Zdravím,
dnes mě oslovila kamarádka, že má zavirovaný FB. Na zeď jí naskakuje obrázek a nad ním označení přátelé.
Snažil jsem se jí pomoct v základních programech, ale bohužel.
Níže je log.
kamarádka děkuje za pomoc.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2016
Ran by 1234 (administrator) on PC-PC (10-07-2016 15:39:43)
Running from C:\Users\1234\Downloads
Loaded Profiles: 1234 (Available Profiles: pc & 1234)
Platform: Microsoft Windows 7 Ultimate (X86) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(MSI) C:\Program Files\MSI\Super-Charger\ChargeService.exe
(Pandora.TV) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
(PandoraTV) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(MSI) C:\Program Files\MSI\Super-Charger\Super-Charger.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
() C:\Users\1234\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5995152 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Super-Charger] => C:\Program Files\MSI\Super-Charger\Super-Charger.exe [502328 2012-10-23] (MSI)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5234960 2016-06-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [1941064 2016-06-09] ()
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKU\S-1-5-21-4253917189-1549762698-531615045-1007\...\Run: [cz.seznam.software.szndesktop] => C:\Users\1234\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-4253917189-1549762698-531615045-1007\...\Run: [cz.seznam.software.autoupdate] => C:\Users\1234\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll No File
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2016-04-01]
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\1234\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2016-06-06]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
Tcpip\..\Interfaces\{0C945793-E852-446B-9A52-1CAF1A0045C8}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
Tcpip\..\Interfaces\{222E522D-FD37-44F1-8DB3-5D089D447099}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9A820E32-7D6D-49C9-80C2-2952FDAF8587}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-4253917189-1549762698-531615045-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={174685CD-68CA-4E2F-A7F3-1937AAF7B83A}&mid=5223b48b35e147ccb209057438725b5b-b91951b39769f79c1a06f93d6686face586a23c5&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-04-16 20:34:29&v=4.2.9.726&pid=wtu&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4253917189-1549762698-531615045-1007 -> {1E4AFC79-5D1B-443D-8795-CE43381951D6} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_13415
SearchScopes: HKU\S-1-5-21-4253917189-1549762698-531615045-1007 -> {42F4F625-A3D4-4411-A599-E7DDE9FB2E1D} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_13415
SearchScopes: HKU\S-1-5-21-4253917189-1549762698-531615045-1007 -> {444DBCAA-2B1E-4305-8EBB-7C63F3AB18CD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-4253917189-1549762698-531615045-1007 -> {4C66E7AB-F0A9-4E9B-A827-CC47C9B975ED} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-4253917189-1549762698-531615045-1007 -> {81E779CA-63E5-41FD-8144-2819550F7AE7} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-4253917189-1549762698-531615045-1007 -> {84B56845-5410-4599-906A-9960403D5F9E} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_13415
SearchScopes: HKU\S-1-5-21-4253917189-1549762698-531615045-1007 -> {91090690-3935-4831-A9BC-16B724A67A32} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-4253917189-1549762698-531615045-1007 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={174685CD-68CA-4E2F-A7F3-1937AAF7B83A}&mid=5223b48b35e147ccb209057438725b5b-b91951b39769f79c1a06f93d6686face586a23c5&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-04-16 20:34:29&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4253917189-1549762698-531615045-1007 -> {C0DFBC96-C5BE-4070-BC33-6E875D72E13A} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_13415
SearchScopes: HKU\S-1-5-21-4253917189-1549762698-531615045-1007 -> {D23AFBA9-94BC-48EA-AA6B-6D124187C626} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-06-24] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-06-09] (AVG)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-06-24] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-24] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Toolbar: HKU\S-1-5-21-4253917189-1549762698-531615045-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-18] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.1\\npsitesafety.dll [No File]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-14]
CHR Extension: (Dokumenty Google) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-14]
CHR Extension: (Disk Google) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-14]
