Prosím pomoc. Problémy s prohlížečem

tomik.pb · Příspěvekod **tomik.pb** » 03 pro 2016 12:20

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2016
Ran by koryt_000 (administrator) on ROMCA-PC (03-12-2016 12:10:01)
Running from C:\Users\koryt_000\Desktop
Loaded Profiles: Romca & koryt_000 (Available Profiles: Romca & koryt_000)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe
(CHENGDU Yiwo Tech Development Co., Ltd.) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe [2090176 2016-08-26] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe [1242816 2016-08-26] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819048 2016-11-11] (Google)
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9108184 2016-11-07] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{ce22edf9-f1bf-45c9-8c78-e709c167df74}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{e90c8d31-48f9-4616-9d3d-6de6ad9ac1c4}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-1560035657-911311260-1851593216-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
SearchScopes: HKU\S-1-5-21-1560035657-911311260-1851593216-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-01] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: j0o9z1im.default
FF ProfilePath: C:\Users\koryt_000\AppData\Roaming\Mozilla\Firefox\Profiles\j0o9z1im.default [2016-12-01]
FF NewTab: Mozilla\Firefox\Profiles\j0o9z1im.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\j0o9z1im.default -> about:home
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-01] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1560035657-911311260-1851593216-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\koryt_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR HomePage: Default -> go.mail.ru/?fr=chhp11.0.29__PARAM__
CHR Profile: C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default [2016-12-03]
CHR Extension: (Prezentace Google) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-17]
CHR Extension: (Dokumenty Google) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-17]
CHR Extension: (Tabulky Google) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-09-11]
CHR Extension: (Gmail) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
CHR HKU\S-1-5-21-1560035657-911311260-1851593216-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KORYT_~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-09-11]
CHR HKU\S-1-5-21-1560035657-911311260-1851593216-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [icanjjkadceebmhanpekkofdhclnoijl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-05] (Dritek System INC.)
S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [163688 2016-08-02] (Sophos Limited)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-04-21] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-04-21] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-05] (Dritek System Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [138896 2016-10-18] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-12-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-12-01] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-03 12:10 - 2016-12-03 12:11 - 00020250 _____ C:\Users\koryt_000\Desktop\FRST.txt
2016-12-03 12:09 - 2016-12-03 12:10 - 00000000 ____D C:\FRST
2016-12-03 12:08 - 2016-12-03 12:09 - 02411520 _____ (Farbar) C:\Users\koryt_000\Desktop\FRST64.exe
2016-12-03 12:08 - 2016-12-03 12:08 - 02411520 _____ (Farbar) C:\Users\koryt_000\Downloads\FRST64.exe
2016-12-02 17:14 - 2016-12-02 17:14 - 00797760 _____ C:\Users\koryt_000\Downloads\delfix_1.013.exe
2016-12-02 17:11 - 2016-12-02 17:16 - 00000669 _____ C:\DelFix.txt
2016-12-02 17:07 - 2016-12-02 17:08 - 00000000 ____D C:\Users\koryt_000\Downloads\backups
2016-12-02 15:16 - 2016-12-02 15:16 - 00001508 _____ C:\Users\koryt_000\Desktop\Mal.txt
2016-12-02 07:03 - 2016-12-02 07:03 - 00000000 ____D C:\Users\Romca\AppData\Local\VirtualStore
2016-12-01 19:42 - 2016-12-01 19:42 - 00000000 ____D C:\Users\Romca\AppData\Local\Comms
2016-12-01 19:33 - 2016-12-01 19:33 - 00000000 ____D C:\Users\Romca\AppData\Local\ActiveSync
2016-12-01 19:31 - 2016-12-01 19:31 - 00000000 ____D C:\Users\Romca\AppData\Local\Zemana
2016-12-01 19:31 - 2016-12-01 19:31 - 00000000 ____D C:\Users\Romca\AppData\Local\Adobe
2016-12-01 17:57 - 2016-12-03 12:10 - 00314701 _____ C:\WINDOWS\ZAM.krnl.trace
2016-12-01 17:57 - 2016-12-03 12:10 - 00303277 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-12-01 17:57 - 2016-12-01 17:57 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-12-01 17:56 - 2016-12-01 17:57 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-12-01 17:56 - 2016-12-01 17:56 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-12-01 17:56 - 2016-12-01 17:56 - 00000000 ____D C:\Users\koryt_000\AppData\Local\Zemana
