moc prosím o kontrolu - pomalý a nestabilní systém

[abdul99]

Ahoj, dostal se mi do ruky malinký netbook, ale je strašně pomalý s nestabilním systémem. Nevím zda-li je to kvůli hw nebo sw. Kouknete a zhodnotíte, resp. poradíte? Předem moc děkuji za reakce.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Dana at 2016-12-15 17:55:18
Microsoft Windows 10 Home
System drive C: has 47 GB (21%) free of 225 GB
Total RAM: 1013 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:57:10, on 15.12.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\InstallAgentUserBroker.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Video Web Camera\VideoWebCamera.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\WINDOWS\system32\DllHost.exe
C:\Users\Dana\Desktop\RSIT.exe
C:\Program Files\trend micro\Dana.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f4792d324
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE13DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files\Speed Test 127\ScriptHost.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WindowsDefender] "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Dana\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VideoWebCamera.exe.lnk = C:\Program Files\Video Web Camera\VideoWebCamera.exe
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (file missing)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pc
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Reimage® - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

--
End of file - 10301 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job - C:\Windows\TEMP\{BFB98B49-B29E-47CF-B518-82356A29CCD1}.exe --uninstall=1

=========Mozilla firefox=========

ProfilePath - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304

prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "keyword.URL" - "http://search.sweetim.com/search.asp?sr ... ptr=100&q="

"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.185 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll


C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304\searchplugins\
MyStart Search.xml
SweetIM Search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}]
Speed Test 127 - C:\Program Files\Speed Test 127\ScriptHost.dll [2013-12-19 438784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2015-10-11 2484424]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-05-25 9218592]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-10-13 186904]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2010-05-25 960080]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2015-10-11 2484424]
"AthBtTray"=C:\Program Files\Bluetooth Suite\AthBtTray.exe [2010-04-23 285856]
"Acer ePower Management"=C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2010-04-23 715296]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2009-11-18 54576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2015-06-16 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2016-09-09 164152]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-07-16 483840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"=C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [2016-09-09 67384]
"ApplePhotoStreams"=C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2016-09-09 67896]
"iCloudDrive"=C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [2016-09-09 110392]
"OneDrive"=C:\Users\Dana\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-12-14 1517280]
"iCloudPhotos"=C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe [2016-09-09 356664]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2016-12-06 7175384]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
VideoWebCamera.exe.lnk - C:\Program Files\Video Web Camera\VideoWebCamera.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.cvid"=iccvid.dll
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"VIDC.FFDS"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-12-15 17:55:19 ----D---- C:\Program Files\trend micro
2016-12-15 17:55:18 ----D---- C:\rsit
2016-12-15 17:24:04 ----D---- C:\WINDOWS\Minidump
2016-12-15 16:41:21 ----D---- C:\Program Files\AVAST Software
2016-12-15 16:40:14 ----D---- C:\ProgramData\AVAST Software
2016-12-14 00:30:04 ----D---- C:\ProgramData\Ashampoo
2016-12-14 00:29:38 ----A---- C:\WINDOWS\system32\DfSdkBt.exe
2016-12-14 00:29:33 ----D---- C:\Program Files\Ashampoo
2016-12-13 23:03:58 ----AD---- C:\Program Files\CCleaner
2016-12-01 09:55:19 ----AD---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2016-12-15 17:55:50 ----HD---- C:\Program Files\WindowsApps
2016-12-15 17:55:40 ----D---- C:\WINDOWS\AppReadiness
2016-12-15 17:55:38 ----D---- C:\WINDOWS\Prefetch
2016-12-15 17:55:32 ----D---- C:\WINDOWS\Temp
2016-12-15 17:55:19 ----RD---- C:\Program Files
2016-12-15 17:38:00 ----D---- C:\WINDOWS\INF
2016-12-15 17:37:57 ----D---- C:\Windows
2016-12-15 17:27:33 ----SHD---- C:\System Volume Information
2016-12-15 17:26:48 ----D---- C:\WINDOWS\Logs
2016-12-15 17:25:07 ----D---- C:\WINDOWS\system32\config
2016-12-15 17:25:03 ----D---- C:\WINDOWS\system32\sru
2016-12-15 17:24:06 ----D---- C:\WINDOWS\System32
2016-12-15 17:24:05 ----D---- C:\WINDOWS\system32\SleepStudy
2016-12-15 17:18:42 ----D---- C:\WINDOWS\system32\wbem
2016-12-15 17:09:27 ----D---- C:\WINDOWS\registration
2016-12-15 17:09:26 ----D---- C:\WINDOWS\WinSxS
2016-12-15 17:09:25 ----D---- C:\WINDOWS\system32\Tasks
2016-12-15 17:09:24 ----RD---- C:\WINDOWS\Microsoft.NET
2016-12-15 17:08:59 ----HD---- C:\ProgramData
2016-12-15 17:01:52 ----D---- C:\WINDOWS\system32\LogFiles
2016-12-15 16:58:07 ----D---- C:\WINDOWS\SoftwareDistribution
2016-12-15 09:33:55 ----D---- C:\WINDOWS\rescache
2016-12-14 22:59:23 ----HD---- C:\Config.Msi
2016-12-14 22:59:16 ----D---- C:\ProgramData\MFAData
2016-12-14 22:59:16 ----D---- C:\Program Files\Common Files
2016-12-14 22:59:15 ----D---- C:\WINDOWS\system32\drivers
2016-12-14 22:57:29 ----D---- C:\Program Files\AVG
2016-12-14 22:57:28 ----D---- C:\ProgramData\AVG
2016-12-14 22:57:05 ----SHD---- C:\WINDOWS\Installer
2016-12-14 22:49:39 ----HD---- C:\WINDOWS\ELAMBKUP
2016-12-14 00:12:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-14 00:03:55 ----D---- C:\Program Files\Mozilla Maintenance Service
2016-12-14 00:03:03 ----D---- C:\WINDOWS\system32\catroot2
2016-12-13 23:39:24 ----D---- C:\Users\Dana\AppData\Roaming\Media Player Classic
2016-12-13 23:39:22 ----D---- C:\Users\Dana\AppData\Roaming\Skype
2016-12-13 23:39:12 ----DC---- C:\WINDOWS\Panther
2016-12-13 23:39:07 ----D---- C:\WINDOWS\debug
2016-12-13 23:39:06 ----D---- C:\WINDOWS\LiveKernelReports
2016-12-02 19:43:35 ----D---- C:\WINDOWS\system32\DriverStore
2016-12-02 15:53:13 ----A---- C:\WINDOWS\Reimage.ini
2016-12-02 15:40:23 ----A---- C:\WINDOWS\wininit.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;@oem14.inf,%*PNP0600.DeviceDesc%;Intel AHCI Controller; C:\WINDOWS\System32\drivers\iaStor.sys [2009-10-13 331288]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-07-16 38240]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-06-16 44944]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-07-16 77312]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-07-16 7680]
R1 MpKsl8ea55dec;MpKsl8ea55dec; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BA44A8D-CDE4-46E8-ABFE-E152C9CE5397}\MpKsl8ea55dec.sys [2016-12-15 39168]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 58368]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2016-07-16 37376]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2016-07-16 62976]
R3 athr;@netathr.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\System32\drivers\athwn.sys [2016-07-16 3228672]
R3 BTATH_BUS;@oem17.inf,%BTATH_BUS.SVCDESC%;Atheros Bluetooth Bus; C:\WINDOWS\System32\drivers\btath_bus.sys [2010-03-30 28200]
R3 ETD;@oem5.inf,%PS2.DeviceDesc%;ELAN Input Device; C:\WINDOWS\system32\DRIVERS\ETD.sys [2015-10-11 514760]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2012-03-23 4815872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHDA.sys [2010-05-25 3098720]
R3 L1C;@netl1c63x86.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\WINDOWS\System32\drivers\L1C63x86.sys [2016-07-16 102912]
R3 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2016-10-10 130560]
R3 Sftfs;Sftfs; C:\WINDOWS\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
R3 Sftplay;Sftplay; C:\WINDOWS\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
R3 Sftredir;Sftredir; C:\WINDOWS\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
R3 Sftvol;Sftvol; C:\WINDOWS\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-07-16 89952]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-07-16 85856]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 56672]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2016-07-16 51552]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2016-07-16 54624]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2016-07-16 26976]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 12800]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 12288]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2016-07-16 8192]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-07-16 27648]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-07-16 97280]
S3 EUCR;EUCR; C:\WINDOWS\System32\drivers\EUCR6SK.SYS [2010-03-02 82384]
S3 fssfltr;fssfltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-07-16 17920]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\WINDOWS\System32\drivers\iaiogpio.sys [2016-07-16 22016]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-07-16 38240]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 25600]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2016-07-16 66560]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\WINDOWS\System32\drivers\iaioi2c.sys [2016-07-16 61936]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 30208]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 94720]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 62976]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2016-07-16 68608]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 76800]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-07-16 35840]
S3 UdeCx;USB Device Emulation Support Library; C:\WINDOWS\system32\drivers\udecx.sys [2016-07-16 33280]
S3 Ufx01000;USB Function Class Extension; C:\WINDOWS\system32\drivers\ufx01000.sys [2016-07-16 205152]
S3 UfxChipidea;@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller; C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-07-16 75616]
S3 ufxsynopsys;@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller; C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-07-16 107360]
S3 UrsChipidea;@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver; C:\WINDOWS\System32\drivers\urschipidea.sys [2016-07-16 22880]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-08-05 67384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 390416]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 CDPUserSvc_4634c;CDPUserSvc_4634c; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2015-03-18 822496]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2010-05-25 325200]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-04-23 735776]
R2 ETDService;Elan Service; C:\Program Files\Elantech\ETDService.exe [2015-10-11 124616]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2016-07-16 38792]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2016-07-16 38792]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-10-13 354840]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2016-10-10 24576]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2016-07-16 38792]
R2 OneSyncSvc_4634c;Hostitel synchronizace_4634c; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2016-07-16 38792]
R2 ReimageRealTimeProtector;Reimage Real Time Protector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-11-06 6542704]
R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 Updater Service;Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-29 243232]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2016-07-16 38792]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
R3 PimIndexMaintenanceSvc_4634c;Data kontaktů_4634c; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R3 UnistoreSvc_4634c;Úložiště uživatelských dat_4634c; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
S2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-22 270016]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-07-16 69632]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-26 867080]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2016-09-09 548152]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 MessagingService_4634c;Služba zasílání zpráv_4634c; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2016-12-01 172488]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-10-10 894976]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2016-07-16 253440]
S3 UnistoreSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S4 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-07-16 47280]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S4 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]

