapnout, změňte obor tak, aby tuto IP adresu zahrnoval, nebo změňte IP adresu tak, aby patřila do oboru.

Error: (05/29/2019 06:08:58 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: Službě ICS_IPV6 se nepodařilo nakonfigurovat zásobník IPv6.

Error: (05/29/2019 09:33:15 AM) (Source: DCOM) (EventID: 10010) (User: Notebook-Tomáš)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
===================================
Date: 2019-05-29 22:15:58.232
Description:
Prohledávání Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Název: Trojan:Win32/Detplock
ID: 2147680291
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\TomikCR\Downloads\CrystalDiskInfo8_0_0.exe;webfile:_C:\Users\TomikCR\Downloads\CrystalDiskInfo8_0_0.exe|https://ftp.stahuj.cz/dl/4310c2add379edefb9cfd5264afe9736/5ceee875/stahuj/download/software/secured/lista/c/crystaldiskinfo/800/instalace/CrystalDiskInfo8_0_0.exe|chrome.exe
Původ zjišťování: Internet
Typ zjišťování: FastPath
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: Notebook-Tomáš\TomikCR
Název procesu: Unknown
Verze podpisu: AV: 1.293.2505.0, AS: 1.293.2505.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-05-29 22:14:25.528
Description:
Prohledávání Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Název: Trojan:Win32/Detplock
ID: 2147680291
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\TomikCR\Downloads\CrystalDiskInfo8_0_0.exe;webfile:_C:\Users\TomikCR\Downloads\CrystalDiskInfo8_0_0.exe|https://ftp.stahuj.cz/dl/398eb95da4a4f28e4cf5ebe86db33554/5ceee7f4/stahuj/download/software/secured/lista/c/crystaldiskinfo/800/instalace/CrystalDiskInfo8_0_0.exe|chrome.exe
Původ zjišťování: Internet
Typ zjišťování: FastPath
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: Notebook-Tomáš\TomikCR
Název procesu: Unknown
Verze podpisu: AV: 1.293.2505.0, AS: 1.293.2505.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-05-29 18:28:09.154
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {A5E3527A-83BC-45AF-83EE-9634E11BAAB0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-05-28 18:06:20.631
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {CDF0CD02-4AD0-4986-B6C3-6F43EED81A0B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-05-26 12:03:04.135
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {D6EAC0FF-92F7-4365-898B-BE0C2694EBD3}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-05-18 18:22:37.248
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.293.1804.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15900.4
Kód chyby: 0x80070652
Popis chyby :Momentálně je spuštěna jiná instalace. Před spuštěním nové instalace nejdříve dokončete spuštěnou instalaci.

Date: 2019-05-18 18:22:37.247
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.293.1804.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15900.4
Kód chyby: 0x80070652
Popis chyby :Momentálně je spuštěna jiná instalace. Před spuštěním nové instalace nejdříve dokončete spuštěnou instalaci.

Date: 2019-05-18 18:22:36.372
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu:
Zdroj aktualizace: Uživatel
Typ podpisu:
Typ aktualizace:
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu:
Kód chyby: 0x80070652
Popis chyby :Momentálně je spuštěna jiná instalace. Před spuštěním nové instalace nejdříve dokončete spuštěnou instalaci.

Date: 2019-05-18 18:22:36.371
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu:
Zdroj aktualizace: Uživatel
Typ podpisu:
Typ aktualizace:
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu:
Kód chyby: 0x80070652
Popis chyby :Momentálně je spuštěna jiná instalace. Před spuštěním nové instalace nejdříve dokončete spuštěnou instalaci.

Date: 2019-05-18 18:22:24.875
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.293.1804.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15900.4
Kód chyby: 0x80240016
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2019-05-29 22:15:58.227
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-29 22:15:57.654
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-29 22:14:42.566
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-29 22:14:41.787
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-29 22:14:25.047
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-29 22:14:24.345
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-27 21:29:16.356
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-27 21:29:15.807
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F.43 08/19/2015
Motherboard: Hewlett-Packard 22C8
Processor: AMD A10-5745M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 33%
Total physical RAM: 7364.65 MB
Available physical RAM: 4921.93 MB
Total Virtual: 8516.65 MB
Available Virtual: 5568.98 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:911.85 GB) (Free:475.86 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.64 GB) (Free:2.03 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{ad6ee12d-bb7d-4b6d-93b7-c712da00adee}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9EF76B68)

Partition: GPT.