CHR Extension: (Seznam Lištička - Email) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-04-14]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-04-14]
CHR Extension: (YouTube) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-14]
CHR Extension: (AVG Secure Search) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-04-16]
CHR Extension: (Tabulky Google) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-14]
CHR Extension: (Skype) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-07-07]
CHR Extension: (Guppit) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmlgjnegldnibgolgmmbalmncajglcce [2016-04-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-04-14]
CHR Extension: (Gmail) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\1234\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-07]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKU\S-1-5-21-4253917189-1549762698-531615045-1007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4036128 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [890128 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [592856 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2114816 2016-06-24] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSI_SuperCharger; C:\Program Files\MSI\Super-Charger\ChargeService.exe [143416 2012-10-25] (MSI)
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-06-23] (Microsoft Corporation) [File not signed]
R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6399360 2016-05-27] (Reimage®)
R2 vToolbarUpdater40.3.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe [1323080 2016-05-16] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [972872 2016-06-09] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [39936 2011-11-13] (Advanced Micro Devices) [File not signed]
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [134944 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [253184 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [207792 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [212736 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [190208 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [46848 2016-05-02] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [216320 2016-05-17] (AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [61696 2016-05-05] (AVG Technologies CZ, s.r.o.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388848 2016-06-11] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files\MSI\Super-Charger\NTIOLib.sys [14392 2012-10-26] (MSI)
S3 athr; system32\DRIVERS\athr.sys [X]
S3 cpuz134; \??\C:\Users\pc\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-10 15:39 - 2016-07-10 15:40 - 00021271 _____ C:\Users\1234\Downloads\FRST.txt
2016-07-10 15:39 - 2016-07-10 15:39 - 00000000 ____D C:\FRST
2016-07-10 15:37 - 2016-07-10 15:37 - 01740288 _____ (Farbar) C:\Users\1234\Downloads\FRST.exe
2016-07-10 15:07 - 2016-07-10 15:19 - 00000000 ____D C:\rsit
2016-07-10 15:07 - 2016-07-10 15:19 - 00000000 ____D C:\Program Files\trend micro
2016-07-10 15:06 - 2016-07-10 15:07 - 01107968 _____ C:\Users\1234\Downloads\RSIT.exe
2016-07-10 14:04 - 2016-07-10 14:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-10 14:03 - 2016-07-10 14:47 - 00001054 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-10 14:03 - 2016-07-10 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-10 14:02 - 2016-07-10 14:03 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-10 14:02 - 2016-07-10 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-10 14:02 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-10 14:02 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-10 14:02 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-10 14:01 - 2016-07-10 14:01 - 22851472 _____ (Malwarebytes ) C:\Users\1234\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-09 11:43 - 2016-07-09 11:43 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-07-07 16:33 - 2016-07-07 16:35 - 00000000 ____D C:\Users\1234\Desktop\Nová složka
2016-07-07 13:59 - 2016-07-07 13:59 - 00000000 ____D C:\Users\1234\AppData\Local\Wondershare
2016-07-05 14:52 - 2016-07-05 14:52 - 00000000 ____D C:\ProgramData\Wondershare
2016-07-05 14:50 - 2016-07-05 14:50 - 00000000 ____D C:\Users\pc\AppData\Local\Wondershare
2016-07-05 14:50 - 2016-07-05 14:50 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2016-07-05 14:47 - 2016-07-10 08:39 - 00000000 ____D C:\Nová složka
2016-07-05 14:47 - 2016-07-05 14:49 - 00000000 ____D C:\Users\pc\Documents\Wondershare Filmora
2016-07-05 14:43 - 2016-07-05 14:46 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-07-05 12:09 - 2016-07-05 12:09 - 00153085 _____ C:\Users\pc\Desktop\14747523.jpeg
2016-07-04 16:23 - 2016-07-04 16:23 - 00431368 _____ C:\Windows\Minidump\070416-30326-01.dmp