-----------------EOF-----------------

[abdul99]

info.txt logfile of random's system information tool 1.10 2016-12-15 17:57:32

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A3F914DB200000020210027FEFFFF000800000000A00180FEFFFF07FEFFFF0008A0010020030000FEFFFF07FEFFFF0028A3010028791B0000000000000000000000000000000055AA

======Uninstall list======

-->"C:\Program Files\Packard Bell Games\Web Link - Club Penguin\Uninstall.exe"
-->C:\ProgramData\{3A83B8C4-5F70-453E-A723-B5672F107885}\WeatherBugSetup.exe
32 Bit HP CIO Components Installer-->MsiExec.exe /I{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 23 NPAPI-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_185_Plugin.exe -maintain plugin
Adobe Photoshop Elements 8.0-->msiexec /i {17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}
Adobe Reader 9.5.5 MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-A91000000001}
Apple Mobile Device Support-->MsiExec.exe /I{5CFFD58D-A8EB-439C-B3FD-A8862C886C55}
Apple Software Update-->MsiExec.exe /I{56EC47AA-5813-4FF6-8E75-544026FBEA83}
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0005 -removeonly
Atheros_7.0.2.13_patch2_32-->"C:\Program Files\Atheros_7.0.2.13_patch2_32\unins000.exe"
Bluetooth Win7 Suite-->MsiExec.exe /X{101A497C-7EF6-4001-834D-E5FA1C70FEFA}
Bonjour-->MsiExec.exe /X{D168AAD0-6686-47C1-B599-CDD4888B9D1A}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2010-10-10-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
ELAN Touchpad 11.15.0.18_X86-->%ProgramFiles%\Elantech\ETDUn_inst.exe
ENE USB Card Reader Driver-->C:\PROGRA~1\DIFX\1D7EDB~1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\eucr6sk.inf_x86_neutral_e675a9964cc7b295\eucr6sk.inf
HP Customer Participation Program 14.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet D5500 Printer Driver Software 14.0 Rel. 6-->C:\Program Files\HP\Digital Imaging\{FE45D881-F9B6-40C0-A833-8CAF92094AB3}\setup\hpzscr01.exe -datfile hphscr34.dat -onestop -forcereboot
HP Imaging Device Functions 14.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 14.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
IB Updater Service-->"C:\Windows\system32\WNLT\Installation\Uninstall\UninstallerLauncher.exe"
iCloud-->MsiExec.exe /I{4095FF7C-1B30-4080-BD78-9BD415904E20}
ICQ7.4-->"C:\Program Files\InstallShield Installation Information\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Identity Card-->C:\Program Files\Packard Bell\Identity Card\Uninstall.exe
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{C27F2813-083D-4E6C-A565-17E22D1F7FC8}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Launch Manager-->C:\Windows\UNINSTLMv4.EXE LMv4.UNI
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe /I{B44F3823-52DD-45CA-A916-8B320778715D}
Microsoft .NET Framework 4.5.1 (CSY)-->MsiExec.exe /X{123F4E9B-80E6-3A84-BDD4-3CB3AC59ABF0}
Microsoft .NET Framework 4.5.1-->MsiExec.exe /X{4903D172-DCCB-392F-93A3-34CA9D47FE3D}
Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}
Microsoft Office Klikni a spusť 2010-->"C:\PROGRA~1\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Microsoft Office Klikni a spusť 2010-->MsiExec.exe /I{90140000-006D-0405-0000-0000000FF1CE}
Microsoft Office Starter 2010 - čeština-->C:\Program Files\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Mozilla Firefox 50.0.2 (x86 cs)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
Packard Bell Power Management-->"C:\Program Files\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x405 -removeonly
Packard Bell Recovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x405 -removeonly
Packard Bell Registration-->C:\Program Files\Packard Bell\Registration\Uninstall.exe
Packard Bell ScreenSaver-->C:\Program Files\Packard Bell\Screensaver\Uninstall.exe
Packard Bell Updater-->"C:\Program Files\InstallShield Installation Information\{EE171732-BEB4-4576-887D-CB62727F01CA}\setup.exe" -runfromtemp -l0x405 -removeonly
PDF Speed Converter-->C:\Program Files\PDF Speed Converter\uninstall.exe
Podpora aplikací Apple (32bitová)-->MsiExec.exe /I{29DB9165-5FC1-48F0-9188-26123F526848}
QuickTime 7-->MsiExec.exe /I{627FFC10-CE0A-497F-BA2B-208CAC638010}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Reimage Protector-->C:\Program Files\Reimage\Reimage Protector\Uninst.exe
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype Toolbars-->MsiExec.exe /I{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Skype™ 7.0-->MsiExec.exe /X{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
Speed Test 127-->C:\Program Files\Speed Test 127\uninstall.exe
SweetPacks bundle uninstaller-->MsiExec.exe /X{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}
The KMPlayer (remove only)-->"C:\Users\Dana\Desktop\Progamy\KMP přehrávač\The KMPlayer\uninstall.exe"
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
Video Web Camera-->MsiExec.exe /I{83299633-1261-47A3-84F3-6F02B4B8CDB1}
Visual Studio 2012 x86 Redistributables-->MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
VLC media player-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Welcome Center-->C:\Program Files\Packard Bell\Welcome Center\Uninstall.exe
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live Family Safety-->MsiExec.exe /I{8A30D5C0-BD4A-4E65-AADF-20A457DE6D38}
Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC}
Windows Live Fotogalerie-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C454280F-3C3E-4929-B60E-9E6CED5717E7}
Windows Live Mesh-->MsiExec.exe /I{80E8C65A-8F70-4585-88A2-ABC54BABD576}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{50300123-F8FC-4B50-B449-E847D04F1BA2}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live Remote Client Resources-->MsiExec.exe /I{454F5782-A4C3-480E-A629-D435795DEFD8}
Windows Live Remote Client-->MsiExec.exe /I{19A4A990-5343-4FF7-B3B5-6F046C091EDF}
Windows Live Remote Service Resources-->MsiExec.exe /I{0891B708-EF3F-4D7E-9724-265245F46276}
Windows Live Remote Service-->MsiExec.exe /I{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{068B46A0-8858-4CEB-80BC-A4AE787A05FC}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{AB78C965-5C67-409B-8433-D7B5BDB12073}
Windows Live Writer-->MsiExec.exe /X{4264C020-850B-4F08-ACBE-98205D9C336C}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Zoner Photo Studio 10-->"C:\Program Files\Zoner\Photo Studio 10\unins000.exe" /SILENT

