Dobrý večer,
prosím o pomoc- pomalé načítání stránek, sem tam vyskočí reklamní okno či antivirus detekuje trojana.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:28:54, on 7.3.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Mindjet\MindManager 16\MmReminderService.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Users\zdrahal\Desktop\hijackthis.exe
C:\WINDOWS\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpageing123.com/?type=hp ... 4542406652
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://intranet.entry.siemens.com/osiep/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxyconf
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_92\bin\ssv.dll
O2 - BHO: Trend Micro Osprey Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_92\bin\jp2ssv.dll
O3 - Toolbar: PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [USM] C:\Program Files (x86)\Siemens\USM\USM.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SBUSGUI] C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 16\MMReminderService.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: CodeMeter Control Center.lnk = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
O4 - Global Startup: Snagit 10.lnk = C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll/201
O8 - Extra context menu item: Send Link To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll/203
O8 - Extra context menu item: Send Page To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll/204
O8 - Extra context menu item: Send Text To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll/202
O9 - Extra button: Send to MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ww004.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ww004.siemens.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ww004.siemens.net
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BarTender System Service - Seagull Scientific, Inc. - C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
O23 - Service: BlackBerry Device Manager - BlackBerry Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Commander Service - Unknown owner - C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Pulse Secure, LLC - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ed2k idle service (ed2kidle) - http://www.amulew.org/ - C:\Program Files (x86)\amuleCexx\ed2k.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FileOpen Manager (FileOpenManager) - FileOpen Systems Inc. - C:\Program Files\FileOpen\Services\FileOpenManager64.exe
O23 - Service: Update Service(FirefoxU) (FirefoxU) - Unknown owner - C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Hotkey Service - HP - C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - HP - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Kyubey - Unknown owner - C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe
O23 - Service: Printer Maestro (Maestro) - Seagull Scientific, Inc. - C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: OfficeScan NT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Dell Migration Manager RUM Agent Service (QsRUMAgent) - Dell Software Inc - C:\WINDOWS\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
O23 - Service: OfficeScan Common Client Solution Framework (TmCCSF) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: UC??????? (UCBrowserSvc) - Unknown owner - C:\Program Files (x86)\UCBrowser\Application\UCService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14190 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zpomalené načítání stránek
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zpomalené načítání stránek
Zdravím!
HijackThis už má zenit slávy za sebou. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
HijackThis už má zenit slávy za sebou. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zpomalené načítání stránek
Dobrý večer,
zasílám výpis z FRST. Děkuji za pomoc
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by zdrahal (administrator) on FST6008C (08-03-2017 21:47:47)
Running from C:\Users\zdrahal\Desktop
Loaded Profiles: zdrahal (Available Profiles: zdrahal & FSTM_local)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\CxUtilSvc.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(HP) C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(Dell Software Inc) C:\Windows\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\fvenotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Conexant) C:\Program Files\CONEXANT\MicTray\MicTray64.exe
(Atos IT Solutions and Services GmbH) C:\Program Files\CardOS API\bin\cardoscp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(SAP AG) C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 16\MmReminderService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
(hxxp://www.amulew.org/) C:\Program Files (x86)\amuleCexx\ed2k.exe
() C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
() C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MicTray] => C:\Program Files\Conexant\MicTray\MicTray64.exe [11289176 2015-12-24] (Conexant)
HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\HP-NB-AIO\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc.)
HKLM\...\Run: [CardOS API] => C:\Program Files\CardOS API\bin\cardoscp.exe [169472 2012-10-30] (Atos IT Solutions and Services GmbH)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1568760 2016-05-30] (FileOpen Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USM] => C:\Program Files (x86)\Siemens\USM\USM.exe [57344 2007-11-07] (Siemens AG)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2503608 2016-05-26] (Trend Micro Inc.)
HKLM-x32\...\Run: [SBUSGUI] => C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe [717376 2014-01-15] (SAP AG)
HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 16\MMReminderService.exe [116424 2015-10-08] (Mindjet)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Disallowed\Certificates: 02C2D931062D7B1DC2A5C7F5F0685064081FB221 (U)
HKLM\...\Disallowed\Certificates: 08738A96A4853A52ACEF23F782E8E1FEA7BCED02 (U)
HKLM\...\Disallowed\Certificates: 08E4987249BC450748A4A78133CBF041A3510033 (U)
HKLM\...\Disallowed\Certificates: 09271DD621EBD3910C2EA1D059F99B8181405A17 (U)
HKLM\...\Disallowed\Certificates: 09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E (U)
HKLM\...\Disallowed\Certificates: 1916A2AF346D399F50313C393200F14140456616 (U)
HKLM\...\Disallowed\Certificates: 23EF3384E21F70F034C467D4CBA6EB61429F174E (U)
HKLM\...\Disallowed\Certificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (U)
HKLM\...\Disallowed\Certificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (U)
HKLM\...\Disallowed\Certificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (U)
HKLM\...\Disallowed\Certificates: 330D8D3FD325A0E5FDDDA27013A2E75E7130165F (U)
HKLM\...\Disallowed\Certificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (U)
HKLM\...\Disallowed\Certificates: 374D5B925B0BD83494E656EB8087127275DB83CE (U)
HKLM\...\Disallowed\Certificates: 3A26012171855D4020C973BEC3F4F9DA45BD2B83 (U)
HKLM\...\Disallowed\Certificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (U)
HKLM\...\Disallowed\Certificates: 3EB44E5FFE6DC72DED703E99902722DB38FFD1CB (U)
HKLM\...\Disallowed\Certificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (U)
HKLM\...\Disallowed\Certificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (U)
HKLM\...\Disallowed\Certificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (U)
HKLM\...\Disallowed\Certificates: 4822824ECE7ED1450C039AA077DC1F8AE3489BBF (U)
HKLM\...\Disallowed\Certificates: 4D8547B7F864132A7F62D9B75B068521F10B68E3 (U)
HKLM\...\Disallowed\Certificates: 4DF13947493CFF69CDE554881C5F114E97C3D03B (U)
HKLM\...\Disallowed\Certificates: 4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F (U)
HKLM\...\Disallowed\Certificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (U)
HKLM\...\Disallowed\Certificates: 587B59FB52D8A683CBE1CA00E6393D7BB923BC92 (U)
HKLM\...\Disallowed\Certificates: 5CE339465F41A1E423149F65544095404DE6EBE2 (U)
HKLM\...\Disallowed\Certificates: 5D5185DF1EB7DC76015422EC8138A5724BEE2886 (U)
HKLM\...\Disallowed\Certificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (U)
HKLM\...\Disallowed\Certificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (U)
HKLM\...\Disallowed\Certificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (U)
HKLM\...\Disallowed\Certificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (U)
HKLM\...\Disallowed\Certificates: 6431723036FD26DEA502792FA595922493030F97 (U)
HKLM\...\Disallowed\Certificates: 6690C02B922CBD3FF0D0A5994DBD336592887E3F (U)
HKLM\...\Disallowed\Certificates: 7311E77EC400109D6A5326D8F6696204FD59AA3B (U)
HKLM\...\Disallowed\Certificates: 7613BF0BA261006CAC3ED2DDBEF343425357F18B (U)
HKLM\...\Disallowed\Certificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (U)
HKLM\...\Disallowed\Certificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (U)
HKLM\...\Disallowed\Certificates: 838FFD509DE868F481C29819992E38A4F7082873 (U)
HKLM\...\Disallowed\Certificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (U)
HKLM\...\Disallowed\Certificates: 8977E8569D2A633AF01D0394851681CE122683A6 (U)
HKLM\...\Disallowed\Certificates: 8B2E65A5DA17FCCCBCDE7EF87B0C0ED5D0701F9F (U)
HKLM\...\Disallowed\Certificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (U)