2016-12-01 17:56 - 2016-12-01 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-12-01 17:53 - 2016-12-01 17:54 - 05431336 _____ ( ) C:\Users\koryt_000\Downloads\Zemana.AntiMalware.Setup (1).exe
2016-12-01 17:51 - 2016-12-01 17:51 - 00000000 ___HD C:\OneDriveTemp
2016-12-01 17:41 - 2016-12-01 17:41 - 00000000 ____D C:\zoek
2016-12-01 17:17 - 2016-12-01 17:17 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-12-01 17:16 - 2016-12-01 17:18 - 00184870 _____ C:\WINDOWS\ntbtlog.txt
2016-11-29 18:45 - 2016-11-29 18:46 - 05431336 _____ ( ) C:\Users\koryt_000\Downloads\Zemana.AntiMalware.Setup.exe
2016-11-29 15:40 - 2016-12-01 17:42 - 00003559 _____ C:\runcheck.txt
2016-11-28 17:01 - 2016-11-28 17:27 - 00000000 ____D C:\Users\koryt_000\Downloads\Argema
2016-11-28 17:00 - 2016-11-28 17:00 - 00035704 _____ C:\Users\koryt_000\Downloads\[CzT]Argema_Diskografie_1993_2014_.torrent
2016-11-28 13:56 - 2016-11-28 13:56 - 00321038 _____ C:\Users\Romca\Downloads\Untitled-8 (3).pdf
2016-11-28 13:42 - 2016-11-28 13:42 - 00321038 _____ C:\Users\Romca\Downloads\Untitled-8 (2).pdf
2016-11-28 13:41 - 2016-11-28 13:41 - 00321038 _____ C:\Users\Romca\Downloads\Untitled-8.pdf
2016-11-28 13:41 - 2016-11-28 13:41 - 00321038 _____ C:\Users\Romca\Downloads\Untitled-8 (1).pdf
2016-11-27 18:32 - 2016-11-27 18:21 - 00063219 _____ C:\Users\koryt_000\Documents\Historie plateb11.pdf
2016-11-27 18:32 - 2016-11-27 18:20 - 00065360 _____ C:\Users\koryt_000\Documents\Historie plateb 10.pdf
2016-11-27 18:21 - 2016-11-27 18:21 - 00063219 _____ C:\Users\Romca\Downloads\Historie plateb11.pdf
2016-11-27 18:20 - 2016-11-27 18:20 - 00065360 _____ C:\Users\Romca\Downloads\Historie plateb 10.pdf
2016-11-24 18:05 - 2016-11-24 18:05 - 00000000 ____D C:\ProgramData\Sophos
2016-11-24 18:04 - 2016-11-24 18:04 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-11-24 18:04 - 2016-11-24 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-11-24 18:04 - 2016-11-24 18:04 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-11-24 17:57 - 2016-11-24 18:02 - 156062560 _____ (Sophos Limited) C:\Users\koryt_000\Downloads\Sophos Virus Removal Tool.exe
2016-11-24 17:47 - 2016-11-24 17:47 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-24 17:47 - 2016-11-24 17:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-11-23 15:27 - 2016-12-01 18:06 - 00000000 ____D C:\Users\koryt_000\AppData\Local\Adobe
2016-11-23 15:13 - 2016-11-23 15:13 - 00050688 _____ (Atribune.org) C:\Users\koryt_000\Downloads\ATF-Cleaner.exe
2016-11-20 11:55 - 2016-11-20 11:55 - 00000000 ____D C:\Users\koryt_000\AppData\Local\Вoйти в Интeрнет
2016-11-20 11:52 - 2016-11-20 11:52 - 00000000 ____D C:\Users\koryt_000\AppData\Local\Поиcк в Интeрнете
2016-11-20 11:49 - 2016-11-20 11:49 - 00345657 _____ C:\Users\koryt_000\Downloads\sonyxperiat3 lollipop5 1.zip
2016-11-20 11:13 - 2016-11-20 11:34 - 00000000 ____D C:\Users\koryt_000\.flashTool
2016-11-20 11:13 - 2016-11-20 11:13 - 00000000 ____D C:\Users\koryt_000\.swt
2016-11-20 11:12 - 2016-11-20 11:12 - 00000000 ____D C:\Users\koryt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2016-11-20 11:10 - 2016-11-20 11:18 - 00000000 ____D C:\Flashtool
2016-11-20 11:02 - 2016-11-20 11:10 - 152482079 _____ (Androxyde) C:\Users\koryt_000\Downloads\flashtool-0.9.22.3-windows.exe
2016-11-20 07:40 - 2016-11-20 07:40 - 00002864 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-11-20 07:40 - 2016-11-20 07:40 - 00000875 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-20 07:40 - 2016-11-20 07:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-20 07:39 - 2016-11-20 07:40 - 00000000 ____D C:\Program Files\CCleaner
2016-11-20 07:39 - 2016-11-20 07:39 - 08580928 _____ (Piriform Ltd) C:\Users\koryt_000\Downloads\ccsetup524.exe
2016-11-15 16:42 - 2016-11-15 16:42 - 00078746 _____ C:\Users\koryt_000\Downloads\listopad.pdf
2016-11-15 16:32 - 2016-11-15 16:32 - 00095587 _____ C:\Users\koryt_000\Downloads\září.pdf
2016-11-15 16:27 - 2016-11-15 16:28 - 00062835 _____ C:\Users\koryt_000\Downloads\178126081_20161031_10_MCZS.pdf
2016-11-09 15:47 - 2016-11-09 15:48 - 00000000 ____D C:\Users\koryt_000\Documents\kat
2016-11-09 15:26 - 2016-11-09 15:26 - 00246571 _____ C:\Users\koryt_000\Downloads\svat.zip
2016-11-09 15:26 - 2016-11-09 15:26 - 00000000 ____D C:\Users\koryt_000\Downloads\svat
2016-11-09 14:58 - 2016-11-20 07:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-09 13:32 - 2016-11-09 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Memory Toolkit
2016-11-09 13:32 - 2016-11-09 13:32 - 00000000 ____D C:\Program Files (x86)\Flash Memory Toolkit
2016-11-09 13:31 - 2016-11-09 13:32 - 08361792 _____ C:\Users\koryt_000\Downloads\FlashMemoryToolkit_trial_setup_201.exe
2016-11-06 10:03 - 2016-11-06 10:03 - 00311193 _____ C:\Users\koryt_000\Downloads\VY_32_Inovace_1.2.9 Slovesa.pptx