======System event log======

Computer Name: Irča.pc
Event Code: 25
Message: Zásada spouštěcí nabídky byla 0x1.
Record Number: 5
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20161010120857.251649-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Irča.pc
Event Code: 27
Message: Typ spuštění byl 0x0.
Record Number: 4
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20161010120857.251647-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Irča.pc
Event Code: 6005
Message: Služba Event Log byla spuštěna.
Record Number: 3
Source Name: EventLog
Time Written: 20161010121125.301163-000
Event Type: Informace
User:

Computer Name: Irča.pc
Event Code: 6009
Message: Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free.
Record Number: 2
Source Name: EventLog
Time Written: 20161010121125.269912-000
Event Type: Informace
User:

Computer Name: Irča.pc
Event Code: 12
Message: Operační systém se spustil v systémovém čase ‎2016‎-‎10‎-‎10T12:08:55.499282500Z.
Record Number: 1
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20161010120857.250503-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Irča.pc
Event Code: 7003
Message: Protokol adaptéru naslouchání net.tcp se úspěšně připojil k aktivační službě procesů systému Windows.
Record Number: 5
Source Name: Microsoft-Windows-WAS-ListenerAdapter
Time Written: 20161010121907.768093-000
Event Type: Informace
User:

Computer Name: Irča.pc
Event Code: 1000
Message: Performance counters for the ASP.NET_2.0.50727 (ASP.NET_2.0.50727) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
Record Number: 4
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20161010121846.852798-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Irča.pc
Event Code: 5617
Message: Subsystémy služby WMI (Windows Management Instrumentation) byly úspěšně inicializovány.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20161010121243.561018-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Irča.pc
Event Code: 5615
Message: Služba WMI (Windows Management Instrumentation) byla úspěšně spuštěna.
Record Number: 2
Source Name: Microsoft-Windows-WMI
Time Written: 20161010121141.015747-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Irča.pc
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20161010121126.169962-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Irča.pc
Event Code: 4688
Message: Byl vytvořen nový proces.

Tvůrčí subjekt:
ID zabezpečení: S-1-5-18
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x3E7

Cílový subjekt:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x0

Informace o procesu:
ID nového procesu: 0x1a4
Název nového procesu: C:\Windows\System32\smss.exe
Typ zvýšení oprávnění tokenu: %%1936
Povinný štítek: S-1-16-16384
ID tvůrčího procesu: 0x140
Název tvůrčího procesu: C:\Windows\System32\smss.exe
Příkazový řádek procesu:

Typ zvýšení oprávnění tokenu označuje typ tokenu, který byl přiřazen novému procesu v souladu se zásadami nástroje Řízení uživatelských účtů.

Typ 1 je úplný token, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Úplný token se používá pouze v případě, že je vypnut nástroj Řízení uživatelských účtů nebo pokud uživatel je integrovaný účet Administrator nebo účet služby.

Typ 2 je token se zvýšenými oprávněními, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Token se zvýšenými oprávněními se používá, pokud je zapnut nástroj Řízení uživatelských účtů a uživatel se rozhodne spustit program pomocí možnosti Spustit jako správce. Token se zvýšenými oprávněními se také používá, pokud je aplikace nakonfigurována tak, aby vždy vyžadovala oprávnění správce nebo maximální oprávnění, a uživatel je členem skupiny Administrators.

Typ 3 je omezený token s odebranými oprávněními správce a zakázanými skupinami pro správu. Omezený token se používá, pokud je zapnut nástroj Řízení uživatelských účtů, aplikace nevyžaduje oprávnění správce a uživatel se nerozhodne spustit program pomocí možnosti Spustit jako správce.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161010121000.892030-000
Event Type: Úspěšný audit
User:

Computer Name: Irča.pc
Event Code: 4688
Message: Byl vytvořen nový proces.

Tvůrčí subjekt:
ID zabezpečení: S-1-5-18
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x3E7

Cílový subjekt:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x0

Informace o procesu:
ID nového procesu: 0x198
Název nového procesu: C:\Windows\System32\setupcl.exe
Typ zvýšení oprávnění tokenu: %%1936
Povinný štítek: S-1-16-16384
ID tvůrčího procesu: 0x140
Název tvůrčího procesu: C:\Windows\System32\smss.exe
Příkazový řádek procesu:

Typ zvýšení oprávnění tokenu označuje typ tokenu, který byl přiřazen novému procesu v souladu se zásadami nástroje Řízení uživatelských účtů.

Typ 1 je úplný token, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Úplný token se používá pouze v případě, že je vypnut nástroj Řízení uživatelských účtů nebo pokud uživatel je integrovaný účet Administrator nebo účet služby.

Typ 2 je token se zvýšenými oprávněními, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Token se zvýšenými oprávněními se používá, pokud je zapnut nástroj Řízení uživatelských účtů a uživatel se rozhodne spustit program pomocí možnosti Spustit jako správce. Token se zvýšenými oprávněními se také používá, pokud je aplikace nakonfigurována tak, aby vždy vyžadovala oprávnění správce nebo maximální oprávnění, a uživatel je členem skupiny Administrators.