==================== End of Addition.txt ============================

TomikCR
Level 1
Level 1
Příspěvky: 73
Registrován: srpen 07
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu - hučící větrák, zpomalený počítač, zamrzání stránek

Příspěvekod TomikCR » 29 kvě 2019 22:28

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05.2019
Ran by TomikCR (administrator) on NOTEBOOK-TOMÁŠ (Hewlett-Packard HP Pavilion 17 Notebook PC) (29-05-2019 22:23:14)
Running from C:\Users\TomikCR\Desktop
Loaded Profiles: TomikCR (Available Profiles: TomikCR & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc -> Raptr, Inc)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318112 2017-11-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-09] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation -> AppEx Networks Corporation)
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\MountPoints2: {24684548-5eda-11e9-8332-8cdcd48d65de} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\MountPoints2: {32cface4-3fdb-11e7-82ef-8cdcd48d65de} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\MountPoints2: {3b3586ed-7537-11e6-82d9-8cdcd48d65de} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\MountPoints2: {54023be7-c9cd-11e6-82e6-8cdcd48d65de} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\MountPoints2: {95276210-179b-11e6-82bc-1008b1bf986d} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\MountPoints2: {9762049a-c2a9-11e8-8322-8cdcd48d65de} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\MountPoints2: {a8a90f1d-db81-11e7-8304-8cdcd48d65de} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\MountPoints2: {cbf5fe95-cc84-11e7-82fa-8cdcd48d65de} - "F:\Lenovo_Suite.exe"
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [8704 2015-01-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-22] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2015-02-11] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2015-06-17] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2015-06-17] (Softex Inc..) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15476C8F-7F03-472E-A71A-CD0472D08335} - System32\Tasks\HPCeeScheduleForTomikCR => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2018-09-10] (HP Inc. -> HP Inc.)
Task: {283D2A9A-F89F-4E92-ADC2-DD989A25ED52} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {2B02CD5C-3E02-46E2-A2C9-05B510153E9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DBBD6CD-5DC3-4FCE-A02E-33C8076224C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
Task: {30281118-E353-486D-8A52-256D2D27BACF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {573A7084-0EB5-4DD5-9621-6819C057C1F2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {57C0E038-3E34-409D-8A13-2F3EA779B1A8} - System32\Tasks\{E6743BB5-36A4-49E9-B760-267A588ADE9E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe" -d "C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM"
Task: {682CB63B-D981-4355-93D4-3B00D19227EF} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [33971256 2019-05-22] (Adlice -> )
Task: {727362ED-C4BE-4A70-A7B7-65646D17FFE2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {7F7C49BD-261C-478D-AE8D-6F808681C640} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {83BBB0E6-4DF9-497B-97D6-ADA6813D075A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2018-12-10] (HP Inc. -> HP Inc.)
Task: {8688CCB1-F1FD-4C81-A9AC-77699DA76766} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_pepper.exe [1452600 2019-05-14] (Adobe Inc. -> Adobe)
Task: {90731782-F4C9-44C9-BFD5-F4E43B7A7A8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {91DEED0C-445C-45B8-B9BA-CBBB13D1E226} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39920 2018-10-24] (Garmin International, Inc. -> )
Task: {9CB5519C-3D43-4D66-BC67-E1A5D5686675} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [644672 2019-05-23] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {AA9477E9-1BCA-490D-9548-90EB2699C957} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {C34ED864-A768-4973-BB3A-49E31D39BD4A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2018-12-10] (HP Inc. -> HP Inc.)
Task: {CDA0672E-50FC-413D-B032-F0039DCD3E69} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1354552 2014-05-19] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
Task: {CECE2209-52EB-4108-9D31-D0AAD9E48FE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {CF0ECF08-88FD-4197-A3B1-07E66876D06B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd -> Piriform Ltd)
Task: {E0C030CA-93E1-4787-BF2E-4A5EA2F5D6F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2018-01-21] (Google Inc -> Google Inc.)
Task: {E46C7B2C-F629-493C-A1AC-2D71D30FF4E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2018-01-21] (Google Inc -> Google Inc.)
Task: {EF7DE7F1-7EB9-44E9-9993-A6B635E2AD1C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F25B6E50-6977-4B69-8E4D-7514E713EE4F} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2015-02-11] (CyberLink Corp. -> CyberLink Corp.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForTomikCR.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 94.74.192.252 94.74.192.244
Tcpip\..\Interfaces\{3B776279-A1B9-454D-B794-1DA754DDAFAC}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{CA7B9554-2C11-424B-BDEE-2333473482ED}: [DhcpNameServer] 94.74.192.252 94.74.192.244