2016-07-03 15:29 - 2016-07-10 14:47 - 00000977 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-07-03 15:29 - 2016-07-10 14:47 - 00000959 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-07-03 15:29 - 2016-07-04 12:05 - 00000000 ____D C:\Users\pc\AppData\Roaming\Audacity
2016-07-03 15:29 - 2016-07-03 15:29 - 00000000 ____D C:\Program Files\Audacity
2016-07-02 12:26 - 2016-07-06 13:08 - 00000000 ____D C:\Users\pc\Downloads\semka
2016-07-02 00:11 - 2016-07-02 00:13 - 01357188 _____ C:\Users\pc\Downloads\Největší „ujetosti.pptx
2016-07-01 16:00 - 2016-07-01 16:00 - 00429400 _____ C:\Windows\Minidump\070116-34694-01.dmp
2016-06-30 19:08 - 2016-06-30 19:10 - 00000000 ____D C:\Users\pc\Desktop\Vyřazko
2016-06-30 15:52 - 2016-06-30 15:52 - 00000000 ____D C:\Users\pc\Downloads\remixi
2016-06-28 21:15 - 2016-06-28 21:19 - 74598534 _____ C:\Users\pc\Downloads\Blakkwood - #Blakkout.avi
2016-06-27 17:15 - 2016-06-27 17:15 - 00000000 ____D C:\Users\pc\AppData\Local\BlueStacks
2016-06-27 16:54 - 2016-06-27 16:54 - 00000000 ____D C:\Users\pc\AppData\Local\Macromedia
2016-06-27 16:36 - 2016-06-27 17:12 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-06-27 16:20 - 2016-06-28 18:29 - 00000000 ____D C:\Users\pc\Downloads\Nová složka
2016-06-27 11:50 - 2016-06-27 14:30 - 1322547200 _____ C:\Users\pc\Downloads\Hvězdy-nám-nepřály-CZ.avi
2016-06-27 10:19 - 2016-06-27 10:20 - 00000000 ____D C:\Users\pc\Desktop\Nová složka (3)
2016-06-25 21:54 - 2016-06-25 21:54 - 00000000 ___HD C:\Users\pc\Desktop\.picasaoriginals
2016-06-11 20:11 - 2016-06-11 20:11 - 00000000 ____D C:\Users\pc\AppData\Roaming\MysteryTag
2016-06-11 20:07 - 2016-07-10 14:47 - 00000739 _____ C:\Users\Public\Desktop\Amulet snů.lnk
2016-06-11 20:07 - 2016-06-11 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amulet snů
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-10 14:53 - 2016-04-14 22:09 - 00000000 ____D C:\Users\1234\AppData\Roaming\Seznam.cz
2016-07-10 14:51 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-10 14:51 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-10 14:47 - 2016-06-06 12:31 - 00001854 _____ C:\Users\Public\Desktop\Star Stable 3.lnk
2016-07-10 14:47 - 2016-05-29 09:00 - 00002406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-07-10 14:47 - 2016-05-13 20:42 - 00000763 _____ C:\Users\Public\Desktop\Černokněžník.lnk
2016-07-10 14:47 - 2016-05-12 17:42 - 00002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-07-10 14:47 - 2016-05-12 17:42 - 00002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2016-07-10 14:47 - 2016-05-12 17:42 - 00002434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-07-10 14:47 - 2016-05-12 17:42 - 00002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-07-10 14:47 - 2016-05-12 17:42 - 00002399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy 2016.lnk
2016-07-10 14:47 - 2016-05-12 17:42 - 00002367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-07-10 14:47 - 2016-05-12 17:42 - 00002332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-07-10 14:47 - 2016-05-12 17:42 - 00002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-07-10 14:47 - 2016-05-12 16:18 - 00000826 _____ C:\Users\Public\Desktop\AVG.lnk
2016-07-10 14:47 - 2016-05-10 20:28 - 00001396 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2016-07-10 14:47 - 2016-04-20 07:33 - 00002048 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2016-07-10 14:47 - 2016-04-04 14:02 - 00001058 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2016-07-10 14:47 - 2016-04-02 16:10 - 00002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
2016-07-10 14:47 - 2016-03-28 16:23 - 00001043 _____ C:\Users\Public\Desktop\Sedm divů světa.lnk
2016-07-10 14:47 - 2014-03-08 09:45 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2016-07-10 14:47 - 2013-06-05 18:41 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-10 14:47 - 2013-06-05 00:33 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-10 14:47 - 2013-06-05 00:33 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-10 14:47 - 2009-07-14 06:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-10 14:47 - 2009-07-14 06:42 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-10 14:47 - 2009-07-14 06:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-07-10 14:47 - 2009-07-14 06:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-07-10 14:46 - 2016-04-16 16:55 - 00000000 ____D C:\ProgramData\MFAData
2016-07-10 14:46 - 2016-04-14 22:09 - 00002201 _____ C:\Users\1234\Desktop\Google Chrome.lnk
2016-07-10 14:46 - 2016-04-14 22:09 - 00001413 _____ C:\Users\1234\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-10 14:46 - 2013-06-05 18:45 - 00000270 __RSH C:\ProgramData\ntuser.pol