Typ 3 je omezený token s odebranými oprávněními správce a zakázanými skupinami pro správu. Omezený token se používá, pokud je zapnut nástroj Řízení uživatelských účtů, aplikace nevyžaduje oprávnění správce a uživatel se nerozhodne spustit program pomocí možnosti Spustit jako správce.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161010120939.451389-000
Event Type: Úspěšný audit
User:

Computer Name: Irča.pc
Event Code: 4688
Message: Byl vytvořen nový proces.

Tvůrčí subjekt:
ID zabezpečení: S-1-5-18
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x3E7

Cílový subjekt:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x0

Informace o procesu:
ID nového procesu: 0x150
Název nového procesu: C:\Windows\System32\autochk.exe
Typ zvýšení oprávnění tokenu: %%1936
Povinný štítek: S-1-16-16384
ID tvůrčího procesu: 0x140
Název tvůrčího procesu: C:\Windows\System32\smss.exe
Příkazový řádek procesu:

Typ zvýšení oprávnění tokenu označuje typ tokenu, který byl přiřazen novému procesu v souladu se zásadami nástroje Řízení uživatelských účtů.

Typ 1 je úplný token, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Úplný token se používá pouze v případě, že je vypnut nástroj Řízení uživatelských účtů nebo pokud uživatel je integrovaný účet Administrator nebo účet služby.

Typ 2 je token se zvýšenými oprávněními, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Token se zvýšenými oprávněními se používá, pokud je zapnut nástroj Řízení uživatelských účtů a uživatel se rozhodne spustit program pomocí možnosti Spustit jako správce. Token se zvýšenými oprávněními se také používá, pokud je aplikace nakonfigurována tak, aby vždy vyžadovala oprávnění správce nebo maximální oprávnění, a uživatel je členem skupiny Administrators.

Typ 3 je omezený token s odebranými oprávněními správce a zakázanými skupinami pro správu. Omezený token se používá, pokud je zapnut nástroj Řízení uživatelských účtů, aplikace nevyžaduje oprávnění správce a uživatel se nerozhodne spustit program pomocí možnosti Spustit jako správce.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161010120932.177246-000
Event Type: Úspěšný audit
User:

Computer Name: Irča.pc
Event Code: 4688
Message: Byl vytvořen nový proces.

Tvůrčí subjekt:
ID zabezpečení: S-1-5-18
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x3E7

Cílový subjekt:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x0

Informace o procesu:
ID nového procesu: 0x140
Název nového procesu: C:\Windows\System32\smss.exe
Typ zvýšení oprávnění tokenu: %%1936
Povinný štítek: S-1-16-16384
ID tvůrčího procesu: 0x4
Název tvůrčího procesu:
Příkazový řádek procesu:

Typ zvýšení oprávnění tokenu označuje typ tokenu, který byl přiřazen novému procesu v souladu se zásadami nástroje Řízení uživatelských účtů.

Typ 1 je úplný token, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Úplný token se používá pouze v případě, že je vypnut nástroj Řízení uživatelských účtů nebo pokud uživatel je integrovaný účet Administrator nebo účet služby.

Typ 2 je token se zvýšenými oprávněními, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Token se zvýšenými oprávněními se používá, pokud je zapnut nástroj Řízení uživatelských účtů a uživatel se rozhodne spustit program pomocí možnosti Spustit jako správce. Token se zvýšenými oprávněními se také používá, pokud je aplikace nakonfigurována tak, aby vždy vyžadovala oprávnění správce nebo maximální oprávnění, a uživatel je členem skupiny Administrators.

Typ 3 je omezený token s odebranými oprávněními správce a zakázanými skupinami pro správu. Omezený token se používá, pokud je zapnut nástroj Řízení uživatelských účtů, aplikace nevyžaduje oprávnění správce a uživatel se nerozhodne spustit program pomocí možnosti Spustit jako správce.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161010120930.832690-000
Event Type: Úspěšný audit
User:

Computer Name: Irča.pc
Event Code: 4826
Message: Načetla se konfigurační data spouštění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: -
Doména účtu: -
ID přihlášení: 0x3E7

Obecné nastavení:
Možnosti načtení: -
Upřesňující možnosti: Ne
Zásady přístupu ke konfiguraci: Výchozí
Protokolování systémových událostí: Ne
Ladění jádra: Ne
Typ spuštění VSM: Vypnuto

Nastavení podpisu:
Testovací podepsání: Ne
Podepsání za běhu: Ne
Zakázat kontroly integrity: Ne

Nastavení HyperVisoru:
Možnosti načtení HyperVisoru: -
Typ spuštění HyperVisoru: Vypnuto
Ladění HyperVisoru: Ne
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161010120930.663764-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=1c0a
"FP_NO_HOST_CHECK"=NO
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared;C:\Program Files\QuickTime\QTSystem\
"asl.log"=Destination=file
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

[altrok]

Krasny den Vam preju


V pocitaci je trocha malwaru, ale hlavne je tam plno brzd a zbytecnosti, ktere na tomto hardwaru muzou byt docela znat. Pocitaci odlehcime a uvidite.


Odinstalujte

• Skype Click to Call - adware z instalace Skypu http://forum.viry.cz/viewtopic.php?p=1374439#p1374439
• QuickTime - Apple ukoncil jeho vyvoj a je znamo nekolik kritickych zranitelnosti https://csirt.cz/page/3232/

V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).


Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan (Skenovani), pote na Clean (Cisteni)
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

[abdul99]

# AdwCleaner v6.041 - Log vytvořen 17/12/2016 v 10:45:43
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-17.1 [Místní]
# Operační systém : Windows 10 Home (X86)
# Uživatelské jméno : Dana - IRČA
# Spuštěno z : C:\Users\Dana\Desktop\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: ReimageRealTimeProtector


***** [ Složky ] *****

[-] Složka smazána: C:\ProgramData\Avg_Update_0316av
[-] Složka smazána: C:\ProgramData\Avg_Update_0814tb
[-] Složka smazána: C:\Users\Dana\AppData\Roaming\freegames111
[-] Složka smazána: C:\ProgramData\ICQ\ICQToolbar
[-] Složka smazána: C:\ProgramData\Partner
[-] Složka smazána: C:\ProgramData\Reimage Protector
[-] Složka smazána: C:\ProgramData\ICQ\ICQNewTab
[-] Složka smazána: C:\Program Files\AVG Security Toolbar
[-] Složka smazána: C:\Program Files\MyPC Backup
[-] Složka smazána: C:\Program Files\Reimage
[-] Složka smazána: C:\Program Files\Speed Test 127
[#] Složka smazána po restartu: C:\Program Files\reimage
[-] Složka smazána: C:\WINDOWS\system32\ARFC
[-] Složka smazána: C:\WINDOWS\system32\jmdp
[-] Složka smazána: C:\WINDOWS\system32\mjcm
[-] Složka smazána: C:\WINDOWS\system32\WNLT


***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\Dana\AppData\LocalLow\SkwConfig.bin
[-] Soubor smazán: C:\WINDOWS\Reimage.ini
[-] Soubor smazán: C:\WINDOWS\system32\ImhxxpComm.dll
[-] Soubor smazán: C:\Program Files\Mozilla Firefox\avg-secure-search.xml
[-] Soubor smazán: C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[-] Soubor smazán: C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304\searchplugins\MyStart Search.xml
[-] Soubor smazán: C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304\searchplugins\SweetIM Search.xml
[#] Soubor smazán: C:\Program Files\Mozilla Firefox\avg-secure-search.xml
[#] Soubor smazán: C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] Soubor smazán: C:\Program Files\Mozilla Firefox\avg-secure-search.xml
[#] Soubor smazán: C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] Soubor smazán: C:\Program Files\Mozilla Firefox\avg-secure-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****