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.cz/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2018-12-10] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2018-12-10] (HP Inc. -> HP Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: d1xemxoz.default
FF ProfilePath: C:\Users\TomikCR\AppData\Roaming\Mozilla\Firefox\Profiles\d1xemxoz.default [2019-05-27]
FF Homepage: Mozilla\Firefox\Profiles\d1xemxoz.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\d1xemxoz.default -> about:newtab
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-06-17] [Legacy] [not signed]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] (Foxit Corporation -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] (Foxit Corporation -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-1268798374-1140181337-1142225549-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2019-01-28] (Ubisoft Entertainment Sweden AB -> )

Chrome:
=======
CHR HomePage: Default -> hxxp://www.parlamentnilisty.cz/
CHR Profile: C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default [2019-05-29]
CHR Extension: (Prezentace) - C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-27]
CHR Extension: (Dokumenty) - C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-27]
CHR Extension: (Disk Google) - C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-27]
CHR Extension: (YouTube) - C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-27]
CHR Extension: (Tabulky) - C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-05-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-27]
CHR Extension: (Gmail) - C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-27]
CHR Extension: (Chrome Media Router) - C:\Users\TomikCR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [246784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S3 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2018-05-04] (BattlEye Innovations e.K. -> )
S3 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [98816 2014-10-11] () [File not signed]
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
S3 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 mracsvc; C:\Windows\System32\mracsvc.exe [8010968 2018-02-10] (Mail.Ru Games LLC -> LLC Mail.Ru)
S3 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [103424 2015-01-30] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2303792 2019-04-22] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3175216 2019-04-22] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2019-02-24] (Even Balance, Inc. -> )
S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
S3 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [53424 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [21622784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [665088 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2019-05-27] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Google Inc)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus.sys [20992 2016-07-12] (Shenzhen Wondershare Information Technology Co., Ltd. -> LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation -> AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 cdrombus; C:\Windows\System32\Drivers\cdrombus.sys [25088 2012-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 Dot4Scan; C:\Windows\system32\DRIVERS\Dot4Scan.sys [19872 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation)
S3 dot4usb; C:\Windows\system32\DRIVERS\dot4usb.sys [49056 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [40624 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-13] (Martin Malik - REALiX -> REALiX(tm))
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-05-29] (Malwarebytes Corporation -> Malwarebytes)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [7238880 2018-02-10] (Mail.Ru Games LLC -> LLC Mail.Ru)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [243712 2014-08-08] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [580824 2014-09-10] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [6393856 2016-12-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2017-12-19] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-05-27] (Adlice -> )
R3 usbfilter; C:\Windows\system32\DRIVERS\usbfilter.sys [60640 2014-02-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-23] (Hewlett-Packard Company -> HP)