HKLM\...\Disallowed\Certificates: 915A478DB939925DA8D9AEA12D8BBA140D26599C (U)
HKLM\...\Disallowed\Certificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (U)
HKLM\...\Disallowed\Certificates: 98A04E4163357790C4A79E6D713FF0AF51FE6927 (U)
HKLM\...\Disallowed\Certificates: A1505D9843C826DD67ED4EA5209804BDBB0DF502 (U)
HKLM\...\Disallowed\Certificates: A221D360309B5C3C4097C44CC779ACC5A9845B66 (U)
HKLM\...\Disallowed\Certificates: A35A8C727E88BCCA40A3F9679CE8CA00C26789FD (U)
HKLM\...\Disallowed\Certificates: A7B5531DDC87129E2C3BB14767953D6745FB14A6 (U)
HKLM\...\Disallowed\Certificates: A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 (U)
HKLM\...\Disallowed\Certificates: B533345D06F64516403C00DA03187D3BFEF59156 (U)
HKLM\...\Disallowed\Certificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (U)
HKLM\...\Disallowed\Certificates: BED412B1334D7DFCEBA3015E5F9F905D571C45CF (U)
HKLM\...\Disallowed\Certificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (U)
HKLM\...\Disallowed\Certificates: C6796490CDEEAAB31AED798752ECD003E6866CB2 (U)
HKLM\...\Disallowed\Certificates: C69F28C825139E65A646C434ACA5A1D200295DB1 (U)
HKLM\...\Disallowed\Certificates: CEA586B2CE593EC7D939898337C57814708AB2BE (U)
HKLM\...\Disallowed\Certificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (U)
HKLM\...\Disallowed\Certificates: D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E (U)
HKLM\...\Disallowed\Certificates: D2DBF71823B2B8E78F5958096150BFCB97CC388A (U)
HKLM\...\Disallowed\Certificates: D43153C8C25F0041287987250F1E3CABAC8C2177 (U)
HKLM\...\Disallowed\Certificates: D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B (U)
HKLM\...\Disallowed\Certificates: DB5042ED256FF426867B332887ECCE2D95E79614 (U)
HKLM\...\Disallowed\Certificates: E1F3591E769865C4E447ACC37EAFC9E2BFE4C576 (U)
HKLM\...\Disallowed\Certificates: E38A2B7663B86796436D8DF5898D9FAA6835B238 (U)
HKLM\...\Disallowed\Certificates: E95DD86F32C771F0341743EBD75EC33C74A3DED9 (U)
HKLM\...\Disallowed\Certificates: E9809E023B4512AA4D4D53F40569C313C1D0294D (U)
HKLM\...\Disallowed\Certificates: F5A874F3987EB0A9961A564B669A9050F770308A (U)
HKLM\...\Disallowed\Certificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (U)
HKLM\...\Disallowed\Certificates: F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB (U)
HKLM\...\Disallowed\Certificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (U)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {084b234d-f5c3-11e6-8772-fc3fdb8400b9} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {11108763-27fb-11e6-8598-fc3fdb8400b9} - G:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {17e1a827-a005-11e6-9ced-a434d9a1e617} - H:\winopen.exe \index.html
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {9e838994-6112-11e6-8c52-a434d9a1e617} - G:\Setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {e9aa8549-4b13-11e6-9c57-a434d9a1e617} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {f1a8eb31-6a06-11e6-9705-a434d9a1e617} - I:\setup.exe
HKLM\...\Providers\yks9i9i9: C:\Program Files (x86)\Sterberph Controls\local64spl.dll [315904 2017-02-11] ()
ShellExecuteHooks: No Name - {49CA6BDA-ECD2-11E6-B70F-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Plpoentthvutain\Chuvet.dll -> No File
ShellExecuteHooks: No Name - {AD722266-ECD2-11E6-BE37-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Ckafoy\Pherluycogch.dll [148992 2017-02-12] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-06-01]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2016-06-01]
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-1292428093-838170752-682003330-178154] => hxxp://proxyconf
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{45324F4F-8AA9-4B43-95D4-3FAA46B6AE44}: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{713DCD72-8B2E-40F3-9B11-8165CE768E78}: [DhcpNameServer] 163.242.85.210 163.242.85.221
Tcpip\..\Interfaces\{AC13ADEB-99DE-4136-859A-4261097663FD}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://proxyconf
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... 4542406652
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://intranet.entry.siemens.com/osiep/
HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... 4542406652
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {2AB6ACB9-161E-4889-8A3F-A00C87B703CD} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {A0D64377-9E9F-4024-ACC7-F8F38B13A802} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {E421A340-388A-4253-A18A-E517AB25411C} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: PDFXChange 4.0 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2015-10-08] (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=148 ... 4542406652
FireFox:
========
FF DefaultProfile: nckuckjx.default
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\nckuckjx.default\Profiles\nckuckjx.default [not found]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\nckuckjx.default\Profiles\nckuckjx.default [not found]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default [2017-02-13]
FF NewTab: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2016-06-01]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2016-06-02]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default [2017-03-08]
FF NewTab: Firefox\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF SelectedSearchEngine: Firefox\Firefox\Profiles\nckuckjx.default -> youndoo
FF Extension: (SimilarWeb) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-07] [not signed]
FF Extension: (FF Adr) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-06] [not signed]
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2017-03-06]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2017-03-06]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-03-06] [not signed]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\startsearch.xml [2017-03-06]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey [2017-03-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-20] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-04-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData2
CHR Profile: C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-03-06] <==== ATTENTION
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.startpageing123.com/?type=sc&ts=148 ... 4542406652
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apps_Cfg; C:\ProgramData\Apple\Apps\config.dll [120320 2017-03-06] () [File not signed]
R2 BarTender System Service; C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe [36432 2013-11-19] (Seagull Scientific, Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 Commander Service; C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe [1272912 2013-11-19] ()
R2 Coqaph; C:\Program Files (x86)\Pejghtkerrodom\drraseckoqolycr.dll [148992 2017-02-11] () [File not signed]
S4 CRS Service; C:\Program Files (x86)\CRService\CRService.exe [110592 2004-10-05] () [File not signed]
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe [135288 2015-08-09] (Conexant Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [674136 2016-01-19] (Pulse Secure, LLC)
R2 ed2kidle; C:\Program Files (x86)\amuleCexx\ed2k.exe [237568 2017-03-03] (hxxp://www.amulew.org/) [File not signed]
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [385016 2016-05-30] (FileOpen Systems Inc.)
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [105136 2017-03-06] ()
R2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [782048 2015-11-16] (HP)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [1102560 2015-10-19] (HP)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [150632 2015-10-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [364472 2015-12-05] (Intel Corporation)
R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-02-11] ()
R2 Kyubey; C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe [111104 2017-03-08] () [File not signed]
R2 Maestro; C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe [232528 2013-11-19] (Seagull Scientific, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5684544 2016-05-26] (Trend Micro Inc.)
R2 QsRUMAgent; C:\WINDOWS\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [894976 2014-11-13] (Dell Software Inc) [File not signed]
S3 smstsmgr; C:\WINDOWS\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
S4 SQLAgent$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-11-18] (Synaptics Incorporated)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592896 2016-05-26] (Trend Micro Inc.)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe [851056 2016-05-26] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5298688 2016-05-26] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\zdrahal\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-03-07] (Windows) [File not signed]
R2 WinSnare; C:\Users\zdrahal\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-08] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S4 gemeloki; [X]
S4 GoogleChromeUpService; [X]
S4 Nettrans; [X]
S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
S4 Zaamla; C:\ProgramData\\Zaamla\\Zaamla.exe shuz -f "C:\ProgramData\\Zaamla\\Zaamla.dat" -l -a
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AmdGpio2; C:\WINDOWS\system32\drivers\AmdGpio2.sys [45296 2015-06-19] (Advanced Micro Devices, INC.)