2016-11-04 16:15 - 2016-11-04 16:15 - 00001818 _____ C:\Users\koryt_000\Desktop\chrome – zástupce.lnk
2016-11-04 15:42 - 2016-11-04 15:42 - 00001914 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk
2016-11-04 15:42 - 2016-11-04 15:42 - 00001402 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
2016-11-04 15:42 - 2016-11-04 15:42 - 00000214 _____ C:\Users\Public\Desktop\Your Software Deals.url
2016-11-04 15:42 - 2016-11-04 15:42 - 00000000 ____D C:\Users\koryt_000\AppData\Roaming\Ashampoo
2016-11-04 15:42 - 2016-11-04 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-11-04 15:42 - 2016-11-04 15:42 - 00000000 ____D C:\ProgramData\Ashampoo
2016-11-04 15:42 - 2016-11-04 15:42 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2016-11-04 15:41 - 2016-11-04 15:41 - 12891208 _____ (Ashampoo GmbH & Co. KG ) C:\Users\koryt_000\Downloads\ashampoo_burning_studio_6_free_6.84_13471.exe
2016-11-04 15:03 - 2016-11-04 15:03 - 00000000 ____D C:\Users\koryt_000\Downloads\rufus_files
2016-11-04 14:58 - 2016-11-04 14:59 - 00937592 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\koryt_000\Downloads\rufus-2.11.exe
2016-11-04 14:18 - 2016-11-04 14:18 - 04713984 _____ (Geza Kovacs) C:\Users\koryt_000\Downloads\unetbootin-windows-625.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-03 07:51 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-03 07:36 - 2016-03-06 16:48 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-03 06:56 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-03 06:53 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-02 17:44 - 2016-04-17 16:29 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-02 15:17 - 2016-08-21 19:26 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-02 07:05 - 2016-02-19 04:40 - 00000000 ____D C:\Users\koryt_000\AppData\Local\Packages
2016-12-02 07:05 - 2016-02-19 04:31 - 00000000 ____D C:\Users\Romca\AppData\Local\Packages
2016-12-01 19:38 - 2016-10-06 18:48 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-01 18:08 - 2016-03-02 17:39 - 00000000 ____D C:\Users\koryt_000
2016-12-01 17:51 - 2016-09-11 07:21 - 00000000 ___RD C:\Users\koryt_000\Disk Google
2016-12-01 17:51 - 2016-02-26 16:54 - 00000000 ___RD C:\Users\koryt_000\OneDrive
2016-12-01 17:48 - 2016-03-02 17:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-01 17:48 - 2015-10-30 07:28 - 01310720 ___SH C:\WINDOWS\system32\config\BBI
2016-11-29 17:22 - 2016-04-17 16:09 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-29 16:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-11-29 16:03 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-11-29 14:57 - 2016-04-26 16:10 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-11-28 20:01 - 2016-03-02 20:36 - 00000000 ____D C:\Users\koryt_000\AppData\Roaming\uTorrent
2016-11-28 19:52 - 2016-03-02 17:52 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-28 19:52 - 2015-10-30 19:31 - 00751272 _____ C:\WINDOWS\system32\perfh005.dat
2016-11-28 19:52 - 2015-10-30 19:31 - 00150860 _____ C:\WINDOWS\system32\perfc005.dat
2016-11-28 19:52 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-11-28 17:56 - 2016-03-02 15:34 - 00000000 ____D C:\Users\koryt_000\Downloads\FRD stažený
2016-11-28 14:05 - 2016-02-21 18:12 - 00002260 ____H C:\Users\koryt_000\Documents\Default.rdp
2016-11-27 18:32 - 2016-03-02 17:39 - 00000000 ____D C:\Users\Romca
2016-11-25 07:46 - 2016-04-26 18:03 - 00000000 ____D C:\Users\koryt_000\AppData\Local\CrashDumps
2016-11-24 17:50 - 2016-04-17 16:30 - 00002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-24 17:48 - 2016-09-11 07:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-23 15:29 - 2016-03-02 18:02 - 00000000 ____D C:\Users\koryt_000\AppData\Local\Comms
2016-11-20 12:54 - 2016-07-31 14:57 - 00000000 ___RD C:\Users\koryt_000\Creative Cloud Files
2016-11-20 12:54 - 2012-09-05 20:38 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-11-20 12:48 - 2015-10-30 08:26 - 00000000 ____D C:\WINDOWS\Setup
2016-11-20 11:26 - 2016-02-23 17:07 - 00000000 ____D C:\Users\koryt_000\.oracle_jre_usage
2016-11-20 07:48 - 2016-06-04 08:11 - 00000000 ____D C:\Users\koryt_000\AppData\Roaming\XnView
2016-11-20 07:48 - 2016-04-21 14:17 - 00000000 ____D C:\Users\koryt_000\AppData\Roaming\DAEMON Tools Lite
2016-11-20 07:48 - 2016-03-06 16:48 - 00000000 ____D C:\Users\koryt_000\AppData\Roaming\TeamViewer
2016-11-20 07:48 - 2016-03-03 17:35 - 00000000 ____D C:\Users\koryt_000\AppData\Roaming\Vso
2016-11-20 07:48 - 2016-03-03 17:34 - 00000000 ____D C:\ProgramData\VSO
2016-11-20 07:47 - 2016-03-02 17:29 - 00000000 ___DC C:\WINDOWS\Panther
2016-11-20 07:26 - 2016-06-30 06:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-04 15:40 - 2016-08-18 15:41 - 00000000 ____D C:\Users\koryt_000\Desktop\Tor Browser