R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-23] (Hewlett-Packard Company -> HP)
S3 cpuz138; \??\C:\Users\TomikCR\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S0 SmartDefragDriver; System32\Drivers\SmartDefragDriver.sys [X]
S3 SmbDrv; \SystemRoot\system32\DRIVERS\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-29 22:23 - 2019-05-29 22:23 - 000028713 _____ C:\Users\TomikCR\Desktop\FRST.txt
2019-05-29 22:23 - 2019-05-29 22:23 - 000000000 ____D C:\FRST
2019-05-29 22:20 - 2019-05-29 22:20 - 000001231 _____ C:\Users\TomikCR\Desktop\CrystalDiskInfo.lnk
2019-05-29 22:20 - 2019-05-29 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2019-05-29 22:19 - 2019-05-29 22:19 - 015347688 _____ C:\Users\TomikCR\Desktop\CRYSTALDISKINFO8_0_0.EXE
2019-05-29 22:18 - 2019-05-29 22:18 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-05-29 22:14 - 2019-05-29 22:14 - 002435584 _____ (Farbar) C:\Users\TomikCR\Desktop\FRST64.exe
2019-05-27 21:28 - 2019-05-29 22:23 - 001876800 _____ C:\Windows\ZAM.krnl.trace
2019-05-27 21:28 - 2019-05-27 21:36 - 000000000 ____D C:\Users\TomikCR\AppData\Local\AMSDK
2019-05-27 21:28 - 2019-05-27 21:28 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2019-05-27 21:28 - 2019-05-27 21:28 - 000003478 _____ C:\Windows\System32\Tasks\AMHelper
2019-05-27 21:28 - 2019-05-27 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2019-05-27 21:28 - 2019-05-27 21:28 - 000000000 ____D C:\Program Files (x86)\Zemana
2019-05-27 20:41 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2019-05-27 20:09 - 2019-05-27 20:35 - 000000000 ____D C:\zoek_backup
2019-05-27 19:37 - 2019-05-27 19:37 - 000028272 _____ C:\Windows\system32\Drivers\truesight.sys
2019-05-27 00:39 - 2019-05-27 20:43 - 000003028 _____ C:\Windows\System32\Tasks\RogueKiller Anti-Malware
2019-05-27 00:39 - 2019-05-27 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-05-27 00:39 - 2019-05-27 00:39 - 000000000 ____D C:\Program Files\RogueKiller
2019-05-26 18:48 - 2017-12-03 20:58 - 000002841 _____ C:\Users\TomikCR\Documents\Sophos Virus Removal Tool.lnk
2019-05-26 01:08 - 2019-05-26 01:08 - 000129770 _____ C:\Users\TomikCR\Desktop\Fantasia, EM953.pdf
2019-05-24 23:42 - 2019-05-24 23:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-24 23:42 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-05-24 23:41 - 2019-05-24 23:41 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-21 23:18 - 2019-05-21 23:27 - 000000000 ____D C:\Users\TomikCR\Desktop\rozpisy
2019-05-21 22:28 - 2019-05-21 22:28 - 000000000 ____D C:\Users\TomikCR\AppData\Local\CEF
2019-05-21 18:52 - 2019-05-21 18:52 - 000000000 ____D C:\Windows\LastGood.Tmp
2019-05-21 00:55 - 2019-05-21 00:55 - 000080516 _____ C:\Users\TomikCR\Desktop\BarriosPreludeCminor.pdf
2019-05-20 23:45 - 2019-05-27 20:13 - 000000000 ____D C:\Users\TomikCR\AppData\Local\CrashDumps
2019-05-20 23:44 - 2019-05-24 23:44 - 000003188 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTomikCR
2019-05-20 23:44 - 2019-05-24 23:44 - 000000370 _____ C:\Windows\Tasks\HPCeeScheduleForTomikCR.job
2019-05-20 23:44 - 2019-05-20 23:44 - 000000000 ____D C:\Users\TomikCR\AppData\Local\HP_Inc
2019-05-20 22:29 - 2019-05-20 22:29 - 000002254 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2019-05-20 22:12 - 2019-05-20 22:12 - 007025360 _____ (Malwarebytes) C:\Users\TomikCR\Desktop\adwcleaner_7.3.exe
2019-05-20 22:11 - 2019-05-20 22:11 - 000000000 ____D C:\Users\TomikCR\AppData\Local\CyberLink
2019-05-18 22:39 - 2019-05-18 22:39 - 000000000 ____D C:\Users\TomikCR\Documents\SideSync
2019-05-18 22:19 - 2019-05-18 22:19 - 000000000 ____D C:\Program Files\Samsung
2019-05-18 21:46 - 2019-05-18 21:46 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2019-05-18 21:10 - 2019-05-18 21:13 - 000000000 ____D C:\Users\TomikCR\Desktop\Mamka - Samsung
2019-05-18 20:58 - 2016-07-22 09:21 - 000015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_wh.sys
2019-05-18 20:58 - 2016-07-22 09:21 - 000015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_cm.sys
2019-05-18 20:55 - 2019-05-18 20:55 - 000002029 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2019-05-18 20:55 - 2019-05-18 20:55 - 000002019 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2019-05-18 20:55 - 2019-05-18 20:55 - 000000000 ____D C:\Users\TomikCR\Documents\samsung
2019-05-18 20:55 - 2019-05-18 20:55 - 000000000 ____D C:\Users\TomikCR\AppData\Local\Samsung