S3 amdi2c; C:\WINDOWS\system32\drivers\amdi2c.sys [60656 2015-06-19] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
S3 blackberryncm; C:\WINDOWS\System32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R3 btmaux; C:\WINDOWS\System32\DRIVERS\btmaux.sys [141800 2015-07-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [1445688 2014-11-20] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-01] (Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [502256 2015-08-13] (Intel Corporation)
S3 ew_usbenumfilter; C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys [15744 2013-10-28] (MBB Technologies Co., Ltd.)
S3 hidemi; C:\WINDOWS\system32\drivers\hidemi.sys [30544 2015-08-21] (Microchip)
S3 huawei_cdcacm; C:\WINDOWS\system32\drivers\ew_jucdcacm.sys [110592 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_enumerator; C:\WINDOWS\system32\drivers\ew_jubusenum.sys [92672 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\system32\drivers\ew_juextctrl.sys [30720 2014-01-02] (MBB Technologies Co., Ltd.)
S3 hwdatacard; C:\WINDOWS\system32\drivers\ewusbmdm.sys [226176 2014-01-02] (MBB Technologies Co., Ltd.)
R0 iaStorF; C:\WINDOWS\System32\drivers\iaStorF.sys [31712 2015-10-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\System32\DRIVERS\ibtusb.sys [96496 2015-09-10] (Intel Corporation)
R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92832 2017-02-11] (WinMount International Inc)
S3 mchpemi; C:\WINDOWS\system32\drivers\mchpemi.sys [37728 2015-08-21] (Microchip)
R3 MEIx64; C:\WINDOWS\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-09] (Intel Corporation)
R3 NETwNs64; C:\WINDOWS\System32\DRIVERS\Netwsw02.sys [3422472 2016-01-01] (Intel Corporation)
R3 prepdrvr; C:\WINDOWS\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 qcfilter; C:\WINDOWS\system32\drivers\hpusbfilter.sys [40448 2015-11-19] (HP)
S3 qcusbser; C:\WINDOWS\system32\drivers\hpusbser.sys [238592 2015-11-19] (HP)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (BlackBerry Limited)
R3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [42600 2015-11-18] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [730368 2015-12-14] (Sunplus)
S3 SzCCID; C:\WINDOWS\System32\DRIVERS\SzCCID.sys [51352 2015-06-03] (Generic)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [120640 2016-05-25] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [324408 2015-11-30] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [79168 2016-05-25] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393952 2016-08-22] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66784 2016-08-22] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [102176 2016-04-30] (Trend Micro Inc.)
R3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.)
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ATTENTION
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2578656 2016-08-22] (Trend Micro Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-08 21:47 - 2017-03-08 21:48 - 00042397 _____ C:\Users\zdrahal\Desktop\FRST.txt
2017-03-08 21:46 - 2017-03-08 21:47 - 00000000 ____D C:\FRST
2017-03-08 21:44 - 2017-03-08 21:44 - 00112640 _____ (forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
2017-03-08 21:43 - 2017-03-08 21:44 - 02423808 _____ (Farbar) C:\Users\zdrahal\Desktop\FRST64.exe
2017-03-08 21:21 - 2017-03-08 21:21 - 00000000 ____D C:\Program Files (x86)\58C067C0_cacayima
2017-03-08 21:20 - 2017-03-08 21:20 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.2.6)
2017-03-08 21:18 - 2017-03-08 21:18 - 00000004 ____H C:\ProgramData\cm-lock
2017-03-08 08:30 - 2017-03-08 08:30 - 00941183 _____ C:\Users\zdrahal\Desktop\Protokoll_Suche.zip
2017-03-08 08:30 - 2017-03-08 08:30 - 00000000 ____D C:\Users\zdrahal\Desktop\Protokoll_Suche
2017-03-07 23:45 - 2017-03-07 23:45 - 00000000 ____D C:\Program Files (x86)\58BF3816_cacayima
2017-03-07 21:55 - 2017-03-07 21:55 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215 (1).pdf
2017-03-07 21:45 - 2017-03-07 21:45 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-07 10:45 - 2017-03-07 10:45 - 07605801 _____ C:\Users\zdrahal\Desktop\SIEMENS S120 Servo overview2 080414.pdf
2017-03-07 10:36 - 2017-03-07 10:36 - 12977206 _____ C:\Users\zdrahal\Desktop\enman_sinamics-v6-4_2015_en.pdf
2017-03-06 23:41 - 2017-03-06 23:41 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015 (1).rar
2017-03-06 23:14 - 2017-03-06 23:17 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015.rar
2017-03-06 22:10 - 2017-03-08 21:21 - 00002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-08 21:21 - 00002005 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Firefox
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Firefox
2017-03-06 22:09 - 2017-03-07 23:58 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-03-06 22:08 - 2017-03-08 21:41 - 00024908 _____ C:\Program Files (x86)\metadata
2017-03-06 22:08 - 2017-03-08 21:41 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-03-06 22:08 - 2017-03-08 21:41 - 00000000 ____D C:\Program Files (x86)\reports
2017-03-06 22:08 - 2017-03-08 21:30 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Coldmay
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\ProgramData\Apple
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Program Files (x86)\Coldmay
2017-03-06 22:06 - 2017-03-08 21:21 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-04 22:12 - 2011-04-06 18:21 - 273165554 _____ C:\Users\zdrahal\Desktop\Garage_5_4_2011.avi
2017-03-04 12:24 - 2017-03-04 12:24 - 14876943 _____ C:\Users\zdrahal\Downloads\IBb_HLAVNI_VYKRES.pdf
2017-03-04 12:24 - 2017-03-04 12:24 - 01044234 _____ C:\Users\zdrahal\Downloads\UZEMNI_PLAN_OOP.pdf
2017-03-03 23:29 - 2017-03-03 23:29 - 00000000 ____D C:\Users\zdrahal\Documents\aMule Downloads
2017-03-03 23:19 - 2017-03-03 23:19 - 00000000 ____D C:\ProgramData\3d7cfc8d-5d53-0
2017-03-03 23:14 - 2017-03-03 23:14 - 00000000 ____D C:\ProgramData\3d7cfc8d-6773-0
2017-03-03 23:14 - 2017-03-03 23:14 - 00000000 ____D C:\ProgramData\{26444394-512c-1}
2017-03-03 23:14 - 2017-03-03 23:14 - 00000000 ____D C:\ProgramData\{08ce25ba-112c-0}
2017-03-03 22:29 - 2017-03-07 21:45 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-03-03 22:29 - 2017-03-07 21:45 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\aMule
2017-03-03 22:29 - 2017-03-03 22:29 - 00000000 ____D C:\Program Files (x86)\amuleCexx
2017-03-03 13:07 - 2017-03-03 14:47 - 00000000 ___SD C:\Users\zdrahal\Documents\SharePoint – koncepty
2017-03-03 10:42 - 2017-03-03 10:36 - 30757680 _____ C:\Users\zdrahal\Downloads\simotics-low-voltage-motors-catalog-d81-1-en-2016.zip
2017-03-03 10:30 - 2017-03-03 10:30 - 13982950 _____ C:\Users\zdrahal\Downloads\sinamics-projektierungshandbuch-lv-de.pdf
2017-03-02 23:12 - 2017-03-02 23:14 - 213929163 _____ C:\Users\zdrahal\Downloads\sw_20170127_631_U_5.16_371_gdb_pn_user.zip
2017-03-02 22:32 - 2017-03-02 22:32 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\U3
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-02 20:19 - 2017-03-08 21:20 - 00003594 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-03-02 20:19 - 2017-03-08 21:20 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\WinSnare
2017-03-02 20:19 - 2017-03-07 21:45 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\WinSAPSvc
2017-03-02 20:19 - 2017-03-02 23:35 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-02 20:19 - 2017-03-02 20:19 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Kyubey
2017-03-02 20:16 - 2017-03-02 20:16 - 00000000 ____D C:\WINDOWS\SysWOW64\{C5C16BF2-3257-4498-A5C2-DFDF85D7E259}