==================== Files in the root of some directories =======

2016-03-03 17:35 - 2016-03-03 17:35 - 0099384 _____ () C:\Users\koryt_000\AppData\Roaming\inst.exe
2016-03-03 17:35 - 2016-03-03 17:35 - 0007859 _____ () C:\Users\koryt_000\AppData\Roaming\pcouffin.cat
2016-03-03 17:35 - 2016-03-03 17:35 - 0001167 _____ () C:\Users\koryt_000\AppData\Roaming\pcouffin.inf
2016-03-03 17:35 - 2016-03-03 17:35 - 0000055 _____ () C:\Users\koryt_000\AppData\Roaming\pcouffin.log
2016-03-03 17:35 - 2016-03-03 17:35 - 0082816 _____ (VSO Software) C:\Users\koryt_000\AppData\Roaming\pcouffin.sys
2016-06-17 06:11 - 2016-06-17 06:11 - 0001521 _____ () C:\Users\koryt_000\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\koryt_000\AppData\Local\Temp\DaS_21.exe
C:\Users\koryt_000\AppData\Local\Temp\dllnt_dump.dll
C:\Users\koryt_000\AppData\Local\Temp\hijackthis.exe
C:\Users\koryt_000\AppData\Local\Temp\NirCmd.exe
C:\Users\koryt_000\AppData\Local\Temp\PEVZ.EXE
C:\Users\koryt_000\AppData\Local\Temp\remove.exe
C:\Users\koryt_000\AppData\Local\Temp\sed.exe
C:\Users\koryt_000\AppData\Local\Temp\shortcut.exe
C:\Users\koryt_000\AppData\Local\Temp\swreg.exe
C:\Users\koryt_000\AppData\Local\Temp\swxcacls.exe
C:\Users\koryt_000\AppData\Local\Temp\wget.exe
C:\Users\koryt_000\AppData\Local\Temp\zoek-delete.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-14 09:49

==================== End of FRST.txt ============================

Reklama

tomik.pb · Příspěvekod **tomik.pb** » 03 pro 2016 12:21

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2016
Ran by koryt_000 (03-12-2016 12:12:11)
Running from C:\Users\koryt_000\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-02 16:59:46)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1560035657-911311260-1851593216-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1560035657-911311260-1851593216-503 - Limited - Disabled)
Guest (S-1-5-21-1560035657-911311260-1851593216-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1560035657-911311260-1851593216-1006 - Limited - Enabled)
koryt_000 (S-1-5-21-1560035657-911311260-1851593216-1002 - Administrator - Enabled) => C:\Users\koryt_000
Romca (S-1-5-21-1560035657-911311260-1851593216-1001 - Administrator - Enabled) => C:\Users\Romca

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

9 stop 2: Uzavřené oddělení (HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\9 stop 2: Uzavřené oddělení) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.1.3 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AVS Screen Capture version 1.1.2 (HKLM-x32\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Editor 5 (HKLM-x32\...\AVS Video Editor_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version: - Online Media Technologies Ltd.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.20 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
EaseUS Partition Master 11.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Flash Memory Toolkit trial 2.01 (HKLM-x32\...\Flash Memory Toolkit trial_is1) (Version: - EFD Software)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.22.3 - Androxyde)
FormatFactory 3.9.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.9.5.0 - Free Time)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Drive (HKLM-x32\...\{8696116E-F4C2-4C64-AD7E-FF365E244FA4}) (Version: 1.32.3889.0961 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Packard Bell)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Packard Bell)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Packard Bell)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 49.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 49.0.2 (x64 cs)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Mozilla Thunderbird 45.4.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 45.4.0 (x86 cs)) (Version: 45.4.0 - Mozilla)
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Packard Bell)
Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Packard Bell)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Tajemný park: Poslední představení (HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Tajemný park: Poslední představení) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Unity Web Player (HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.33 - VSO-Software SARL)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XnView 2.36 (HKLM-x32\...\XnView_is1) (Version: 2.36 - Gougelet Pierre-e)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.25 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1560035657-911311260-1851593216-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0A71DC179883}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1560035657-911311260-1851593216-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06658E4A-0CB6-4C31-A33A-08980E9871B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {0E68C2D0-CB0A-45F9-8C9B-0074EF712B2A} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {1421B824-DE85-48D5-AEC3-B30E8D9F762D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {23CF522A-4356-4434-8F45-D60C029E737D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {52292B46-349F-47EC-9DB7-E634EDAB5C8F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {60490353-A0D1-488A-BFB8-E91A672A6B6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {672F5D57-95C1-4444-9450-01CF7C561EE1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7665FD14-A420-47A9-AF82-39AF427E0253} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7BB8B075-324E-4E6A-A07D-737869A84C2C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {807F71F6-9F4D-434E-91A4-A0EEAE5F14A7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93F7DBC4-5F66-4A1F-8597-49D6F12B7229} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9C152BA6-CCBC-466E-89D0-E3C8225442F4} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2012-08-24] ()
Task: {9F66B395-3548-47FF-B1FD-4D50444C0982} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AD64DB18-B8CA-4537-80B5-863DCD7D3ABE} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {AE9D8AAA-A7DC-44C6-963A-966A758909D6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C7C492B4-2970-4B8B-995B-D04664BA80C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-07] (Piriform Ltd)
Task: {C904AFE5-10A6-4B00-93BC-D861F4A5BEFE} - no filepath
Task: {E6836029-8299-4B7D-AB3B-07275B4795DE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {EFC05127-252C-4137-B4CB-F0F2435727E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F347EBC0-0A43-41AA-86B9-90C8D9307C9B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-09-04] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\koryt_000\Favorites\Packard Bell.lnk -> hxxp://www.packardbell.com/