2016-07-10 14:46 - 2009-07-14 06:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-10 14:46 - 2009-07-14 06:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-10 14:43 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-10 14:42 - 2009-07-14 10:44 - 00000000 ____D C:\Windows\DigitalLocker
2016-07-10 14:35 - 2013-07-19 16:32 - 00000000 ____D C:\ProgramData\APN
2016-07-10 14:20 - 2013-07-29 09:26 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-10 14:16 - 2013-06-05 18:41 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-10 12:52 - 2016-04-01 14:54 - 00000916 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4253917189-1549762698-531615045-1000UA.job
2016-07-10 08:02 - 2013-08-11 11:31 - 00000000 ____D C:\Users\pc\AppData\Roaming\Seznam.cz
2016-07-10 07:57 - 2013-06-27 16:28 - 00000000 ____D C:\Users\pc\AppData\Roaming\Skype
2016-07-09 11:44 - 2016-05-29 08:53 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-09 11:43 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-09 11:39 - 2016-05-29 08:48 - 00000000 ____D C:\Program Files\Microsoft Office
2016-07-07 21:52 - 2016-04-01 14:54 - 00000894 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4253917189-1549762698-531615045-1000Core.job
2016-07-07 16:08 - 2016-04-14 22:14 - 00112216 _____ C:\Users\1234\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-05 14:53 - 2013-06-05 18:56 - 00112216 _____ C:\Users\pc\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-05 14:51 - 2009-07-14 06:33 - 00439520 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-04 16:23 - 2016-04-06 11:36 - 167961861 _____ C:\Windows\MEMORY.DMP
2016-07-04 16:23 - 2016-04-06 11:36 - 00000000 ____D C:\Windows\Minidump
2016-07-01 07:23 - 2016-04-16 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-06-30 19:39 - 2013-06-27 16:28 - 00000000 ___RD C:\Program Files\Skype
2016-06-30 19:39 - 2013-06-27 16:28 - 00000000 ____D C:\ProgramData\Skype
2016-06-30 19:04 - 2013-06-05 18:40 - 01470062 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-30 19:04 - 2009-07-14 10:44 - 00631054 _____ C:\Windows\system32\perfh005.dat
2016-06-30 19:04 - 2009-07-14 10:44 - 00121708 _____ C:\Windows\system32\perfc005.dat
2016-06-30 19:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-06-27 17:16 - 2014-05-22 14:49 - 00000000 ____D C:\Windows\system32\appmgmt
2016-06-27 17:15 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-25 17:12 - 2016-05-09 15:01 - 00000430 ____H C:\Windows\Tasks\Norton Security Scan for pc.job
2016-06-22 07:31 - 2016-04-07 20:40 - 00000000 ____D C:\rei
2016-06-22 07:31 - 2016-04-07 20:39 - 00000150 _____ C:\Windows\Reimage.ini
2016-06-22 07:29 - 2016-04-07 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2016-06-18 15:20 - 2013-07-29 09:26 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-18 15:20 - 2013-07-29 09:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-15 20:30 - 2016-04-16 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-11 20:05 - 2016-03-31 16:22 - 00000000 ____D C:\Spidla
2016-06-11 18:09 - 2016-04-07 20:49 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-06-10 06:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
Some files in TEMP:
====================
C:\Users\pc\AppData\Local\Temp\avguirn_08176261957.exe
C:\Users\pc\AppData\Local\Temp\avguirn_08287970481.exe
C:\Users\pc\AppData\Local\Temp\avguirn_08371300865.exe
C:\Users\pc\AppData\Local\Temp\avguirn_08772636627.exe
C:\Users\pc\AppData\Local\Temp\EBU699A.exe
C:\Users\pc\AppData\Local\Temp\EBU6D62.DLL
C:\Users\pc\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\pc\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\pc\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\pc\AppData\Local\Temp\ReimagePackage.exe
C:\Users\pc\AppData\Local\Temp\ReimageRepair.exe
C:\Users\pc\AppData\Local\Temp\ReimageRepairTemp.exe
C:\Users\pc\AppData\Local\Temp\SkypeSetup.exe
C:\Users\pc\AppData\Local\Temp\uninstall.exe
C:\Users\pc\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-25 16:29
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-07-2016
Ran by 1234 (2016-07-10 15:41:32)
Running from C:\Users\1234\Downloads
Microsoft Windows 7 Ultimate (X86) (2013-06-05 16:33:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
1234 (S-1-5-21-4253917189-1549762698-531615045-1007 - Administrator - Enabled) => C:\Users\1234
Administrator (S-1-5-21-4253917189-1549762698-531615045-500 - Administrator - Disabled)
Guest (S-1-5-21-4253917189-1549762698-531615045-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4253917189-1549762698-531615045-1006 - Limited - Enabled)
pc (S-1-5-21-4253917189-1549762698-531615045-1000 - Administrator - Enabled) => C:\Users\pc
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5C085A19-B4A1-6686-0103-E9E6F7B2831A}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Amulet snů 1.0mx (HKLM\...\{Amulet snu}_is1) (Version: - Spidla Data Processing, s.r.o.)