[-] Úloha smazána: ReimageUpdater
[-] Úloha smazána: ReimageUpdater
[-] Úloha smazána: reimageupdater


***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\Free Games 111.BackgroundHostObject
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Free Games 111.BackgroundHostObject.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Klíč smazán: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Speed Test 127.BackgroundHostObject
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Speed Test 127.BackgroundHostObject.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Speed Test 127.Navbar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Speed Test 127.Navbar.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Speed Test 127.ScriptHostObject
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Speed Test 127.ScriptHostObject.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Speed Test 127.Tool
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Speed Test 127.Tool.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{FB61B649-3FC8-4754-89A2-501456130AB5}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{3013E03D-89D5-4580-8560-DB198297CC29}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{53FDCCB0-2404-4274-9002-5A3A1FD40426}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{B69509B5-4A90-4433-A2DE-BE439F6581F2}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{F2F1AE7C-149B-46D3-9498-12572C7AFE11}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{FD58258C-84A6-4DEF-9793-019BE7F491A7}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
[-] Klíč smazán: HKU\.DEFAULT\Software\ImInstaller
[-] Klíč smazán: HKU\.DEFAULT\Software\SweetIM
[-] Klíč smazán: HKU\.DEFAULT\Software\WNLT
[-] Klíč smazán: HKU\S-1-5-21-3497683291-3561215994-884762207-1000\Software\ICQ\ICQToolbar
[-] Klíč smazán: HKU\S-1-5-21-3497683291-3561215994-884762207-1000\Software\ImInstaller
[-] Klíč smazán: HKU\S-1-5-21-3497683291-3561215994-884762207-1000\Software\Reimage
[-] Klíč smazán: HKU\S-1-5-21-3497683291-3561215994-884762207-1000\Software\SweetIM
[-] Klíč smazán: HKU\S-1-5-21-3497683291-3561215994-884762207-1000\Software\WNLT
[-] Klíč smazán: HKU\S-1-5-21-3497683291-3561215994-884762207-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3497683291-3561215994-884762207-1000\Software\Speed Test 127
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3497683291-3561215994-884762207-1000\Software\SweetIM
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3497683291-3561215994-884762207-1000\Software\WNLT
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ImInstaller
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\SweetIM
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\WNLT
[#] Klíč smazán po restartu: HKCU\Software\ICQ\ICQToolbar
[#] Klíč smazán po restartu: HKCU\Software\ImInstaller
[#] Klíč smazán po restartu: HKCU\Software\Reimage
[#] Klíč smazán po restartu: HKCU\Software\SweetIM
[#] Klíč smazán po restartu: HKCU\Software\WNLT
[#] Klíč smazán po restartu: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolbar
[-] Klíč smazán: HKLM\SOFTWARE\ICQ\ICQToolbar
[-] Klíč smazán: HKLM\SOFTWARE\Reimage
[-] Klíč smazán: HKLM\SOFTWARE\SweetIM
[-] Klíč smazán: HKLM\SOFTWARE\WNLT
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speed Test 127
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\237AA359BFA99C94484AF769ACA080AD
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\237AA359BFA99C94484AF769ACA080AD
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\237AA359BFA99C94484AF769ACA080AD
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\237AA359BFA99C94484AF769ACA080AD
[-] Data obnovena: HKU\S-1-5-21-3497683291-3561215994-884762207-1000\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Klíč smazán: HKU\S-1-5-21-3497683291-3561215994-884762207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
[-] Klíč smazán: HKU\S-1-5-21-3497683291-3561215994-884762207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\home.sweetim.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweetim.com
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE


***** [ Prohlížeče ] *****

[-] Firefox předvolby vyčištěny: "browser.newtab.url" - "hxxp://home.sweetim.com/?barid=&UPN2=92263638338696414&src=97&did=10963&&st=23&ptr=100"
[-] Firefox předvolby vyčištěny: "browser.search.defaultenginename" - "SweetIM Search"
[-] Firefox předvolby vyčištěny: "browser.search.selectedEngine" - "SweetIM Search"
[-] Firefox předvolby vyčištěny:
[-] Firefox předvolby vyčištěny: "keyword.URL" - "hxxp://search.sweetim.com/search.asp?src=6&barid=&UPN2=92263638338696414&&did=10963&st=23&ptr=100&q="


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [13489 Bajty] - [17/12/2016 10:45:43]
C:\AdwCleaner\AdwCleaner[S0].txt - [13707 Bajty] - [17/12/2016 10:36:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [13637 Bajty] ##########

[altrok]

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.

[abdul99]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2016
Ran by Dana (administrator) on IRČA (17-12-2016 17:50:11)
Running from C:\Users\Dana\Desktop
Loaded Profiles: Dana (Available Profiles: Dana)
Platform: Microsoft Windows 10 Home Version 1607 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Atheros Communications) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\Video Web Camera\VideoWebCamera.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(forum.viry.cz) C:\Users\Dana\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\Dana\AppData\Local\MSGBOX.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2484424 2015-10-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9218592 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [960080 2010-05-25] (Dritek System Inc.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2484424 2015-10-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [285856 2010-04-23] (Atheros Communications)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [715296 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-09-09] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-3497683291-3561215994-884762207-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-3497683291-3561215994-884762207-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-3497683291-3561215994-884762207-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-3497683291-3561215994-884762207-1000\...\Run: [iCloudPhotos] => C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-3497683291-3561215994-884762207-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-10-20]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk [2010-07-26]
ShortcutTarget: VideoWebCamera.exe.lnk -> C:\Program Files\Video Web Camera\VideoWebCamera.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{05c5efaa-dd0a-43bd-b0f6-91a87c19cd6f}: [DhcpNameServer] 192.168.15.1