2017-03-01 23:19 - 2017-03-01 23:19 - 00000000 ____D C:\ProgramData\3d7cfc8d-6407-0
2017-03-01 23:14 - 2017-03-06 11:19 - 00000000 ____D C:\ProgramData\a3597868
2017-03-01 23:14 - 2017-03-01 23:14 - 00000000 ____D C:\ProgramData\3d7cfc8d-24b5-0
2017-03-01 23:14 - 2017-03-01 23:14 - 00000000 ____D C:\ProgramData\{75a04e37-612c-0}
2017-03-01 23:14 - 2017-03-01 23:14 - 00000000 ____D C:\ProgramData\{2ee60541-012c-1}
2017-03-01 10:17 - 2017-03-01 10:17 - 00000000 ____D C:\WINDOWS\Quest Resource Updating Agent
2017-03-01 07:13 - 2017-03-01 07:13 - 02610081 _____ C:\Users\zdrahal\Downloads\osm-uderu-hodin (1).mobi
2017-02-27 22:31 - 2017-02-27 22:31 - 25971958 _____ C:\Users\zdrahal\Downloads\Visingr---Zbraně-21.-století.pdf
2017-02-26 21:49 - 2017-02-26 21:50 - 106616851 _____ C:\Users\zdrahal\Downloads\S4A.zip
2017-02-26 21:35 - 2017-02-26 21:36 - 27926619 _____ C:\Users\zdrahal\Downloads\Dějiny národního hospodářství.pdf
2017-02-25 23:39 - 2017-02-25 23:39 - 00614385 _____ C:\Users\zdrahal\Desktop\Bezpecnost_Evropy.pdf
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Apowersoft
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Apowersoft
2017-02-25 22:58 - 2017-02-25 22:58 - 01226104 _____ (Apowersoft Ltd. ) C:\Users\zdrahal\Downloads\apowersoft-online-launcher.exe
2017-02-24 23:31 - 2017-02-24 23:39 - 1134763162 _____ C:\Users\zdrahal\Downloads\Hotel-of-the-Damned-(2016)en.mkv
2017-02-24 14:23 - 2017-02-24 14:23 - 00000000 ____D C:\export
2017-02-23 07:20 - 2017-02-23 07:20 - 00000000 ____D C:\WINDOWS\audit
2017-02-22 22:24 - 2017-02-22 22:28 - 427098090 _____ C:\Users\zdrahal\Downloads\Chéri---Michelle-Pfeiffer,-Rupert-Friend,-Kathy-Bates,-Felicity-Jones-2009-cz-dab.avi
2017-02-22 15:14 - 2017-02-22 15:14 - 00047958 _____ C:\Users\zdrahal\Downloads\Pohyb_13892487911_na_uctu_2000302534.pdf
2017-02-22 09:07 - 2017-02-22 12:57 - 00000000 ____D C:\Users\zdrahal\Desktop\UL_CSA
2017-02-21 12:57 - 2017-02-21 12:57 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215.pdf
2017-02-20 23:37 - 2017-02-20 23:37 - 36092047 _____ C:\Users\zdrahal\Desktop\Werner Leonhard-Control of Electrical Drives-Springer (2001).pdf
2017-02-20 23:10 - 2017-02-20 23:11 - 16219691 _____ C:\Users\zdrahal\Downloads\Czech.zip
2017-02-20 23:03 - 2017-02-20 23:03 - 00321525 _____ C:\Users\zdrahal\Downloads\024269.pdf
2017-02-19 23:03 - 2017-02-19 23:25 - 00000000 ____D C:\Program Files (x86)\Age of Empires II HD
2017-02-19 22:42 - 2017-02-19 22:51 - 966636757 _____ C:\Users\zdrahal\Downloads\Age-of-Empires-2-HD+Čeština+Crack (1).rar
2017-02-19 22:30 - 2017-02-19 22:33 - 391288316 _____ C:\Users\zdrahal\Downloads\Steel-Panthers-World-At-War.rar
2017-02-18 11:48 - 2017-02-18 11:48 - 00033475 _____ C:\Users\zdrahal\Downloads\F_2834911317.pdf
2017-02-18 01:00 - 2017-02-18 01:11 - 1483778946 _____ C:\Users\zdrahal\Downloads\The.Night.Watchman.2016.DVDRip.XviD.AC3-EVO.avi
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Jujubee S_A_
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-02-16 23:05 - 2017-03-01 21:03 - 00000000 ____D C:\Users\zdrahal\Desktop\Ila
2017-02-16 22:22 - 2017-02-16 22:22 - 00135903 _____ C:\Users\zdrahal\Downloads\vybor_zapis_15_01_20115.pdf
2017-02-16 20:16 - 2017-02-16 20:16 - 00212342 _____ C:\Users\zdrahal\Downloads\Seznam vlastníků bytů.pdf
2017-02-16 14:47 - 2017-02-16 14:47 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-16 14:47 - 2017-02-16 14:47 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 13:13 - 2017-02-15 13:13 - 01035943 _____ C:\Users\zdrahal\Desktop\IEC 60034-14_2017_draft.pdf
2017-02-15 08:07 - 2017-03-08 21:18 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-02-15 08:07 - 2017-03-08 15:12 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-02-15 08:07 - 2017-03-06 22:08 - 00002570 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-15 08:07 - 2017-03-06 22:08 - 00002500 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-15 08:07 - 2017-02-15 08:07 - 00003948 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-15 08:07 - 2017-02-15 08:07 - 00003696 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-12 23:34 - 2017-02-12 23:46 - 705433141 _____ C:\Users\zdrahal\Downloads\Cherry-Tree-CZ-Titulky-Horor,-Irsko,-2015....ID--154291.mkv
2017-02-12 14:31 - 2017-02-12 15:54 - 00000000 ____D C:\Users\zdrahal\Desktop\1MB1 vývody
2017-02-12 13:18 - 2017-03-02 22:21 - 00000000 ____D C:\Users\zdrahal\Desktop\backups
2017-02-12 12:16 - 2017-02-12 12:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Desktop\hijackthis.exe
2017-02-12 11:29 - 2017-02-12 11:29 - 00000000 ____D C:\Users\zdrahal\Downloads\backups
2017-02-12 11:09 - 2017-02-12 11:11 - 00000000 ____D C:\Program Files (x86)\Wsuiedfuloing
2017-02-12 10:53 - 2017-02-12 10:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Downloads\hijackthis.exe
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\rsit
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\Program Files\trend micro
2017-02-12 09:42 - 2017-02-12 11:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Ckafoy
2017-02-12 09:41 - 2017-02-12 09:41 - 00006100 _____ C:\WINDOWS\System32\Tasks\Qerzitainckeriward Launcher
2017-02-12 09:41 - 2017-02-12 09:41 - 00000000 ____D C:\Program Files (x86)\Qerzitainckeriward Launcher
2017-02-12 09:30 - 2017-02-12 09:30 - 00003258 _____ C:\WINDOWS\System32\Tasks\psv_LabOzeis
2017-02-11 23:11 - 2017-02-11 23:11 - 00004438 _____ C:\WINDOWS\System32\Tasks\SecureUpdater
2017-02-11 23:09 - 2017-03-08 21:18 - 00000276 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2017-02-11 23:09 - 2017-03-08 15:45 - 00000282 _____ C:\WINDOWS\Tasks\PC Clean Plus_DEFAULT.job
2017-02-11 23:09 - 2017-03-07 11:49 - 00000276 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2017-02-11 23:09 - 2017-03-01 23:09 - 00000290 _____ C:\WINDOWS\Tasks\PC Clean Plus_UPDATES.job
2017-02-11 23:09 - 2017-02-12 11:06 - 00000000 ____D C:\Program Files (x86)\pccleanplus
2017-02-11 23:09 - 2017-02-11 23:09 - 00024604 _____ C:\WINDOWS\System32\Tasks\{04080847-0B09-080E-0A11-7F79787E1104}
2017-02-11 23:09 - 2017-02-11 23:09 - 00003572 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2017-02-11 23:09 - 2017-02-11 23:09 - 00003308 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
2017-02-11 23:09 - 2017-02-11 23:09 - 00003242 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2017-02-11 23:09 - 2017-02-11 23:09 - 00003218 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_DEFAULT
2017-02-11 23:09 - 2017-02-11 23:09 - 00003122 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus
2017-02-11 23:09 - 2017-02-11 23:09 - 00003030 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_UPDATES
2017-02-11 23:09 - 2017-02-11 23:09 - 00002856 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2017-02-11 23:09 - 2017-02-11 23:09 - 00002554 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2017-02-11 23:09 - 2017-02-11 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2017-02-11 23:09 - 2017-02-11 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
2017-02-11 22:38 - 2017-02-11 22:38 - 00003256 _____ C:\WINDOWS\System32\Tasks\psv_Lam-Ron
2017-02-11 22:35 - 2017-02-11 22:35 - 00003270 _____ C:\WINDOWS\System32\Tasks\psv_Canzap
2017-02-11 22:35 - 2017-02-11 22:34 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
2017-02-11 22:34 - 2017-03-08 21:18 - 00000296 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