Assassin's Creed II (HKLM\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG (HKLM\...\AvgZen) (Version: 1.72.2.24716 - AVG Technologies)
AVG (Version: 16.81.7640 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4613 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.81.7640 - AVG Technologies)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.3.1.831 - AVG Technologies)
AVG Zen (Version: 1.72.1 - AVG Technologies) Hidden
Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version: - ) <==== ATTENTION
Černokněžník 1.1 (HKLM\...\{Cernokneznik}_is1) (Version: - Spidla Data Processing, s.r.o.)
Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Kajko a Kokoš v. 1.027 (HKLM\...\KajkoiKokosz1CZ_is1) (Version: - Mirage Interactive)
Kniha přání v1.0 (HKLM\...\{Kniha prani}_is1) (Version: - Špidla Data Processing, s.r.o.)
Křižovatka sfér 1.02 (HKLM\...\{Krizovatka sfer}_is1) (Version: - Špidla Data Processing, s.r.o.)
Mafie v New Yorku v1.0 (HKLM\...\{Mafie v New Yorku}_is1) (Version: - Špidla Data Processing, s.r.o.)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.6965.2063 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Norton Security Scan (HKLM\...\NSS) (Version: 4.3.1.3 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6925.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6925.1022 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.3.8 - Reimage) <==== ATTENTION
Sedm divů světa v1.0 (HKLM\...\{Sedm divu sveta}_is1) (Version: - Špidla Data Processing, s.r.o.)
Seznam Software (HKU\S-1-5-21-4253917189-1549762698-531615045-1007\...\SeznamInstall) (Version: - Seznam.cz)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Star Stable 3 (HKLM\...\{5D2DC067-CE89-49B9-B250-96F9BA3937D4}) (Version: 1.00.0000 - Stabenfeldt)
Super-Charger (HKLM\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.014 - MSI)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM\...\Uplay) (Version: 19.0 - Ubisoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Winki (HKLM\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.126 - MSI)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{04FE3112-DB93-424D-B958-5E709395693F}\InprocServer32 -> C:\Users\1234\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuthLib.dll => No File
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\1234\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4253917189-1549762698-531615045-1007_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\1234\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncApi.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B0BF6A8-098E-4E5E-88D2-9721C7888107} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-06-15] (Reimage ltd.) <==== ATTENTION
Task: {0F75AC9E-F95F-4FB7-88B8-D8B3434FE1B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-18] (Adobe Systems Incorporated)
Task: {143D5CB8-7E36-42D9-A65E-9A80E0001E2B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-06-25] (Microsoft Corporation)
Task: {1C5A7290-63BC-4341-997D-FDC20745F57E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-24] (Microsoft Corporation)
Task: {2693B235-B078-4272-9250-CA98D58ED670} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-25] (Microsoft Corporation)
Task: {493CD1C3-A3C8-4B30-A096-A3BF79367545} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {66C89D58-4857-439A-8A29-4E4382C74F57} - System32\Tasks\Norton Security Scan for pc => C:\Program Files\Norton Security Scan\Engine\4.3.1.3\Nss.exe [2015-10-16] (Symantec Corporation)
Task: {81CF5F7F-527F-419C-B512-E3B1B558468B} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-05-27] (Reimage®) <==== ATTENTION
Task: {98036B2A-529E-4449-9B5C-4605BD02F83D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4253917189-1549762698-531615045-1000UA => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2016-04-14] (Facebook Inc.)