2019-05-18 20:55 - 2019-05-18 20:55 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log
2019-05-18 20:54 - 2019-05-20 23:58 - 000000000 ____D C:\Users\TomikCR\AppData\Roaming\Samsung
2019-05-18 20:52 - 2019-05-20 23:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2019-05-18 20:51 - 2019-05-21 00:01 - 000000000 ____D C:\Program Files (x86)\Samsung
2019-05-18 20:51 - 2019-05-18 20:51 - 000000000 ____D C:\ProgramData\Samsung
2019-05-18 20:51 - 2016-05-17 23:49 - 004659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2019-05-18 20:51 - 2016-05-17 23:49 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2019-05-18 10:38 - 2019-05-18 10:38 - 000072170 _____ C:\Users\TomikCR\Downloads\priloha_669312496_0_00806424_dne_0582_1900971454_qr (1).pdf
2019-05-17 08:50 - 2019-05-02 23:59 - 000835688 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-05-17 08:50 - 2019-05-02 23:59 - 000179816 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-16 23:34 - 2019-05-16 23:34 - 000280600 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2019-05-16 18:48 - 2019-05-16 18:48 - 012305431 _____ C:\Users\TomikCR\Downloads\Produktovy-letak-kocky.pdf
2019-05-15 18:28 - 2019-05-06 05:47 - 001311768 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-05-15 18:28 - 2019-05-06 05:36 - 001677024 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-05-15 18:28 - 2019-05-06 05:36 - 001537776 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-05-15 18:28 - 2019-05-06 05:35 - 007363320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-05-15 18:28 - 2019-05-06 05:34 - 000805384 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-05-15 18:28 - 2019-05-06 05:33 - 001136208 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-05-15 18:28 - 2019-05-06 04:12 - 000861184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-05-15 18:28 - 2019-05-06 04:08 - 001040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-05-15 18:28 - 2019-05-06 03:41 - 001197056 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2019-05-15 18:28 - 2019-04-30 02:51 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-05-15 18:28 - 2019-04-30 02:51 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-05-15 18:28 - 2019-04-25 06:01 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-05-15 18:28 - 2019-04-25 05:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-05-15 18:28 - 2019-04-25 05:31 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-05-15 18:28 - 2019-04-25 05:28 - 005775360 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-05-15 18:28 - 2019-04-25 05:26 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-05-15 18:28 - 2019-04-25 05:09 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-05-15 18:28 - 2019-04-25 05:03 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-05-15 18:28 - 2019-04-25 04:46 - 015285248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-05-15 18:28 - 2019-04-25 04:40 - 004493312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-05-15 18:28 - 2019-04-25 04:35 - 005303808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-05-15 18:28 - 2019-04-25 04:24 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-05-15 18:28 - 2019-04-25 04:18 - 004831232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-05-15 18:28 - 2019-04-25 04:14 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-05-15 18:28 - 2019-04-17 02:45 - 022373296 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-05-15 18:28 - 2019-04-17 02:41 - 019790872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-05-15 18:28 - 2019-04-16 15:45 - 001756160 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-05-15 18:28 - 2019-04-16 15:40 - 001493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-05-15 18:28 - 2019-04-14 18:37 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-05-15 18:28 - 2019-04-14 18:35 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-05-15 18:28 - 2019-04-14 18:09 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-05-15 18:28 - 2019-04-14 18:07 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-05-15 18:28 - 2019-04-09 00:17 - 000537096 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-05-15 18:28 - 2019-04-09 00:17 - 000139912 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-05-15 18:28 - 2019-04-09 00:13 - 000449744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-05-15 