2017-02-11 22:34 - 2017-03-08 16:07 - 00000460 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-02-11 22:34 - 2017-02-12 10:38 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-11 22:34 - 2017-02-11 23:11 - 00003438 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-02-11 22:34 - 2017-02-11 23:11 - 00002564 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-02-11 22:34 - 2017-02-11 22:39 - 00000000 ____D C:\Program Files\żěŃą
2017-02-11 22:34 - 2017-02-11 22:38 - 00003560 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-02-11 22:34 - 2017-02-11 22:34 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Softlink
2017-02-11 22:32 - 2017-02-11 22:32 - 00003682 _____ C:\WINDOWS\System32\Tasks\Jogosephakeck
2017-02-11 22:30 - 2017-02-14 15:28 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
2017-02-11 22:30 - 2017-02-11 22:30 - 00000000 ____D C:\Program Files (x86)\Sterberph Controls
2017-02-11 22:29 - 2017-02-11 22:29 - 00006056 _____ C:\WINDOWS\System32\Tasks\Sterberph Controls
2017-02-11 22:28 - 2017-02-12 11:57 - 00000000 ____D C:\Program Files (x86)\Pejghtkerrodom
2017-02-11 22:28 - 2017-02-11 22:29 - 00000000 ____D C:\ProgramData\Microleaves
2017-02-11 22:27 - 2017-03-08 21:48 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-02-11 22:27 - 2017-03-08 21:48 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-02-11 22:27 - 2017-03-08 21:48 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-02-11 22:27 - 2017-03-08 13:29 - 00000366 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
2017-02-11 22:27 - 2017-02-11 22:27 - 00003196 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-11 22:26 - 2017-02-11 22:26 - 00000000 _____ C:\TOSTACK
2017-02-11 22:25 - 2017-02-12 11:43 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\cryptolib
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-08 21:26 - 2012-08-29 10:23 - 00883936 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-08 21:26 - 2012-08-29 10:23 - 00222930 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-08 21:26 - 2012-08-29 10:13 - 00864066 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-08 21:26 - 2012-08-29 10:13 - 00215712 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-08 21:26 - 2009-07-14 06:13 - 03244726 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 21:26 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-08 21:26 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-08 21:26 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\inf
2017-03-08 21:22 - 2016-09-22 08:12 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-08 21:20 - 2016-11-17 00:26 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Mozilla
2017-03-08 21:19 - 2015-10-08 21:14 - 00000405 _____ C:\WINDOWS\SMSCFG.INI
2017-03-08 21:18 - 2016-11-29 18:16 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Skype
2017-03-08 21:18 - 2016-06-01 09:38 - 00000000 __SHD C:\Users\zdrahal\IntelGraphicsProfiles
2017-03-08 21:18 - 2009-07-14 06:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 15:58 - 2016-05-13 15:06 - 00011091 _____ C:\WINDOWS\cfgall.ini
2017-03-08 15:33 - 2015-10-08 21:12 - 00008400 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-03-08 08:33 - 2016-05-13 15:03 - 00000000 ____D C:\Temp
2017-03-08 07:33 - 2016-06-01 09:39 - 00000000 ____D C:\Users\zdrahal\Tracing
2017-03-08 00:06 - 2016-06-01 21:41 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\uTorrent
2017-03-07 23:42 - 2016-06-01 20:38 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\vlc
2017-03-07 11:54 - 2016-10-17 14:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\ElevatedDiagnostics
2017-03-07 07:50 - 2016-06-01 15:06 - 00000000 ____D C:\Smart
2017-03-06 14:20 - 2016-06-01 09:38 - 00007728 __RSH C:\Users\zdrahal\ntuser.pol
2017-03-06 14:20 - 2016-06-01 09:38 - 00000000 ____D C:\Users\zdrahal
2017-03-06 11:19 - 2016-06-01 20:56 - 00451584 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2017-03-02 20:19 - 2016-06-01 09:39 - 00001723 _____ C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-01 12:24 - 2012-08-28 15:14 - 00158296 __RSH C:\ProgramData\ntuser.pol
2017-02-24 09:53 - 2017-01-02 20:55 - 00000000 ____D C:\Users\zdrahal\Desktop\clo
2017-02-23 13:09 - 2016-06-01 11:10 - 00000000 ____D C:\Users\zdrahal\Desktop\VYKAZOVÁNÍ
2017-02-19 23:33 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-15 20:10 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-15 08:07 - 2016-09-05 07:06 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-12 22:34 - 2016-06-01 12:28 - 00000000 ____D C:\2_VECI
2017-02-12 13:18 - 2016-05-16 09:27 - 00000000 ____D C:\Program Files (x86)\CRService
2017-02-12 10:50 - 2016-10-21 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 10:05 - 2016-09-05 19:46 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Google
2017-02-11 22:33 - 2015-10-08 11:15 - 03276772 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
==================== Files in the root of some directories =======
2017-03-06 22:08 - 2017-03-08 21:41 - 0024908 _____ () C:\Program Files (x86)\metadata
2017-03-06 22:08 - 2017-03-08 21:41 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2016-06-01 22:15 - 2016-06-01 22:15 - 0000001 _____ () C:\Users\zdrahal\AppData\Local\llftool.4.40.agreement
2016-06-01 22:18 - 2016-06-01 22:18 - 0000019 _____ () C:\Users\zdrahal\AppData\Local\llftool.license
2017-03-08 21:18 - 2017-03-08 21:18 - 0000004 ____H () C:\ProgramData\cm-lock
Some files in TEMP:
====================
2016-05-24 06:30 - 2015-09-07 13:47 - 0007168 _____ (Siemens AG) C:\Users\rezniceko\AppData\Local\Temp\GetJavaPath.exe
2016-05-24 06:30 - 2016-04-13 08:18 - 0015872 _____ (Siemens AG) C:\Users\rezniceko\AppData\Local\Temp\JreCheck.exe
2016-05-16 14:32 - 2013-11-25 16:43 - 0060296 _____ (Autodesk, Inc.) C:\Users\w9a93e10\AppData\Local\Temp\AcDeltree.exe
2016-05-31 14:41 - 2016-04-13 08:18 - 0015872 _____ (Siemens AG) C:\Users\w9a93e10\AppData\Local\Temp\JreCheck.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
SIZER for Siemens Drives (HKLM-x32\...\{53FDD695-AE45-42A8-994D-EA9B714C4761}) (Version: 3.15 - Siemens AG)
SIZER for Siemens Drives Product Database (x32 Version: 1.1 - Siemens AG) Hidden
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PC Clean Plus_DEFAULT.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC Clean Plus_UPDATES.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\zdrahal\Desktop" je 1456 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
zasílám výpis z FRST. Děkuji za pomoc
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by zdrahal (administrator) on FST6008C (08-03-2017 21:47:47)
Running from C:\Users\zdrahal\Desktop
Loaded Profiles: zdrahal (Available Profiles: zdrahal & FSTM_local)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\CxUtilSvc.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(HP) C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(Dell Software Inc) C:\Windows\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\fvenotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Conexant) C:\Program Files\CONEXANT\MicTray\MicTray64.exe
(Atos IT Solutions and Services GmbH) C:\Program Files\CardOS API\bin\cardoscp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(SAP AG) C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 16\MmReminderService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
(hxxp://www.amulew.org/) C:\Program Files (x86)\amuleCexx\ed2k.exe
() C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
() C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MicTray] => C:\Program Files\Conexant\MicTray\MicTray64.exe [11289176 2015-12-24] (Conexant)
HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\HP-NB-AIO\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc.)