Task: {A2063D2E-5FE7-49F3-97AE-6CB1D09120A6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-06-25] (Microsoft Corporation)
Task: {A530966C-0FA0-4BF0-89B2-51481D429114} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4253917189-1549762698-531615045-1000Core => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2016-04-14] (Facebook Inc.)
Task: {A6F0BBB9-146E-4F5A-A68E-16F0EE320B7A} - System32\Tasks\Instagram Downloader => C:\Users\pc\AppData\Local\Temp\is-25668.tmp\prsetup.exe [2016-03-12] (MKD ) <==== ATTENTION
Task: {B88C6AF6-AAC4-4C6F-AB0F-684C0DDB3066} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-24] (Microsoft Corporation)
Task: {D8783FC3-C2C9-4693-B3BC-F1948CC435E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4253917189-1549762698-531615045-1000Core.job => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4253917189-1549762698-531615045-1000UA.job => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for pc.job => C:\PROGRA~1\NORTON~2\Engine\431~1.3\Nss.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
http://4.3.1.3/
4.3.1.3
Týna Pospíšilová
15:47
Týna Pospíšilová
2016-04-16 20:34 - 2016-06-09 19:37 - 00972872 ____N () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
2016-04-14 22:09 - 2015-05-26 13:37 - 00078504 _____ () C:\Users\1234\AppData\Roaming\Seznam.cz\bin\9219libfoxloader.dll
2013-07-19 16:32 - 2012-10-22 11:21 - 01277952 _____ () C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
2013-07-19 16:32 - 2012-07-09 17:57 - 02090496 _____ () C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
2013-07-19 16:32 - 2011-12-06 16:19 - 00133632 _____ () C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
2013-07-19 16:32 - 2012-03-23 10:07 - 00224768 _____ () C:\Program Files\PANDORA.TV\PanService\libupnp.dll
2016-04-27 07:24 - 2016-06-09 19:37 - 01941064 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2016-07-05 14:50 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-07-05 14:50 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-04-16 16:53 - 2016-04-16 16:53 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll
2016-04-14 22:09 - 2015-05-26 13:38 - 00457384 _____ () C:\Users\1234\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2016-04-14 22:09 - 2015-05-26 13:38 - 00862888 _____ () C:\Users\1234\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2016-06-19 12:13 - 2016-06-15 11:15 - 01745560 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-19 12:13 - 2016-06-15 11:15 - 00091288 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.103\libegl.dll
2012-05-04 15:39 - 2012-05-04 15:39 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-05-04 15:47 - 2012-05-04 15:47 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData:gs5sys [2816]
AlternateDataStreams: C:\Users\1234:gs5sys [3074]
AlternateDataStreams: C:\Users\All Users:gs5sys [2816]
AlternateDataStreams: C:\Users\pc:gs5sys [2048]
AlternateDataStreams: C:\Users\1234\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\1234\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\1234\Soubory cookie:gs5sys [3074]
AlternateDataStreams: C:\Users\1234\Šablony:gs5sys [3074]
AlternateDataStreams: C:\Users\1234\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\1234\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\1234\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\1234\AppData\Local\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\1234\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\1234\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [2816]
AlternateDataStreams: C:\ProgramData\Data aplikací:gs5sys [2816]
AlternateDataStreams: C:\Users\pc\Data aplikací:gs5sys [2048]
AlternateDataStreams: C:\Users\pc\Local Settings:gs5sys [2048]
AlternateDataStreams: C:\Users\pc\Soubory cookie:gs5sys [2048]
AlternateDataStreams: C:\Users\pc\Šablony:gs5sys [2816]
AlternateDataStreams: C:\Users\pc\Desktop\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\pc\AppData\Local:gs5sys [2048]
AlternateDataStreams: C:\Users\pc\AppData\Roaming:gs5sys [2048]
AlternateDataStreams: C:\Users\pc\AppData\Local\Data aplikací:gs5sys [2048]
AlternateDataStreams: C:\Users\pc\AppData\Local\History:gs5sys [2048]
AlternateDataStreams: C:\Users\pc\Documents\desktop.ini:gs5sys [3072]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [3072]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4253917189-1549762698-531615045-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\1234\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F177D3BA-B661-44F3-8609-B19CB40FC288}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4B7124CF-0A10-4D2E-AB9C-12664A662C30}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{ABF0438F-64EE-45DE-A6CB-2B764CA22674}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{C62B3965-A822-4042-81CC-BB3C42DC9C4B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DC841269-1332-47F8-AE68-FCD1000B4AF2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{A919FD75-F769-47A2-AB6E-46EBF564AAF0}C:\program files\askpartnernetwork\toolbar\updater\tbnotifier.exe] => (Block) C:\program files\askpartnernetwork\toolbar\updater\tbnotifier.exe