18:28 - 2019-04-09 00:12 - 000136736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-05-15 18:28 - 2019-04-08 23:40 - 000136432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2019-05-15 18:28 - 2019-04-07 02:57 - 001214720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-05-15 18:28 - 2019-04-06 22:31 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-05-15 18:28 - 2019-04-06 22:31 - 000376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-05-15 18:28 - 2019-04-06 22:31 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-05-15 18:28 - 2019-04-06 22:31 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-05-15 18:28 - 2019-04-06 22:31 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-05-15 18:28 - 2019-04-06 20:39 - 002172832 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-05-15 18:28 - 2019-04-06 20:39 - 001662512 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-05-15 18:28 - 2019-04-06 17:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-05-15 18:28 - 2019-04-06 00:47 - 000096208 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll
2019-05-15 18:28 - 2019-04-06 00:46 - 000177608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-05-15 18:28 - 2019-04-06 00:44 - 000073248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll
2019-05-15 18:28 - 2019-04-05 16:07 - 003324928 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-05-15 18:28 - 2019-04-05 16:06 - 001253888 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-05-15 18:28 - 2019-04-05 16:06 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-05-15 18:28 - 2019-04-05 16:06 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-05-15 18:28 - 2019-04-05 16:01 - 003618304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-05-15 18:28 - 2019-04-05 16:01 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-05-15 18:28 - 2019-04-05 01:58 - 000863232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2019-05-15 18:28 - 2019-04-05 00:15 - 000513416 _____ C:\Windows\SysWOW64\locale.nls
2019-05-15 18:28 - 2019-04-05 00:15 - 000513416 _____ C:\Windows\system32\locale.nls
2019-05-15 18:28 - 2019-04-04 20:01 - 000469504 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2019-05-15 18:28 - 2019-04-04 18:48 - 000713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2019-05-15 18:28 - 2019-04-04 18:44 - 002779648 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-05-15 18:28 - 2019-04-04 18:15 - 000562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2019-05-15 18:28 - 2019-04-04 18:10 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-05-15 18:27 - 2019-04-25 04:58 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-05-15 18:27 - 2019-04-25 04:50 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-05-15 18:27 - 2019-04-25 04:42 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-05-15 18:27 - 2019-04-25 04:37 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-05-15 18:27 - 2019-04-25 04:35 - 013682176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-05-15 18:27 - 2019-04-25 04:14 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-05-15 18:27 - 2019-04-25 04:12 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-05-15 18:27 - 2019-04-20 18:41 - 000081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2019-05-15 18:27 - 2019-04-04 19:41 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-05-15 18:27 - 2019-04-04 19:10 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2019-05-15 18:27 - 2019-04-04 18:49 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-05-13 19:08 - 2019-05-13 19:08 - 000118370 _____ C:\Users\TomikCR\Downloads\13uchextrakceosmaterialu (1).pdf
2019-04-30 21:00 - 2019-04-30 21:00 - 000273517 _____ C:\Users\TomikCR\Downloads\Rámcová smlouva.pdf
2019-04-30 20:59 - 2019-04-30 20:59 - 000389287 _____ C:\Users\TomikCR\Downloads\Návrh smlouvy úvěru.pdf
2019-04-29 18:38 - 2019-04-29 18:38 - 000280600 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2019-04-29 18:13 - 2019-04-29 18:13 - 000557362 _____ C:\Users\TomikCR\Downloads\cpp.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-29 22:20 - 2017-12-05 23:43 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2019-05-29 22:17 - 2018-03-09 23:17 - 000000000 ____D C:\Users\TomikCR\Desktop\Čističe
2019-05-29 18:12 - 2014-10-27 18:12 - 000004002 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{901E4CFD-6533-4966-B96F-CB91F4CEC206}