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarg ... -pos=Metro

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-13 05:53 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-10-09 04:09 - 2014-11-18 13:44 - 00255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
2016-10-25 08:57 - 2016-10-25 08:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-07-13 05:53 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-27 19:59 - 2016-08-27 19:59 - 01864384 _____ () C:\Users\koryt_000\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-10-25 08:57 - 2016-10-25 08:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-12-01 17:57 - 2016-12-01 17:57 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-03-02 17:12 - 2016-03-02 17:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 05:57 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-08-26 20:00 - 2016-08-26 20:00 - 01864384 _____ () C:\Users\Romca\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-13 05:54 - 2016-07-01 04:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 05:53 - 2016-07-01 04:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 05:54 - 2016-07-01 04:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 05:54 - 2016-07-01 04:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2016-04-19 06:57 - 2016-04-19 06:58 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-08-27 19:58 - 2016-08-27 19:58 - 01383616 _____ () C:\Users\koryt_000\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-27 19:58 - 2016-08-27 19:58 - 00118976 _____ () C:\Users\koryt_000\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-10-25 09:51 - 2016-10-25 09:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-10-09 04:10 - 2016-03-16 08:24 - 00877056 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\platforms\qwindows.dll
2016-10-09 04:09 - 2016-08-30 08:01 - 00307904 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\GarbageGather.dll
2016-10-09 04:09 - 2016-08-26 00:20 - 00118464 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\FHProcess.dll
2016-10-09 04:09 - 2016-06-24 00:00 - 00014336 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\fsclog.dll
2016-10-09 04:09 - 2016-08-26 00:20 - 00174784 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\BigFileGather.dll
2016-10-09 04:09 - 2016-08-26 00:20 - 00088256 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EnumVolumes.dll
2016-10-09 04:09 - 2016-08-26 00:20 - 00224960 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\FragAnalysis.dll
2016-10-09 04:10 - 2016-03-25 00:00 - 00024064 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\imageformats\qico.dll
2016-10-09 04:10 - 2016-03-25 00:00 - 00023552 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\imageformats\qgif.dll
2016-10-09 04:09 - 2014-02-13 14:27 - 00222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\traynet.dll
2016-10-09 04:09 - 2014-02-13 14:27 - 00275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\libcurl.dll
2016-10-09 04:09 - 2014-02-13 14:27 - 00113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\zlib1.dll
2016-10-09 04:09 - 2014-02-13 14:27 - 00249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\uexper.dll
2016-12-01 17:50 - 2016-12-01 17:50 - 00098816 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\win32api.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00110080 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\pywintypes27.dll
2016-12-01 17:50 - 2016-12-01 17:50 - 00364544 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\pythoncom27.dll
2016-12-01 17:50 - 2016-12-01 17:50 - 00320512 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\win32com.shell.shell.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00914432 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\_hashlib.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 01176576 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\wx._core_.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00806400 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\wx._gdi_.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00816128 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\wx._windows_.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 01067008 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\wx._controls_.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00733184 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\wx._misc_.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00682496 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\pysqlite2._sqlite.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00088064 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\_ctypes.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00686080 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\unicodedata.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00119808 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\win32file.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00108544 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\win32security.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00007168 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\hashobjs_ext.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00017920 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\thumbnails_ext.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00088064 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\usb_ext.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00012800 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\common.time34.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00018432 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\win32event.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00167936 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\win32gui.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00046080 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\_socket.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 01303552 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\_ssl.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00128512 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\_elementtree.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00127488 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\pyexpat.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00038912 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\win32inet.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00036864 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\_psutil_windows.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00525208 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\windows._lib_cacheinvalidation.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00011264 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\win32crypt.