FirewallRules: [UDP Query User{BCF160C6-5E9B-47F1-8B71-C3D2DBEE25DF}C:\program files\askpartnernetwork\toolbar\updater\tbnotifier.exe] => (Block) C:\program files\askpartnernetwork\toolbar\updater\tbnotifier.exe
FirewallRules: [{3AA1DC8E-9C7B-4314-831F-C79609F96894}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{1910CCA5-11AD-43D4-B4A6-EDD9487830AE}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{42DF1CC5-0013-4E70-A7E3-94258BEEBDE3}] => (Allow) C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{CBEEA717-CFE5-4DD8-8848-D21CF7E82136}] => (Allow) C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{94C91DA4-4B7A-4620-93EA-E648B90F0DA1}] => (Allow) C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{897E84F8-B5A2-4B96-AA9A-ACE0066A8F9D}] => (Allow) C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{B65C4665-F81A-481E-AB36-34E4BDAFE3BB}] => (Allow) C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{884ED03B-B23C-4F9B-964D-CF20C9874775}] => (Allow) C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{5DA0AA73-1843-4559-AD96-874A1FF59367}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D1A21FEA-D25E-40D9-B6E0-0BFFB0D289B8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{810629AF-2D68-4B2E-8B11-36BC32098C6D}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{D14B295E-A7D2-4068-B66D-08C517125057}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{82E983A1-6444-4483-9BA0-D00116A0F793}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{EC287FEE-3AFB-4FAC-9D05-D897B24444AC}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{9EABD3E8-5EA7-4EB0-A187-10B5CE1099D9}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{AA92908C-6491-4422-AF50-568885C0AFF4}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{F56402B7-EE4F-4858-AE0E-B5228AF860B5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{D6122DAD-4B2A-49C5-B9CC-EEC2A579DF70}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9B1EF443-83B6-4AA8-B5EC-7B7F5327645C}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{61DA502B-20D8-45D0-BC99-DED1CA1A0314}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{BC47EB9C-8301-47E0-9BF0-A39163F30DB3}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{9986CBA7-0617-4607-987C-9A3466A41166}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{31EEF0BE-F5FF-4D91-ACE0-16BBB60B4B40}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{E1D4DBB1-FF2D-4CAB-94C1-93DE7DF27527}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{23C3DA97-A503-4174-B419-09B74FF8FB53}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{EB29A2F2-2EF5-45D0-834B-A88F9DC3579A}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{B3B49D93-7517-4417-87F5-63B5F1D49E52}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{5BED989F-460A-4DA5-AEAC-09F3D9790DCD}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
==================== Restore Points =========================
13-06-2016 17:53:16 Naplánovaný kontrolní bod
25-06-2016 16:36:35 Naplánovaný kontrolní bod
27-06-2016 17:11:05 Removed BlueStacks App Player
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/10/2016 02:40:08 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{18B42430-46D6-4B23-8371-FBBC10F9E4E8}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer
Error: (07/09/2016 07:50:20 PM) (Source: MsiInstaller) (EventID: 11309) (User: NT AUTHORITY)
Description: Product: KMP Media Toolbar -- Error 1309. Error reading from file: C:\ProgramData\APN\APN-Stub\KMPV7\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe. System error 5. Verify that the file exists and that you can access it.
Error: (07/09/2016 06:48:00 PM) (Source: PandoraService.exe) (EventID: 0) (User: )
Description: Socket Error # 11001
Host not found.
Error: (07/09/2016 11:48:01 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073434607
Error: (07/09/2016 11:48:01 AM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004B011
Sku Id=149dbce7-a48e-44db-8364-a53386cd4580
Error: (07/09/2016 11:48:01 AM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004B011
Error: (07/08/2016 07:49:23 PM) (Source: MsiInstaller) (EventID: 11309) (User: NT AUTHORITY)
Description: Product: KMP Media Toolbar -- Error 1309. Error reading from file: C:\ProgramData\APN\APN-Stub\KMPV7\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe. System error 5. Verify that the file exists and that you can access it.