2019-05-29 18:08 - 2019-02-20 19:50 - 000000402 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2019-05-27 21:28 - 2017-12-04 21:47 - 000000000 ____D C:\Users\TomikCR\AppData\Local\Zemana
2019-05-27 20:48 - 2014-07-15 03:25 - 000762978 _____ C:\Windows\system32\perfh005.dat
2019-05-27 20:48 - 2014-07-15 03:25 - 000163700 _____ C:\Windows\system32\perfc005.dat
2019-05-27 20:48 - 2014-03-18 11:53 - 001876148 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-27 20:48 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2019-05-27 20:44 - 2018-10-10 17:37 - 000000000 ____D C:\Users\TomikCR\Documents\Youcam
2019-05-27 20:42 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-27 20:41 - 2014-10-07 07:08 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-05-27 20:41 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-05-27 20:35 - 2014-10-27 15:40 - 000000000 ____D C:\Users\TomikCR
2019-05-27 20:35 - 2013-08-22 17:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-05-27 08:22 - 2014-10-27 15:46 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1268798374-1140181337-1142225549-1002
2019-05-27 00:41 - 2017-12-03 22:42 - 000000000 ____D C:\ProgramData\RogueKiller
2019-05-26 18:40 - 2014-07-14 19:17 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2019-05-26 01:11 - 2014-11-02 22:08 - 007947776 ___SH C:\Users\TomikCR\Downloads\Thumbs.db
2019-05-24 23:41 - 2015-01-15 21:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-22 22:26 - 2014-11-20 20:57 - 010003968 ___SH C:\Users\TomikCR\Desktop\Thumbs.db
2019-05-22 01:20 - 2016-09-10 23:24 - 000000000 ____D C:\Users\TomikCR\AppData\Roaming\vlc
2019-05-22 00:26 - 2018-01-21 01:50 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-21 23:25 - 2016-10-28 21:05 - 000000000 ____D C:\Users\TomikCR\Desktop\Vstup
2019-05-21 22:33 - 2015-03-07 00:29 - 000000000 ____D C:\Program Files (x86)\Steam
2019-05-21 00:02 - 2018-10-10 00:52 - 000000000 ____D C:\Users\TomikCR\Documents\CCleaner-zálohy
2019-05-21 00:01 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\ModemLogs
2019-05-20 23:58 - 2014-07-14 18:53 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-05-20 23:22 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2019-05-20 22:29 - 2018-04-01 00:06 - 000000000 ____D C:\Users\TomikCR\AppData\Local\Hewlett-Packard
2019-05-20 22:29 - 2016-02-18 08:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\Hewlett-Packard
2019-05-20 22:29 - 2014-10-27 15:43 - 000000000 ____D C:\Users\TomikCR\AppData\Roaming\hpqlog
2019-05-20 22:29 - 2014-07-14 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2019-05-20 22:29 - 2014-07-14 18:47 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2019-05-20 22:28 - 2015-08-15 22:10 - 000000000 ____D C:\Program Files (x86)\HP
2019-05-20 22:25 - 2014-04-05 01:55 - 000000000 ____D C:\SWSetup
2019-05-20 17:39 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2019-05-18 22:27 - 2013-08-22 16:44 - 000386288 _____ C:\Windows\system32\FNTCACHE.DAT
2019-05-18 18:57 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache
2019-05-17 00:23 - 2013-08-22 17:36 - 000000000 ___RD C:\Windows\ToastData
2019-05-16 23:34 - 2014-10-28 18:10 - 000280600 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2019-05-16 23:33 - 2017-12-22 00:17 - 000000000 ____D C:\Users\TomikCR\AppData\Roaming\Origin
2019-05-16 23:32 - 2017-12-22 00:35 - 000000000 ____D C:\Program Files (x86)\Origin Games
2019-05-16 23:32 - 2017-12-22 00:13 - 000000000 ____D C:\ProgramData\Origin
2019-05-16 23:27 - 2017-12-22 00:15 - 000000000 ____D C:\Program Files (x86)\Origin
2019-05-15 23:19 - 2018-01-21 01:50 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 23:19 - 2018-01-21 01:50 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-15 19:06 - 2014-10-28 18:34 - 000000000 ____D C:\Windows\system32\MRT
2019-05-15 19:01 - 2014-10-28 18:34 - 132445408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-05-14 21:04 - 2017-12-19 00:12 - 000004556 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-05-14 21:04 - 2017-12-19 00:12 - 000004408 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-05-14 21:04 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-05-14 21:04 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed
2019-05-12 15:42 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps

==================== Files in the root of some directories =======

2016-08-29 14:27 - 2016-08-29 14:27 - 000004040 _____ () C:\Users\TomikCR\dht.dat
2016-08-29 14:27 - 2016-08-29 14:27 - 000001020 _____ () C:\Users\TomikCR\resume.dat
2016-08-29 14:27 - 2016-08-29 14:27 - 000000099 _____ () C:\Users\TomikCR\rss.dat
2016-08-29 14:27 - 2016-08-29 14:27 - 000006769 _____ () C:\Users\TomikCR\settings.dat
2016-08-31 18:56 - 2016-08-31 18:56 - 000007604 _____ () C:\Users\TomikCR\AppData\Local\Resmon.ResmonCfg
2016-07-13 19:40 - 2016-07-13 19:40 - 000000173 _____ () C:\Users\TomikCR\AppData\Local\uts.ini

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-27 18:43
==================== End of FRST.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39709
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu - hučící větrák, zpomalený počítač, zamrzání stránek

Příspěvekod jaro3 » 29 kvě 2019 23:29

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\101hotteens.com -> 101hotteens.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\123expressview.com -> 123expressview.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\12don.info -> 12don.info
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\143fuck.com -> 143fuck.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\17gamo.com -> 17gamo.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\17webplace.com -> 17webplace.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1autocity.com -> 1autocity.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1ive.net -> 1ive.net
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1se.ru -> 1se.ru
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1traff.us -> 1traff.us
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1ze.net -> 1ze.net
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\2-antispyware.com -> 2-antispyware.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\2004search.cc -> 2004search.cc
There are 4768 more sites.
Task: {E0C030CA-93E1-4787-BF2E-4A5EA2F5D6F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2018-01-21] (Google Inc -> Google Inc.)
Task: {E46C7B2C-F629-493C-A1AC-2D71D30FF4E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2018-01-21] (Google Inc -> Google Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
S3 cpuz138; \??\C:\Users\TomikCR\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

HOSTS:
EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

TomikCR
Level 1
Level 1
Příspěvky: 73
Registrován: srpen 07
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu - hučící větrák, zpomalený počítač, zamrzání stránek

Příspěvekod TomikCR » 30 kvě 2019 18:30

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05.2019
Ran by TomikCR (30-05-2019 18:23:52) Run:1
Running from C:\Users\TomikCR\Desktop
Loaded Profiles: TomikCR (Available Profiles: TomikCR & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\101hotteens.com -> 101hotteens.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\123expressview.com -> 123expressview.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\12don.info -> 12don.info
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\143fuck.com -> 143fuck.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\17gamo.com -> 17gamo.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\17webplace.com -> 17webplace.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1autocity.com -> 1autocity.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1ive.net -> 1ive.net
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1se.ru -> 1se.ru
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1traff.us -> 1traff.us
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\1ze.net -> 1ze.net
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\2-antispyware.com -> 2-antispyware.com
IE restricted site: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\...\2004search.cc -> 2004search.cc
There are 4768 more sites.
Task: {E0C030CA-93E1-4787-BF2E-4A5EA2F5D6F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2018-01-21] (Google Inc -> Google Inc.)
Task: {E46C7B2C-F629-493C-A1AC-2D71D30FF4E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2018-01-21] (Google Inc -> Google Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1268798374-1140181337-1142225549-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
S3 cpuz138; \??\C:\Users\TomikCR\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

HOSTS:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BtSendToMenuEx => removed successfully
HKLM\Software\Classes\CLSID\{CF24E6B8-F148-4BCB-9108-ADF313966E80} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SmartDefragExtension => removed successfully
HKLM\Software\Classes\CLSID\{189F1E63-33A7-404B-B2F6-8C76A452CC54} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SmartDefragExtension => removed successfully
HKLM\Software\Classes\CLSID\{189F1E63-33A7-404B-B2F6-8C76A452CC54} => not found
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\101hotteens.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\101lottery.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123expressview.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123found.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123keno.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12don.info => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\143fuck.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17gamo.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17webplace.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1autocity.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ive.net => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1se.ru => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1sexparty.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stfind.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stpagehere.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1traff.us => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ze.net => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2-antispyware.com => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2004search.cc => removed successfully
There are 4768 more sites. => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E0C030CA-93E1-4787-BF2E-4A5EA2F5D6F2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0C030CA-93E1-4787-BF2E-4A5EA2F5D6F2}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E46C7B2C-F629-493C-A1AC-2D71D30FF4E1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E46C7B2C-F629-493C-A1AC-2D71D30FF4E1}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => removed successfully
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => not found
C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => path removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => removed successfully
HKU\S-1-5-21-1268798374-1140181337-1142225549-1002\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz138 => removed successfully
cpuz138 => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => removed successfully
xhunter1 => service removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10851205 B
Java, Flash, Steam htmlcache => 408609098 B
Windows/system/drivers => 4412 B
Edge => 0 B
Chrome => 392723658 B
Firefox => 229376 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 7310 B
TomikCR => 4129208 B
Administrator => 3504 B

RecycleBin => 0 B
EmptyTemp: => 786.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:25:59 ====


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 7 hostů