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00123392 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\wx._wizard.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00077312 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\wx._html2.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00027648 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\_multiprocessing.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00020480 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\_yappi.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00035840 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\win32process.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00078848 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\wx._animate.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00024064 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\win32pipe.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00010240 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\select.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00025600 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\win32pdh.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00017408 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\win32profile.pyd
2016-12-01 17:50 - 2016-12-01 17:50 - 00022528 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI60402\win32ts.pyd
2016-10-12 00:08 - 2016-10-12 00:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 00:08 - 2016-10-12 00:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 00:08 - 2016-10-12 00:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 00:08 - 2016-10-12 00:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 09:49 - 2016-10-25 09:49 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 00:08 - 2016-10-12 00:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2012-09-05 20:18 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-08-26 20:00 - 2016-08-26 20:00 - 01383616 _____ () C:\Users\Romca\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-26 20:00 - 2016-08-26 20:00 - 00118976 _____ () C:\Users\Romca\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-04-19 06:57 - 2016-04-19 06:58 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 06:57 - 2016-04-19 06:58 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-12-01 18:22 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1560035657-911311260-1851593216-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Romca\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{f9bdcdd3-64f7-40d7-aa12-54ccfb601baf}.jpg
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\koryt_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\plocha.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{524109DF-12E2-4562-93DF-5C4EA37A7C24}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{04A83471-9373-440E-A09C-D73FA30A98A0}] => C:\Users\koryt_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{E65C53D0-94D4-4801-A4A6-304953382D28}C:\totalcmd\totalcmd64.exe] => C:\totalcmd\totalcmd64.exe
FirewallRules: [UDP Query User{EB0E3A41-FE11-4998-920A-56F1731B46B5}C:\totalcmd\totalcmd64.exe] => C:\totalcmd\totalcmd64.exe
FirewallRules: [TCP Query User{2412E68A-2CDC-41D8-8472-9EBD9DB48645}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{BA132AFF-B34E-41CD-AF27-404E44F06376}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{0E7BD844-6354-4F17-A3F4-C8041392A462}C:\users\koryt_000\appdata\roaming\utorrent\utorrent.exe] => C:\users\koryt_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{68B4754B-1FFA-4345-9DB4-28C45745D8C4}C:\users\koryt_000\appdata\roaming\utorrent\utorrent.exe] => C:\users\koryt_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C4DCA82E-A1BF-41EE-8896-D683871B1762}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{FF907DC5-880C-453D-9F0E-FD03F494DF83}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{3D5485F5-DDA7-4738-8617-E33CA7CEBB36}] => C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{427E6102-1BEF-49B7-91DA-37431A25781E}] => C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{256C8DCC-0595-4E44-8150-3CF74AB92030}] => C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{EBC34346-0D5D-4F23-BCBE-42A7FCD32004}] => C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{83C8F9CC-3C96-436C-AC1C-D71BBFE20F9E}] => C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [TCP Query User{76910FD8-38D1-408D-B1A1-358351954E4E}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{66B7CE8C-AE3A-4FD8-B8B8-F730021CD8CE}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{6AF572E4-B30B-44BB-82FD-A27E1CBF3616}] => C:\Program Files (x86)\Alawarhry.cz\9 Clues The Ward\Ward.exe
FirewallRules: [{093B37B2-E14E-467E-A77C-82735B8503B7}] => C:\Program Files (x86)\Alawarhry.cz\9 Clues The Ward\F2PHttpDaemon.exe
FirewallRules: [{939C9820-FD20-4FB2-99DB-ADCE0B3E0116}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EE878802-1438-4FF8-A925-FE6CD843EC52}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CFD393E9-B0B7-495B-9C12-2011FD06F7B1}] => C:\Program Files (x86)\Alawarhry.cz\Weird Park The Final Show\F2PHttpDaemon.exe
FirewallRules: [{1F8565E0-011C-408B-86F6-EB742F5EC3BD}] => C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{056227FF-126D-4101-B414-3ED110559F37}] => C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{1DACE105-4BEC-48C5-AC8A-B9FCD08E6961}] => C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{054604BD-8953-4368-943B-142D8F80C115}] => C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [TCP Query User{EA860053-EC3C-42C3-9E7A-B53F4964DA89}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{1A11F6D9-BA30-48EA-B9A0-C0FEC76ACDF8}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{48722900-A37A-49EA-9878-5C7578E069E5}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [UDP Query User{181ED406-7073-47E5-9056-7D23F1F40455}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [{627387E2-958F-4902-97E9-BBAC005CE252}] => C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{F6C5C424-CE11-4C4B-87CE-EF57968381A4}] => C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{2404E4AD-C293-473F-B972-146504C9428D}] => C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{5957A553-43A5-4373-99ED-085E3F34D3A2}] => C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{7B28BAD6-9739-4D12-BBEE-F9FA0E26A03D}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1B027DF0-A945-49FB-A96B-F3B4025AEF4A}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EEDACCB5-EE6F-4DD1-9B9F-F26C1E5C4AC0}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{36A0AAB2-EA92-4AD1-A2AA-7BAB0AC952E3}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B9437307-3A91-45B9-9EAC-BACD660C2427}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{39081852-36F0-45C2-B244-485C443982B0}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{0B28CBF9-4FD1-43F9-A855-3A745F22BA8C}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe

==================== Restore Points =========================

02-12-2016 17:15:29 End of disinfection

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2016 07:02:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROMCA-PC)
Description: Aplikaci CyberLinkCorp.ac.SocialNetworks_ypz87dpxkv292!App se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/03/2016 06:49:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROMCA-PC)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/03/2016 06:49:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROMCA-PC)
Description: Aplikaci Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/03/2016 12:13:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/02/2016 11:01:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROMCA-PC)
Description: Aplikaci CyberLinkCorp.ac.SocialNetworks_ypz87dpxkv292!App se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/02/2016 09:35:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROMCA-PC)
Description: Aplikaci Microsoft.WindowsAlarms_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/02/2016 09:35:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci CyberLinkCorp.ac.SocialNetworks_ypz87dpxkv292!App se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/02/2016 08:01:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci CyberLinkCorp.ac.SocialNetworks_ypz87dpxkv292!App se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/02/2016 06:05:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROMCA-PC)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/02/2016 05:15:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

System errors:
=============
Error: (12/03/2016 12:09:38 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/03/2016 11:54:40 AM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/03/2016 11:39:38 AM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/03/2016 11:32:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/03/2016 11:32:43 AM) (Source: DCOM) (EventID: 10016) (User: ROMCA-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\koryt_000 (SID: S-1-5-21-1560035657-911311260-1851593216-1002) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/03/2016 09:41:56 AM) (Source: DCOM) (EventID: 10016) (User: ROMCA-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\koryt_000 (SID: S-1-5-21-1560035657-911311260-1851593216-1002) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/03/2016 09:34:02 AM) (Source: DCOM) (EventID: 10016) (User: ROMCA-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\koryt_000 (SID: S-1-5-21-1560035657-911311260-1851593216-1002) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/03/2016 09:25:40 AM) (Source: DCOM) (EventID: 10016) (User: ROMCA-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\koryt_000 (SID: S-1-5-21-1560035657-911311260-1851593216-1002) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/03/2016 09:19:05 AM) (Source: DCOM) (EventID: 10016) (User: ROMCA-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\koryt_000 (SID: S-1-5-21-1560035657-911311260-1851593216-1002) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/03/2016 09:19:05 AM) (Source: DCOM) (EventID: 10016) (User: ROMCA-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\koryt_000 (SID: S-1-5-21-1560035657-911311260-1851593216-1002) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

CodeIntegrity:
===================================
Date: 2016-09-09 20:54:08.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-04 08:05:45.804
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-31 16:04:07.495
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-20 08:48:02.813
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-18 07:45:16.859
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-22 10:04:51.907
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-17 18:27:52.513
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-17 15:15:17.994
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-15 20:26:27.743
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-15 15:50:17.646
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 49%
Total physical RAM: 3909.28 MB
Available physical RAM: 1978.26 MB
Total Virtual: 6213.28 MB
Available Virtual: 3676.73 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:678.7 GB) (Free:527.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: C0C66E1F)

Partition: GPT.

==================== End of Addition.txt ============================

Příspěvekod **jerabina** » 04 pro 2016 00:08

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9108184 2016-11-07] (Piriform Ltd)

FF NewTab: Mozilla\Firefox\Profiles\j0o9z1im.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\j0o9z1im.default -> about:home
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1560035657-911311260-1851593216-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\koryt_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

CHR HomePage: Default -> go.mail.ru/?fr=chhp11.0.29__PARAM__

C:\Users\koryt_000\AppData\Local\Вoйти в Интeрнет
C:\Users\koryt_000\AppData\Local\Поиcк в Интeрнете

CustomCLSID: HKU\S-1-5-21-1560035657-911311260-1851593216-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0A71DC179883}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File

Task: {06658E4A-0CB6-4C31-A33A-08980E9871B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {1421B824-DE85-48D5-AEC3-B30E8D9F762D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {23CF522A-4356-4434-8F45-D60C029E737D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {52292B46-349F-47EC-9DB7-E634EDAB5C8F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {60490353-A0D1-488A-BFB8-E91A672A6B6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {672F5D57-95C1-4444-9450-01CF7C561EE1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7665FD14-A420-47A9-AF82-39AF427E0253} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7BB8B075-324E-4E6A-A07D-737869A84C2C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {807F71F6-9F4D-434E-91A4-A0EEAE5F14A7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93F7DBC4-5F66-4A1F-8597-49D6F12B7229} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9F66B395-3548-47FF-B1FD-4D50444C0982} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AE9D8AAA-A7DC-44C6-963A-966A758909D6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C904AFE5-10A6-4B00-93BC-D861F4A5BEFE} - no filepath
Task: {E6836029-8299-4B7D-AB3B-07275B4795DE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {EFC05127-252C-4137-B4CB-F0F2435727E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarg ... -pos=Metro

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Přenastavenou hodnotu tady:

Kód: Vybrat vše

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{ce22edf9-f1bf-45c9-8c78-e709c167df74}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{e90c8d31-48f9-4616-9d3d-6de6ad9ac1c4}: [DhcpNameServer] 8.8.8.8 8.8.4.4

máš schválně?

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému.

Toto otestuj na Virustotal
C:\Users\koryt_000\AppData\Roaming\inst.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

tomik.pb · Příspěvekod **tomik.pb** » 04 pro 2016 13:23

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-12-2016
Ran by koryt_000 (04-12-2016 13:09:48) Run:1
Running from C:\Users\koryt_000\Desktop
Loaded Profiles: Romca & koryt_000 (Available Profiles: Romca & koryt_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9108184 2016-11-07] (Piriform Ltd)

FF NewTab: Mozilla\Firefox\Profiles\j0o9z1im.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\j0o9z1im.default -> about:home
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1560035657-911311260-1851593216-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\koryt_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

CHR HomePage: Default -> go.mail.ru/?fr=chhp11.0.29__PARAM__

C:\Users\koryt_000\AppData\Local\?o??? ? ???e????
C:\Users\koryt_000\AppData\Local\???c? ? ???e?????