HKLM\...\Run: [CardOS API] => C:\Program Files\CardOS API\bin\cardoscp.exe [169472 2012-10-30] (Atos IT Solutions and Services GmbH)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1568760 2016-05-30] (FileOpen Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USM] => C:\Program Files (x86)\Siemens\USM\USM.exe [57344 2007-11-07] (Siemens AG)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2503608 2016-05-26] (Trend Micro Inc.)
HKLM-x32\...\Run: [SBUSGUI] => C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe [717376 2014-01-15] (SAP AG)
HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 16\MMReminderService.exe [116424 2015-10-08] (Mindjet)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Disallowed\Certificates: 02C2D931062D7B1DC2A5C7F5F0685064081FB221 (U)
HKLM\...\Disallowed\Certificates: 08738A96A4853A52ACEF23F782E8E1FEA7BCED02 (U)
HKLM\...\Disallowed\Certificates: 08E4987249BC450748A4A78133CBF041A3510033 (U)
HKLM\...\Disallowed\Certificates: 09271DD621EBD3910C2EA1D059F99B8181405A17 (U)
HKLM\...\Disallowed\Certificates: 09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E (U)
HKLM\...\Disallowed\Certificates: 1916A2AF346D399F50313C393200F14140456616 (U)
HKLM\...\Disallowed\Certificates: 23EF3384E21F70F034C467D4CBA6EB61429F174E (U)
HKLM\...\Disallowed\Certificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (U)
HKLM\...\Disallowed\Certificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (U)
HKLM\...\Disallowed\Certificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (U)
HKLM\...\Disallowed\Certificates: 330D8D3FD325A0E5FDDDA27013A2E75E7130165F (U)
HKLM\...\Disallowed\Certificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (U)
HKLM\...\Disallowed\Certificates: 374D5B925B0BD83494E656EB8087127275DB83CE (U)
HKLM\...\Disallowed\Certificates: 3A26012171855D4020C973BEC3F4F9DA45BD2B83 (U)
HKLM\...\Disallowed\Certificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (U)
HKLM\...\Disallowed\Certificates: 3EB44E5FFE6DC72DED703E99902722DB38FFD1CB (U)
HKLM\...\Disallowed\Certificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (U)
HKLM\...\Disallowed\Certificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (U)
HKLM\...\Disallowed\Certificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (U)
HKLM\...\Disallowed\Certificates: 4822824ECE7ED1450C039AA077DC1F8AE3489BBF (U)
HKLM\...\Disallowed\Certificates: 4D8547B7F864132A7F62D9B75B068521F10B68E3 (U)
HKLM\...\Disallowed\Certificates: 4DF13947493CFF69CDE554881C5F114E97C3D03B (U)
HKLM\...\Disallowed\Certificates: 4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F (U)
HKLM\...\Disallowed\Certificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (U)
HKLM\...\Disallowed\Certificates: 587B59FB52D8A683CBE1CA00E6393D7BB923BC92 (U)
HKLM\...\Disallowed\Certificates: 5CE339465F41A1E423149F65544095404DE6EBE2 (U)
HKLM\...\Disallowed\Certificates: 5D5185DF1EB7DC76015422EC8138A5724BEE2886 (U)
HKLM\...\Disallowed\Certificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (U)
HKLM\...\Disallowed\Certificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (U)
HKLM\...\Disallowed\Certificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (U)
HKLM\...\Disallowed\Certificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (U)
HKLM\...\Disallowed\Certificates: 6431723036FD26DEA502792FA595922493030F97 (U)
HKLM\...\Disallowed\Certificates: 6690C02B922CBD3FF0D0A5994DBD336592887E3F (U)
HKLM\...\Disallowed\Certificates: 7311E77EC400109D6A5326D8F6696204FD59AA3B (U)
HKLM\...\Disallowed\Certificates: 7613BF0BA261006CAC3ED2DDBEF343425357F18B (U)
HKLM\...\Disallowed\Certificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (U)
HKLM\...\Disallowed\Certificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (U)
HKLM\...\Disallowed\Certificates: 838FFD509DE868F481C29819992E38A4F7082873 (U)
HKLM\...\Disallowed\Certificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (U)
HKLM\...\Disallowed\Certificates: 8977E8569D2A633AF01D0394851681CE122683A6 (U)
HKLM\...\Disallowed\Certificates: 8B2E65A5DA17FCCCBCDE7EF87B0C0ED5D0701F9F (U)
HKLM\...\Disallowed\Certificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (U)
HKLM\...\Disallowed\Certificates: 915A478DB939925DA8D9AEA12D8BBA140D26599C (U)
HKLM\...\Disallowed\Certificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (U)
HKLM\...\Disallowed\Certificates: 98A04E4163357790C4A79E6D713FF0AF51FE6927 (U)
HKLM\...\Disallowed\Certificates: A1505D9843C826DD67ED4EA5209804BDBB0DF502 (U)
HKLM\...\Disallowed\Certificates: A221D360309B5C3C4097C44CC779ACC5A9845B66 (U)
HKLM\...\Disallowed\Certificates: A35A8C727E88BCCA40A3F9679CE8CA00C26789FD (U)
HKLM\...\Disallowed\Certificates: A7B5531DDC87129E2C3BB14767953D6745FB14A6 (U)
HKLM\...\Disallowed\Certificates: A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 (U)
HKLM\...\Disallowed\Certificates: B533345D06F64516403C00DA03187D3BFEF59156 (U)
HKLM\...\Disallowed\Certificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (U)
HKLM\...\Disallowed\Certificates: BED412B1334D7DFCEBA3015E5F9F905D571C45CF (U)
HKLM\...\Disallowed\Certificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (U)
HKLM\...\Disallowed\Certificates: C6796490CDEEAAB31AED798752ECD003E6866CB2 (U)
HKLM\...\Disallowed\Certificates: C69F28C825139E65A646C434ACA5A1D200295DB1 (U)
HKLM\...\Disallowed\Certificates: CEA586B2CE593EC7D939898337C57814708AB2BE (U)
HKLM\...\Disallowed\Certificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (U)
HKLM\...\Disallowed\Certificates: D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E (U)
HKLM\...\Disallowed\Certificates: D2DBF71823B2B8E78F5958096150BFCB97CC388A (U)
HKLM\...\Disallowed\Certificates: D43153C8C25F0041287987250F1E3CABAC8C2177 (U)
HKLM\...\Disallowed\Certificates: D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B (U)
HKLM\...\Disallowed\Certificates: DB5042ED256FF426867B332887ECCE2D95E79614 (U)
HKLM\...\Disallowed\Certificates: E1F3591E769865C4E447ACC37EAFC9E2BFE4C576 (U)
HKLM\...\Disallowed\Certificates: E38A2B7663B86796436D8DF5898D9FAA6835B238 (U)
HKLM\...\Disallowed\Certificates: E95DD86F32C771F0341743EBD75EC33C74A3DED9 (U)
HKLM\...\Disallowed\Certificates: E9809E023B4512AA4D4D53F40569C313C1D0294D (U)
HKLM\...\Disallowed\Certificates: F5A874F3987EB0A9961A564B669A9050F770308A (U)
HKLM\...\Disallowed\Certificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (U)
HKLM\...\Disallowed\Certificates: F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB (U)
HKLM\...\Disallowed\Certificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (U)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {084b234d-f5c3-11e6-8772-fc3fdb8400b9} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {11108763-27fb-11e6-8598-fc3fdb8400b9} - G:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {17e1a827-a005-11e6-9ced-a434d9a1e617} - H:\winopen.exe \index.html
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {9e838994-6112-11e6-8c52-a434d9a1e617} - G:\Setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {e9aa8549-4b13-11e6-9c57-a434d9a1e617} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {f1a8eb31-6a06-11e6-9705-a434d9a1e617} - I:\setup.exe
HKLM\...\Providers\yks9i9i9: C:\Program Files (x86)\Sterberph Controls\local64spl.dll [315904 2017-02-11] ()
ShellExecuteHooks: No Name - {49CA6BDA-ECD2-11E6-B70F-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Plpoentthvutain\Chuvet.dll -> No File
ShellExecuteHooks: No Name - {AD722266-ECD2-11E6-BE37-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Ckafoy\Pherluycogch.dll [148992 2017-02-12] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-06-01]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2016-06-01]
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-1292428093-838170752-682003330-178154] => hxxp://proxyconf
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{45324F4F-8AA9-4B43-95D4-3FAA46B6AE44}: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{713DCD72-8B2E-40F3-9B11-8165CE768E78}: [DhcpNameServer] 163.242.85.210 163.242.85.221