Internet Explorer:
==================
HKU\S-1-5-21-3497683291-3561215994-884762207-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0405&m=dots&r=27b502113605l0424ww55f4792d324
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ACPW
SearchScopes: HKU\S-1-5-21-3497683291-3561215994-884762207-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... PW_csCZ418
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-3497683291-3561215994-884762207-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FireFox:
========
FF DefaultProfile: bcb8f2d7.default-1412678756304
FF ProfilePath: C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304 [2016-12-17]
FF Homepage: Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304 -> seznam.cz
FF Extension: (PriceExpert) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304\Extensions\support@priceexpert.com.xpi [2015-10-14]
FF Extension: (Seznam lištička) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-07-20]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-20] [not signed]
FF HKU\S-1-5-21-3497683291-3561215994-884762207-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3497683291-3561215994-884762207-1000: @startmeeting.com/launcher -> C:\Users\Dana\AppData\Local\SMPlugins\npsmlauncher.dll [2013-10-30] (Start Meeting)
FF Plugin HKU\S-1-5-21-3497683291-3561215994-884762207-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dana\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-08-31]
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-06-12] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-11-22]
CHR HKLM\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Dana\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-12-19]
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\System32\mjcm\SweetNT.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor8.0; c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [124616 2015-10-11] (ELAN Microelectronics Corp.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athwn.sys [3228672 2016-07-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_BUS; C:\WINDOWS\System32\drivers\btath_bus.sys [28200 2010-03-30] (Atheros)
R3 ETD; C:\WINDOWS\system32\DRIVERS\ETD.sys [514760 2015-10-11] (ELAN Microelectronics Corp.)
S3 EUCR; C:\WINDOWS\System32\drivers\EUCR6SK.SYS [82384 2010-03-02] (ENE Technology Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-17 17:50 - 2016-12-17 17:54 - 00014452 _____ C:\Users\Dana\Desktop\FRST.txt
2016-12-17 17:48 - 2016-12-17 17:50 - 00000000 ____D C:\FRST
2016-12-17 17:47 - 2016-12-17 17:47 - 00029696 _____ C:\Users\Dana\AppData\Local\MSGBOX.EXE
2016-12-17 17:47 - 2016-12-17 17:47 - 00015327 _____ C:\Users\Dana\Desktop\LM.bat
2016-12-17 17:44 - 2016-12-17 17:46 - 00112640 _____ (forum.viry.cz) C:\Users\Dana\Desktop\FRSTLauncher.exe
2016-12-17 17:42 - 2016-12-17 17:43 - 01762304 _____ (Farbar) C:\Users\Dana\Desktop\FRST.exe
2016-12-17 10:29 - 2016-12-17 10:45 - 00000000 ____D C:\AdwCleaner
2016-12-17 10:27 - 2016-12-17 10:28 - 03977168 _____ C:\Users\Dana\Desktop\adwcleaner_6.041.exe
2016-12-15 17:55 - 2016-12-15 17:57 - 00000000 ____D C:\rsit
2016-12-15 17:55 - 2016-12-15 17:57 - 00000000 ____D C:\Program Files\trend micro
2016-12-15 17:51 - 2016-12-15 17:53 - 01107968 _____ C:\Users\Dana\Desktop\RSIT.exe
2016-12-15 17:24 - 2016-12-15 17:37 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-15 16:41 - 2016-12-15 16:41 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-15 16:40 - 2016-12-15 16:40 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-14 00:31 - 2016-12-14 00:31 - 00000000 ____D C:\Users\Dana\AppData\Local\CEF
2016-12-14 00:30 - 2016-12-14 00:30 - 00000000 ____D C:\ProgramData\Ashampoo
2016-12-14 00:29 - 2016-12-14 00:29 - 00000000 ____D C:\Program Files\Ashampoo
2016-12-14 00:29 - 2009-08-24 21:08 - 00028160 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2016-12-13 23:04 - 2016-12-13 23:04 - 00001046 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-13 23:04 - 2016-12-13 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-13 23:03 - 2016-12-13 23:04 - 00000000 ____D C:\Program Files\CCleaner
2016-12-02 18:17 - 2016-12-02 19:51 - 1529859582 _____ C:\Users\Dana\Downloads\Jak.se.zbavit.nevěsty.2016.XviD.CZ.avi
2016-12-02 15:45 - 2016-12-02 16:42 - 821886222 _____ C:\Users\Dana\Downloads\Lovecká-sezóna--Strašpytel---Open.Season.Scared.Silly.2015.BDRip.x264.CZ.mkv
2016-12-02 15:40 - 2016-12-17 17:50 - 00000000 ____D C:\Users\Dana\AppData\LocalLow\Mozilla
2016-12-01 09:55 - 2016-12-17 10:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-01 08:37 - 2016-12-01 09:25 - 734860660 _____ C:\Users\Dana\Downloads\Imaginarium-Dr.-Parnasse-CZ.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-17 17:40 - 2016-07-16 09:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-17 10:53 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-17 10:51 - 2016-10-10 14:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-17 10:50 - 2016-07-16 03:22 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-12-17 10:50 - 2012-10-02 08:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-17 10:43 - 2016-07-16 09:28 - 00000000 ____D C:\WINDOWS\INF
2016-12-17 10:41 - 2011-02-11 18:30 - 00000000 ____D C:\ProgramData\ICQ
2016-12-17 10:32 - 2016-07-16 09:29 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-17 10:21 - 2015-09-29 07:28 - 00000000 ____D C:\Users\Dana\AppData\Local\Packages
2016-12-17 10:18 - 2011-02-11 19:42 - 00000000 ___RD C:\Program Files\Skype
2016-12-17 09:42 - 2015-07-12 10:06 - 00001504 _____ C:\WINDOWS\wininit.ini
2016-12-15 18:32 - 2016-10-10 13:10 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-15 17:25 - 2016-10-10 13:21 - 00000000 ____D C:\Users\Dana
2016-12-15 17:09 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\registration
2016-12-15 15:20 - 2011-04-13 13:02 - 00407720 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-12-15 09:33 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\rescache
2016-12-14 22:59 - 2014-10-21 14:07 - 00000000 ____D C:\Users\Dana\AppData\Local\Avg
2016-12-14 22:59 - 2012-11-17 10:13 - 00000000 ____D C:\ProgramData\MFAData
2016-12-14 22:57 - 2013-03-14 07:05 - 00000000 ____D C:\ProgramData\AVG
2016-12-14 22:57 - 2012-11-19 09:07 - 00000000 ____D C:\Program Files\AVG
2016-12-14 22:55 - 2015-10-24 21:10 - 00000000 ____D C:\Users\Dana\AppData\Local\AvgSetupLog
2016-12-14 22:49 - 2016-07-16 09:29 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-12-14 00:17 - 2015-09-29 07:47 - 00002396 _____ C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-14 00:17 - 2015-09-29 07:47 - 00000000 ___RD C:\Users\Dana\OneDrive
2016-12-14 00:12 - 2016-10-10 13:18 - 01628296 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-14 00:12 - 2016-07-16 18:01 - 00503944 _____ C:\WINDOWS\system32\perfh005.dat
2016-12-14 00:12 - 2016-07-16 18:01 - 00110084 _____ C:\WINDOWS\system32\perfc005.dat
2016-12-13 23:58 - 2016-07-16 03:22 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-12-13 23:39 - 2016-10-10 14:08 - 00000000 ___DC C:\WINDOWS\Panther
2016-12-13 23:39 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-13 23:39 - 2012-04-29 17:13 - 00000000 ____D C:\Users\Dana\AppData\Roaming\Media Player Classic
2016-12-13 23:39 - 2011-02-15 14:45 - 00000000 ____D C:\Users\Dana\AppData\Local\CrashDumps
2016-12-13 23:39 - 2011-02-11 19:42 - 00000000 ____D C:\Users\Dana\AppData\Roaming\Skype
2016-12-13 21:39 - 2014-11-18 13:41 - 00000000 ___RD C:\Users\Dana\iCloudDrive
2016-12-07 18:16 - 2013-02-20 15:19 - 00001591 _____ C:\Users\Dana\Desktop\počítač.lnk

==================== Files in the root of some directories =======

2013-06-26 15:02 - 2014-06-23 00:19 - 0003736 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-01-14 17:59 - 2014-01-14 17:59 - 0000000 _____ () C:\Users\Dana\AppData\Roaming\pdfconverter
2012-02-12 21:11 - 2012-02-12 21:11 - 0033134 _____ () C:\Users\Dana\AppData\Roaming\UserTile.png
2014-01-08 21:19 - 2014-04-10 06:02 - 0003584 _____ () C:\Users\Dana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-17 17:47 - 2016-12-17 17:47 - 0029696 _____ () C:\Users\Dana\AppData\Local\MSGBOX.EXE
2011-10-08 12:49 - 2011-10-08 12:49 - 0017408 _____ () C:\Users\Dana\AppData\Local\WebpageIcons.db
2014-01-07 11:57 - 2014-01-07 11:57 - 1224186 _____ () C:\Users\Dana\AppData\Local\[j0020]-[p06].bmp
2011-09-05 18:39 - 2011-09-05 18:39 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-10-20 18:08 - 2013-10-20 19:21 - 0002597 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Dana\AppData\Local\Temp\libeay32.dll
C:\Users\Dana\AppData\Local\Temp\msvcr120.dll
C:\Users\Dana\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