CustomCLSID: HKU\S-1-5-21-1560035657-911311260-1851593216-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0A71DC179883}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File

Task: {06658E4A-0CB6-4C31-A33A-08980E9871B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {1421B824-DE85-48D5-AEC3-B30E8D9F762D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {23CF522A-4356-4434-8F45-D60C029E737D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {52292B46-349F-47EC-9DB7-E634EDAB5C8F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {60490353-A0D1-488A-BFB8-E91A672A6B6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {672F5D57-95C1-4444-9450-01CF7C561EE1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7665FD14-A420-47A9-AF82-39AF427E0253} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7BB8B075-324E-4E6A-A07D-737869A84C2C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {807F71F6-9F4D-434E-91A4-A0EEAE5F14A7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93F7DBC4-5F66-4A1F-8597-49D6F12B7229} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9F66B395-3548-47FF-B1FD-4D50444C0982} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AE9D8AAA-A7DC-44C6-963A-966A758909D6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C904AFE5-10A6-4B00-93BC-D861F4A5BEFE} - no filepath
Task: {E6836029-8299-4B7D-AB3B-07275B4795DE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {EFC05127-252C-4137-B4CB-F0F2435727E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarg ... -pos=Metro

EmptyTemp:
End

*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ZAM => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount => value removed successfully
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
"HKU\S-1-5-21-1560035657-911311260-1851593216-1002\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => key removed successfully
C:\Users\koryt_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
Chrome HomePage => removed successfully
"C:\Users\koryt_000\AppData\Local\?o??? ? ???e????" => not found.
"C:\Users\koryt_000\AppData\Local\???c? ? ???e?????" => not found.
"HKU\S-1-5-21-1560035657-911311260-1851593216-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0A71DC179883}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06658E4A-0CB6-4C31-A33A-08980E9871B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06658E4A-0CB6-4C31-A33A-08980E9871B1}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1421B824-DE85-48D5-AEC3-B30E8D9F762D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1421B824-DE85-48D5-AEC3-B30E8D9F762D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23CF522A-4356-4434-8F45-D60C029E737D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23CF522A-4356-4434-8F45-D60C029E737D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52292B46-349F-47EC-9DB7-E634EDAB5C8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52292B46-349F-47EC-9DB7-E634EDAB5C8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60490353-A0D1-488A-BFB8-E91A672A6B6E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60490353-A0D1-488A-BFB8-E91A672A6B6E}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{672F5D57-95C1-4444-9450-01CF7C561EE1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{672F5D57-95C1-4444-9450-01CF7C561EE1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7665FD14-A420-47A9-AF82-39AF427E0253}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7665FD14-A420-47A9-AF82-39AF427E0253}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BB8B075-324E-4E6A-A07D-737869A84C2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BB8B075-324E-4E6A-A07D-737869A84C2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{807F71F6-9F4D-434E-91A4-A0EEAE5F14A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{807F71F6-9F4D-434E-91A4-A0EEAE5F14A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93F7DBC4-5F66-4A1F-8597-49D6F12B7229}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93F7DBC4-5F66-4A1F-8597-49D6F12B7229}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F66B395-3548-47FF-B1FD-4D50444C0982}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F66B395-3548-47FF-B1FD-4D50444C0982}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE9D8AAA-A7DC-44C6-963A-966A758909D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE9D8AAA-A7DC-44C6-963A-966A758909D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C904AFE5-10A6-4B00-93BC-D861F4A5BEFE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C904AFE5-10A6-4B00-93BC-D861F4A5BEFE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6836029-8299-4B7D-AB3B-07275B4795DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6836029-8299-4B7D-AB3B-07275B4795DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFC05127-252C-4137-B4CB-F0F2435727E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFC05127-252C-4137-B4CB-F0F2435727E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk => Shortcut argument removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9761567 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 5444736 B
Edge => 1301499 B
Chrome => 412085043 B
Firefox => 20188982 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 29860 B
Romca => 52544937 B
koryt_000 => 285965487 B

RecycleBin => 37927777 B
EmptyTemp: => 787 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 13:10:27 ====

Nic schválně nastavené nemám. Vše je automatika.

https://www.virustotal.com/cs/file/124f ... 480853765/

FRST po fixu vyvolal restart ( automaticky ) a po restartu a otevření chromu mi zase vyskočilo rozšíření mail.ru, i když jsem ho již odebíral. Ale problémy s otevíráním reklamy se nestávají.

Příspěvekod **Orcus** » 04 pro 2016 17:31

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

Prosím pomoc. Problémy s prohlížečem

Re: Prosím pomoc. Problémy s prohlížečem

Re: Prosím pomoc. Problémy s prohlížečem

Re: Prosím pomoc. Problémy s prohlížečem

Re: Prosím pomoc. Problémy s prohlížečem

Re: Prosím pomoc. Problémy s prohlížečem

Kdo je online