Error: (07/07/2016 07:48:36 PM) (Source: MsiInstaller) (EventID: 11309) (User: NT AUTHORITY)
Description: Product: KMP Media Toolbar -- Error 1309. Error reading from file: C:\ProgramData\APN\APN-Stub\KMPV7\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe. System error 5. Verify that the file exists and that you can access it.
Error: (07/07/2016 05:11:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chrome.exe verze 51.0.2704.103 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 12d4
Čas spuštění: 01d1d85f66b0188f
Čas ukončení: 32
Cesta k aplikaci: C:\Program Files\Google\Chrome\Application\chrome.exe
ID hlášení: 064197a1-4455-11e6-9da0-d43d7e96b2a8
Error: (07/07/2016 05:09:47 PM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004B011
Sku Id=149dbce7-a48e-44db-8364-a53386cd4580
System errors:
=============
Error: (07/10/2016 02:43:29 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Službě Plánovač úloh se při spuštění nepodařilo načíst úlohy. Další údaje: Hodnota chyby: 2147942402
Error: (07/10/2016 12:41:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby avgsvc bylo dosaženo časového limitu (30000 ms).
Error: (07/10/2016 07:59:39 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY)
Description: Služba Systémový čas zjistila, že je nutné změnit systémový čas o -86466 s. Služba Systémový čas nemění systémový čas o více než 54000 s. Ověřte správnost času a časového pásma a zda zdroj času time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->13.80.12.54:123) pracuje správně.
Error: (07/10/2016 07:07:36 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY)
Description: Služba Systémový čas zjistila, že je nutné změnit systémový čas o -86466 s. Služba Systémový čas nemění systémový čas o více než 54000 s. Ověřte správnost času a časového pásma a zda zdroj času time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->13.80.12.54:123) pracuje správně.
Error: (07/09/2016 05:22:42 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače KATKA,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{0C945793-E852-446B-9A52-1CAF1A0045C8.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.
Error: (07/09/2016 05:22:40 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: V síti TCP byl zjištěn duplicitní název. Adresa IP počítače, který zprávu odeslal,
je uvedena v datech. Zadáte-li na příkazovém řádku příkaz nbtstat -n,
zjistíte, který název je v konfliktním stavu.
Error: (07/09/2016 05:17:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Název WORKGROUP :1d nelze zaregistrovat v rozhraní s IP adresou 192.168.1.4.
Počítač s IP adresou 192.168.1.10 nepovolil získání názvu
tímto počítačem.
Error: (07/09/2016 05:17:01 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače KATKA,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{0C945793-E852-446B-9A52-1CAF1A0045C8.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.
Error: (07/08/2016 05:51:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby avgsvc bylo dosaženo časového limitu (30000 ms).
Error: (07/08/2016 05:51:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
==================== Memory info ===========================
Processor: AMD A4-3300 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 89%
Total physical RAM: 1526.73 MB
Available physical RAM: 156.66 MB
Total Virtual: 3053.47 MB
Available Virtual: 884.44 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:149.04 GB) (Free:84.77 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (STARSTABLE3) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 00490049)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zavirováný FB
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Zavirováný FB
Možná ji to dělá nějaká pochybná aplikace, nechť pochybným aplikacím zruší v nastavení souhlas.
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirováný FB
Zdravím!
Můžeme zkusit vyčistit PC. Spusťte tuto utilitu:
Můžeme zkusit vyčistit PC. Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zavirováný FB
Já: Chceš ještě pracovat na tom starým fb ?
Ona: hele asi ne stěží jsem se odhlásila,zrušit nějak to jde, a moc děkuju
Prý jí to začalo dělat zničeho nic.
Tak bohužel, založila si nový účet, ale i tak díky za pomoc ( ženský no)
)
Ona: hele asi ne stěží jsem se odhlásila,zrušit nějak to jde, a moc děkuju
Prý jí to začalo dělat zničeho nic.
Tak bohužel, založila si nový účet, ale i tak díky za pomoc ( ženský no)
)-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirováný FB
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?