[abdul99]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2016
Ran by Dana (17-12-2016 17:57:16)
Running from C:\Users\Dana\Desktop
Microsoft Windows 10 Home Version 1607 (X86) (2016-10-10 13:26:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3497683291-3561215994-884762207-500 - Administrator - Disabled)
Dana (S-1-5-21-3497683291-3561215994-884762207-1000 - Administrator - Enabled) => C:\Users\Dana
DefaultAccount (S-1-5-21-3497683291-3561215994-884762207-503 - Limited - Disabled)
Guest (S-1-5-21-3497683291-3561215994-884762207-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{5CFFD58D-A8EB-439C-B3FD-A8862C886C55}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.31 - Atheros Communications Inc.)
Atheros_7.0.2.13_patch2_32 (HKLM\...\{2D13FC7D-42A8-4BF1-AF0C-B3DC68C59448}_is1) (Version: - Atheros)
Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.00.002.0013 - Atheros Communications)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Combined Community Codec Pack 2010-10-10 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2010.10.10.0 - CCCP Project)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
D5500 (Version: 140.0.690.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_SF_06_D5500_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
ELAN Touchpad 11.15.0.18_X86 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
ENE USB Card Reader Driver (HKLM\...\F3C7F6463C419D1D216961B5B81E2FE534986562) (Version: 5.89.0.66 - ENE)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet D5500 Printer Driver Software 14.0 Rel. 6 (HKLM\...\{FE45D881-F9B6-40C0-A833-8CAF92094AB3}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{4095FF7C-1B30-4080-BD78-9BD415904E20}) (Version: 6.0.1.41 - Apple Inc.)
ICQ7.4 (HKLM\...\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}) (Version: 7.4 - ICQ)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{C27F2813-083D-4E6C-A565-17E22D1F7FC8}) (Version: 12.5.1.21 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 4.0.10 - Packard Bell)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klikni a spusť 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1011 - Microsoft Corporation)
Microsoft Office Starter 2010 - čeština (HKLM\...\{90140011-0066-0405-0000-0000000FF1CE}) (Version: 14.0.4763.1011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3497683291-3561215994-884762207-1000\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 cs) (HKLM\...\Mozilla Firefox 50.1.0 (x86 cs)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Packard Bell Power Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Packard Bell)
Packard Bell Registration (HKLM\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM\...\Packard Bell Screensaver) (Version: 1.1.2009.1217 - Packard Bell )
PDF Speed Converter (HKLM\...\{EC38DB84-B902-4F2D-92D7-297E4E3A0A2A}_is1) (Version: 1.0 - PDFSpeed)
Podpora aplikací Apple (32bitová) (HKLM\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
StartMeeting (HKU\S-1-5-21-3497683291-3561215994-884762207-1000\...\StartMeeting) (Version: 1.3.2589.1001 - Start Meeting LLC)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3497683291-3561215994-884762207-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Video Web Camera (HKLM\...\{83299633-1261-47A3-84F3-6F02B4B8CDB1}) (Version: 5.0.1.7 - liteon)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM\...\Packard Bell Welcome Center) (Version: 1.01.3002 - Packard Bell)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{068B46A0-8858-4CEB-80BC-A4AE787A05FC}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Zoner Photo Studio 10 (HKLM\...\ZonerPhotoStudio10_CZ_is1) (Version: - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3497683291-3561215994-884762207-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dana\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

[altrok]

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [960080 2010-05-25] (Dritek System Inc.)
  HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
  HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
  HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
  Toolbar: HKU\S-1-5-21-3497683291-3561215994-884762207-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
  FF Extension: (PriceExpert) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304\Extensions\support@priceexpert.com.xpi [2015-10-14]
  FF Extension: (Seznam lištička) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-07-20]
  cmd: type "C:\Program Files\mozilla firefox\defaults\pref\itms.js"
  cmd: type "C:\Program Files\mozilla firefox\firefox.cfg"
  CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-11-22]
  CHR HKLM\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Dana\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-12-19]
  C:\Users\Dana\AppData\Roaming\speedtest4354
  CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\System32\mjcm\SweetNT.crx <not found>
  C:\Windows\System32\mjcm
  U3 idsvc; no ImagePath
  2016-12-17 10:29 - 2016-12-17 10:45 - 00000000 ____D C:\AdwCleaner
  2016-12-17 10:27 - 2016-12-17 10:28 - 03977168 _____ C:\Users\Dana\Desktop\adwcleaner_6.041.exe
  2016-12-15 17:55 - 2016-12-15 17:57 - 00000000 ____D C:\rsit
  2016-12-15 17:55 - 2016-12-15 17:57 - 00000000 ____D C:\Program Files\trend micro
  2016-12-15 17:51 - 2016-12-15 17:53 - 01107968 _____ C:\Users\Dana\Desktop\RSIT.exe
  2016-12-14 22:59 - 2014-10-21 14:07 - 00000000 ____D C:\Users\Dana\AppData\Local\Avg
  2016-12-14 22:57 - 2013-03-14 07:05 - 00000000 ____D C:\ProgramData\AVG
  2016-12-14 22:57 - 2012-11-19 09:07 - 00000000 ____D C:\Program Files\AVG
  2016-12-14 22:55 - 2015-10-24 21:10 - 00000000 ____D C:\Users\Dana\AppData\Local\AvgSetupLog
  2013-06-26 15:02 - 2014-06-23 00:19 - 0003736 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
  2016-12-15 16:41 - 2016-12-15 16:41 - 00000000 ____D C:\Program Files\AVAST Software
  2016-12-15 16:40 - 2016-12-15 16:40 - 00000000 ____D C:\ProgramData\AVAST Software
  CMD: dir "C:\Windows\System32\Tasks"
  Hosts:
  EmptyTemp:
  End

[abdul99]

Fix result of Farbar Recovery Scan Tool (x86) Version: 17-12-2016
Ran by Dana (18-12-2016 13:26:51) Run:1
Running from C:\Users\Dana\Desktop
Loaded Profiles: Dana (Available Profiles: Dana)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [960080 2010-05-25] (Dritek System Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3497683291-3561215994-884762207-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Extension: (PriceExpert) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304\Extensions\support@priceexpert.com.xpi [2015-10-14]
FF Extension: (Seznam lištička) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-07-20]
cmd: type "C:\Program Files\mozilla firefox\defaults\pref\itms.js"
cmd: type "C:\Program Files\mozilla firefox\firefox.cfg"
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-11-22]
CHR HKLM\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Dana\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-12-19]
C:\Users\Dana\AppData\Roaming\speedtest4354
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\System32\mjcm\SweetNT.crx <not found>
C:\Windows\System32\mjcm
U3 idsvc; no ImagePath
2016-12-17 10:29 - 2016-12-17 10:45 - 00000000 ____D C:\AdwCleaner
2016-12-17 10:27 - 2016-12-17 10:28 - 03977168 _____ C:\Users\Dana\Desktop\adwcleaner_6.041.exe
2016-12-15 17:55 - 2016-12-15 17:57 - 00000000 ____D C:\rsit
2016-12-15 17:55 - 2016-12-15 17:57 - 00000000 ____D C:\Program Files\trend micro
2016-12-15 17:51 - 2016-12-15 17:53 - 01107968 _____ C:\Users\Dana\Desktop\RSIT.exe
2016-12-14 22:59 - 2014-10-21 14:07 - 00000000 ____D C:\Users\Dana\AppData\Local\Avg
2016-12-14 22:57 - 2013-03-14 07:05 - 00000000 ____D C:\ProgramData\AVG
2016-12-14 22:57 - 2012-11-19 09:07 - 00000000 ____D C:\Program Files\AVG
2016-12-14 22:55 - 2015-10-24 21:10 - 00000000 ____D C:\Users\Dana\AppData\Local\AvgSetupLog
2013-06-26 15:02 - 2014-06-23 00:19 - 0003736 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2016-12-15 16:41 - 2016-12-15 16:41 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-15 16:40 - 2016-12-15 16:40 - 00000000 ____D C:\ProgramData\AVAST Software
CMD: dir "C:\Windows\System32\Tasks"
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\LManager => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully.
HKU\S-1-5-21-3497683291-3561215994-884762207-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304\Extensions\support@priceexpert.com.xpi => moved successfully
C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => moved successfully
C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\bcb8f2d7.default-1412678756304\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => path removed successfully.