Tcpip\..\Interfaces\{AC13ADEB-99DE-4136-859A-4261097663FD}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://proxyconf
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... 4542406652
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://intranet.entry.siemens.com/osiep/
HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... 4542406652
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {2AB6ACB9-161E-4889-8A3F-A00C87B703CD} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {A0D64377-9E9F-4024-ACC7-F8F38B13A802} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {E421A340-388A-4253-A18A-E517AB25411C} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: PDFXChange 4.0 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2015-10-08] (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=148 ... 4542406652
FireFox:
========
FF DefaultProfile: nckuckjx.default
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\nckuckjx.default\Profiles\nckuckjx.default [not found]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\nckuckjx.default\Profiles\nckuckjx.default [not found]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default [2017-02-13]
FF NewTab: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2016-06-01]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2016-06-02]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default [2017-03-08]
FF NewTab: Firefox\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF SelectedSearchEngine: Firefox\Firefox\Profiles\nckuckjx.default -> youndoo
FF Extension: (SimilarWeb) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-07] [not signed]
FF Extension: (FF Adr) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-06] [not signed]
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2017-03-06]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2017-03-06]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-03-06] [not signed]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\startsearch.xml [2017-03-06]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey [2017-03-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-20] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-04-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData2
CHR Profile: C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-03-06] <==== ATTENTION
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.startpageing123.com/?type=sc&ts=148 ... 4542406652
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apps_Cfg; C:\ProgramData\Apple\Apps\config.dll [120320 2017-03-06] () [File not signed]
R2 BarTender System Service; C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe [36432 2013-11-19] (Seagull Scientific, Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 Commander Service; C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe [1272912 2013-11-19] ()
R2 Coqaph; C:\Program Files (x86)\Pejghtkerrodom\drraseckoqolycr.dll [148992 2017-02-11] () [File not signed]
S4 CRS Service; C:\Program Files (x86)\CRService\CRService.exe [110592 2004-10-05] () [File not signed]
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe [135288 2015-08-09] (Conexant Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [674136 2016-01-19] (Pulse Secure, LLC)
R2 ed2kidle; C:\Program Files (x86)\amuleCexx\ed2k.exe [237568 2017-03-03] (hxxp://www.amulew.org/) [File not signed]
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [385016 2016-05-30] (FileOpen Systems Inc.)
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [105136 2017-03-06] ()
R2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [782048 2015-11-16] (HP)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [1102560 2015-10-19] (HP)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [150632 2015-10-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [364472 2015-12-05] (Intel Corporation)
R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-02-11] ()
R2 Kyubey; C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe [111104 2017-03-08] () [File not signed]
R2 Maestro; C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe [232528 2013-11-19] (Seagull Scientific, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5684544 2016-05-26] (Trend Micro Inc.)
R2 QsRUMAgent; C:\WINDOWS\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [894976 2014-11-13] (Dell Software Inc) [File not signed]
S3 smstsmgr; C:\WINDOWS\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
S4 SQLAgent$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-11-18] (Synaptics Incorporated)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592896 2016-05-26] (Trend Micro Inc.)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe [851056 2016-05-26] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5298688 2016-05-26] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\zdrahal\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-03-07] (Windows) [File not signed]
R2 WinSnare; C:\Users\zdrahal\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-08] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S4 gemeloki; [X]
S4 GoogleChromeUpService; [X]
S4 Nettrans; [X]
S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
S4 Zaamla; C:\ProgramData\\Zaamla\\Zaamla.exe shuz -f "C:\ProgramData\\Zaamla\\Zaamla.dat" -l -a
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AmdGpio2; C:\WINDOWS\system32\drivers\AmdGpio2.sys [45296 2015-06-19] (Advanced Micro Devices, INC.)
S3 amdi2c; C:\WINDOWS\system32\drivers\amdi2c.sys [60656 2015-06-19] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
S3 blackberryncm; C:\WINDOWS\System32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R3 btmaux; C:\WINDOWS\System32\DRIVERS\btmaux.sys [141800 2015-07-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [1445688 2014-11-20] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-01] (Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [502256 2015-08-13] (Intel Corporation)
S3 ew_usbenumfilter; C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys [15744 2013-10-28] (MBB Technologies Co., Ltd.)
S3 hidemi; C:\WINDOWS\system32\drivers\hidemi.sys [30544 2015-08-21] (Microchip)
S3 huawei_cdcacm; C:\WINDOWS\system32\drivers\ew_jucdcacm.sys [110592 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_enumerator; C:\WINDOWS\system32\drivers\ew_jubusenum.sys [92672 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\system32\drivers\ew_juextctrl.sys [30720 2014-01-02] (MBB Technologies Co., Ltd.)
S3 hwdatacard; C:\WINDOWS\system32\drivers\ewusbmdm.sys [226176 2014-01-02] (MBB Technologies Co., Ltd.)
R0 iaStorF; C:\WINDOWS\System32\drivers\iaStorF.sys [31712 2015-10-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\System32\DRIVERS\ibtusb.sys [96496 2015-09-10] (Intel Corporation)
R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92832 2017-02-11] (WinMount International Inc)
S3 mchpemi; C:\WINDOWS\system32\drivers\mchpemi.sys [37728 2015-08-21] (Microchip)
R3 MEIx64; C:\WINDOWS\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-09] (Intel Corporation)
R3 NETwNs64; C:\WINDOWS\System32\DRIVERS\Netwsw02.sys [3422472 2016-01-01] (Intel Corporation)
R3 prepdrvr; C:\WINDOWS\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 qcfilter; C:\WINDOWS\system32\drivers\hpusbfilter.sys [40448 2015-11-19] (HP)
S3 qcusbser; C:\WINDOWS\system32\drivers\hpusbser.sys [238592 2015-11-19] (HP)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (BlackBerry Limited)
R3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [42600 2015-11-18] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [730368 2015-12-14] (Sunplus)
S3 SzCCID; C:\WINDOWS\System32\DRIVERS\SzCCID.sys [51352 2015-06-03] (Generic)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [120640 2016-05-25] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [324408 2015-11-30] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [79168 2016-05-25] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393952 2016-08-22] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66784 2016-08-22] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [102176 2016-04-30] (Trend Micro Inc.)