========= type "C:\Program Files\mozilla firefox\defaults\pref\itms.js" =========

pref("network.protocol-handler.warn-external.itms", false);


========= End of CMD: =========


========= type "C:\Program Files\mozilla firefox\firefox.cfg" =========


========= End of CMD: =========

"HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn" => key removed successfully.
C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\jljheddigenhleadfofeccneimcmlefp" => key removed successfully.
C:\Users\Dana\AppData\Roaming\speedtest4354\speedtest4354.crx => moved successfully
C:\Users\Dana\AppData\Roaming\speedtest4354 => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj" => key removed successfully.
"C:\Windows\System32\mjcm" => not found.
idsvc => service removed successfully.
C:\AdwCleaner => moved successfully
C:\Users\Dana\Desktop\adwcleaner_6.041.exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\Dana\Desktop\RSIT.exe => moved successfully
C:\Users\Dana\AppData\Local\Avg => moved successfully
C:\ProgramData\AVG => moved successfully
C:\Program Files\AVG => moved successfully
C:\Users\Dana\AppData\Local\AvgSetupLog => moved successfully
C:\Program Files\Mozilla Firefoxavg-secure-search.xml => moved successfully
C:\Program Files\AVAST Software => moved successfully
C:\ProgramData\AVAST Software => moved successfully

========= dir "C:\Windows\System32\Tasks" =========

Volume in drive C is Packard Bell
Volume Serial Number is F01A-4DC1

Directory of C:\Windows\System32\Tasks

17.12.2016 10:44 <DIR> .
17.12.2016 10:44 <DIR> ..
10.10.2016 14:07 2˙276 0316avUpdateInfo
22.10.2016 00:17 3˙888 Adobe Flash Player Updater
10.10.2016 14:07 3˙076 Adobe online update program
10.10.2016 14:07 <DIR> Apple
10.10.2016 14:07 2˙306 AVG-Secure-Search-Update_JUNE2013_HP_rmv
13.12.2016 23:04 2˙846 CCleanerSkipUAC
12.02.2011 14:56 3˙532 CreateChoiceProcessTask
10.10.2016 14:07 <DIR> Microsoft
10.10.2016 14:07 <DIR> OfficeSoftwareProtectionPlatform
10.10.2016 14:07 2˙820 OneDrive Standalone Update Task
14.12.2016 00:19 3˙266 OneDrive Standalone Update Task v2
10.10.2016 14:07 2˙160 SidebarExecute
07.03.2014 06:30 3˙918 User_Feed_Synchronization-{742B1088-7624-4D29-8B3A-1945A08195AA}
10.10.2016 14:07 <DIR> WPD
10.10.2016 14:07 2˙286 {0D5AA311-901F-409C-ACCE-DD5CD2DE05E7}
10.10.2016 14:07 2˙470 {58CE2D40-1DEC-43CF-8CCE-C617B5D88D84}
29.09.2013 18:58 2˙950 {9157E47B-102A-418E-91B5-C0D116FD17BB}
10.10.2016 14:07 2˙014 {EBB64E1A-FD5C-4B08-B1EC-8F01C4A03215}
14 File(s) 39˙808 bytes
6 Dir(s) 47˙603˙793˙920 bytes free

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 1426352 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36790997 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 1184433 B
Edge => 313 B
Chrome => 114688 B
Firefox => 42921894 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 66016 B
NetworkService => 119875640 B
Dana => 37363397 B

RecycleBin => 0 B
EmptyTemp: => 228.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:30:58 ====

[abdul99]

A ještě bych se chtěl zeptat na antivir. V systému je windows defender, který mi hodně vytěžuje hw - ve správci úloh značený jako antimalware service executable. Jiný nemám. Má smysl cpát do systému třeba avast?

[altrok]

Pokud Defender takto blbne, urcite bych jej vymenil. Z free antiviru doporucuji avast nebo Aviru (ve free verzi jen anglicky) nebo mrknete na srovnavaci testy http://forum.viry.cz/viewtopic.php?f=14 ... &start=210


Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868

• Upozorneni: tento sken zabere od 30 minut po nekolik hodin

[abdul99]

Chtel bych se zeptat, jestli musim nechat ntb zapnuty se zapnutym mbamem nez mi odpovite co s vysledkem scanu, nebo zda mohu ntb vypnout a vratit se k tomu. Zkousel jsem to nechat zapnute pres noc, ale rano byl ntb zamrznuty tak delam scan znovu a zatim trva 2 hodiny a stale skenuje system souboru.

[altrok]

Lepsi je nechat pocitac zapnuty. Zamrznuti muze mit na svedomi havet (vetsinu, ne-li vsechnu, aktivni haveti jsme jiz odstranili), ale take HW porucha (necitelne sektory na disku apod.).

[abdul99]

Tak právě se mi to zase seklo a celý dvouhodinový scan je v ... Ale asi to byla moje chyba, protože jsem se snažil zmenšit okno mbamu..

[altrok]

Prace s velikosti okna by na prubeh skenovani nemela mit vliv (maximalne zpomaleni, ale urcite ne zamrznuti celeho programu). Jeste chvili vydrzte a pokud se MBAM opravdu zasekl, tak jej ukoncete a provedte sken vizte postup nize - v navodu jsou nepresnosti, protoze jsem jej jeste nestihl prepsat k poslednimu updatu.

Ulozte na plochu ESET Online Scanner kliknutim na esetsmartinstaller_csy.exe

• ulozeny esetsmartinstaller_csy.exe dvojklikem spustte
• zaskrtnete Ano, souhlasim s podminkami uziti a kliknete na Spustit
• vyberte moznost Povolit detekci nechtenych aplikaci
• rozkliknete moznost Rozsirene nastaveni a
  • zruste zatrzitko u volby Odstranit nalezene infiltrace
  • ponechte zatrhnutou moznost Pouzit technologii Anti-Stealth
• kliknete na Kontrola, cimz se spusti az nekolikahodinovy sken
• po dokonceni skenu kliknete na Seznam nalezenych infiltraci (v pripade zadneho nalezu log nevytvorite)
• kliknete na Ulozit do textoveho souboru, log pojmenujte jako ESETlog a ulozte na plochu
• obsah logu vlozte do pristi odpovedi
• kliknete na << Zpet a zatrhnete moznost Odinstalovat
• klikem na Dokoncit ESET Online Scanner zavrete.