R3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.)
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ATTENTION
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2578656 2016-08-22] (Trend Micro Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-08 21:47 - 2017-03-08 21:48 - 00042397 _____ C:\Users\zdrahal\Desktop\FRST.txt
2017-03-08 21:46 - 2017-03-08 21:47 - 00000000 ____D C:\FRST
2017-03-08 21:44 - 2017-03-08 21:44 - 00112640 _____ (forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
2017-03-08 21:43 - 2017-03-08 21:44 - 02423808 _____ (Farbar) C:\Users\zdrahal\Desktop\FRST64.exe
2017-03-08 21:21 - 2017-03-08 21:21 - 00000000 ____D C:\Program Files (x86)\58C067C0_cacayima
2017-03-08 21:20 - 2017-03-08 21:20 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.2.6)
2017-03-08 21:18 - 2017-03-08 21:18 - 00000004 ____H C:\ProgramData\cm-lock
2017-03-08 08:30 - 2017-03-08 08:30 - 00941183 _____ C:\Users\zdrahal\Desktop\Protokoll_Suche.zip
2017-03-08 08:30 - 2017-03-08 08:30 - 00000000 ____D C:\Users\zdrahal\Desktop\Protokoll_Suche
2017-03-07 23:45 - 2017-03-07 23:45 - 00000000 ____D C:\Program Files (x86)\58BF3816_cacayima
2017-03-07 21:55 - 2017-03-07 21:55 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215 (1).pdf
2017-03-07 21:45 - 2017-03-07 21:45 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-07 10:45 - 2017-03-07 10:45 - 07605801 _____ C:\Users\zdrahal\Desktop\SIEMENS S120 Servo overview2 080414.pdf
2017-03-07 10:36 - 2017-03-07 10:36 - 12977206 _____ C:\Users\zdrahal\Desktop\enman_sinamics-v6-4_2015_en.pdf
2017-03-06 23:41 - 2017-03-06 23:41 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015 (1).rar
2017-03-06 23:14 - 2017-03-06 23:17 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015.rar
2017-03-06 22:10 - 2017-03-08 21:21 - 00002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-08 21:21 - 00002005 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Firefox
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Firefox
2017-03-06 22:09 - 2017-03-07 23:58 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-03-06 22:08 - 2017-03-08 21:41 - 00024908 _____ C:\Program Files (x86)\metadata
2017-03-06 22:08 - 2017-03-08 21:41 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-03-06 22:08 - 2017-03-08 21:41 - 00000000 ____D C:\Program Files (x86)\reports
2017-03-06 22:08 - 2017-03-08 21:30 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Coldmay
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\ProgramData\Apple
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Program Files (x86)\Coldmay
2017-03-06 22:06 - 2017-03-08 21:21 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-04 22:12 - 2011-04-06 18:21 - 273165554 _____ C:\Users\zdrahal\Desktop\Garage_5_4_2011.avi
2017-03-04 12:24 - 2017-03-04 12:24 - 14876943 _____ C:\Users\zdrahal\Downloads\IBb_HLAVNI_VYKRES.pdf
2017-03-04 12:24 - 2017-03-04 12:24 - 01044234 _____ C:\Users\zdrahal\Downloads\UZEMNI_PLAN_OOP.pdf
2017-03-03 23:29 - 2017-03-03 23:29 - 00000000 ____D C:\Users\zdrahal\Documents\aMule Downloads
2017-03-03 23:19 - 2017-03-03 23:19 - 00000000 ____D C:\ProgramData\3d7cfc8d-5d53-0
2017-03-03 23:14 - 2017-03-03 23:14 - 00000000 ____D C:\ProgramData\3d7cfc8d-6773-0
2017-03-03 23:14 - 2017-03-03 23:14 - 00000000 ____D C:\ProgramData\{26444394-512c-1}
2017-03-03 23:14 - 2017-03-03 23:14 - 00000000 ____D C:\ProgramData\{08ce25ba-112c-0}
2017-03-03 22:29 - 2017-03-07 21:45 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-03-03 22:29 - 2017-03-07 21:45 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\aMule
2017-03-03 22:29 - 2017-03-03 22:29 - 00000000 ____D C:\Program Files (x86)\amuleCexx
2017-03-03 13:07 - 2017-03-03 14:47 - 00000000 ___SD C:\Users\zdrahal\Documents\SharePoint – koncepty
2017-03-03 10:42 - 2017-03-03 10:36 - 30757680 _____ C:\Users\zdrahal\Downloads\simotics-low-voltage-motors-catalog-d81-1-en-2016.zip
2017-03-03 10:30 - 2017-03-03 10:30 - 13982950 _____ C:\Users\zdrahal\Downloads\sinamics-projektierungshandbuch-lv-de.pdf
2017-03-02 23:12 - 2017-03-02 23:14 - 213929163 _____ C:\Users\zdrahal\Downloads\sw_20170127_631_U_5.16_371_gdb_pn_user.zip
2017-03-02 22:32 - 2017-03-02 22:32 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\U3
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-02 20:19 - 2017-03-08 21:20 - 00003594 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-03-02 20:19 - 2017-03-08 21:20 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\WinSnare
2017-03-02 20:19 - 2017-03-07 21:45 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\WinSAPSvc
2017-03-02 20:19 - 2017-03-02 23:35 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-02 20:19 - 2017-03-02 20:19 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Kyubey
2017-03-02 20:16 - 2017-03-02 20:16 - 00000000 ____D C:\WINDOWS\SysWOW64\{C5C16BF2-3257-4498-A5C2-DFDF85D7E259}
2017-03-01 23:19 - 2017-03-01 23:19 - 00000000 ____D C:\ProgramData\3d7cfc8d-6407-0
2017-03-01 23:14 - 2017-03-06 11:19 - 00000000 ____D C:\ProgramData\a3597868
2017-03-01 23:14 - 2017-03-01 23:14 - 00000000 ____D C:\ProgramData\3d7cfc8d-24b5-0
2017-03-01 23:14 - 2017-03-01 23:14 - 00000000 ____D C:\ProgramData\{75a04e37-612c-0}
2017-03-01 23:14 - 2017-03-01 23:14 - 00000000 ____D C:\ProgramData\{2ee60541-012c-1}
2017-03-01 10:17 - 2017-03-01 10:17 - 00000000 ____D C:\WINDOWS\Quest Resource Updating Agent
2017-03-01 07:13 - 2017-03-01 07:13 - 02610081 _____ C:\Users\zdrahal\Downloads\osm-uderu-hodin (1).mobi
2017-02-27 22:31 - 2017-02-27 22:31 - 25971958 _____ C:\Users\zdrahal\Downloads\Visingr---Zbraně-21.-století.pdf
2017-02-26 21:49 - 2017-02-26 21:50 - 106616851 _____ C:\Users\zdrahal\Downloads\S4A.zip
2017-02-26 21:35 - 2017-02-26 21:36 - 27926619 _____ C:\Users\zdrahal\Downloads\Dějiny národního hospodářství.pdf
2017-02-25 23:39 - 2017-02-25 23:39 - 00614385 _____ C:\Users\zdrahal\Desktop\Bezpecnost_Evropy.pdf
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Apowersoft
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Apowersoft
2017-02-25 22:58 - 2017-02-25 22:58 - 01226104 _____ (Apowersoft Ltd. ) C:\Users\zdrahal\Downloads\apowersoft-online-launcher.exe
2017-02-24 23:31 - 2017-02-24 23:39 - 1134763162 _____ C:\Users\zdrahal\Downloads\Hotel-of-the-Damned-(2016)en.mkv
2017-02-24 14:23 - 2017-02-24 14:23 - 00000000 ____D C:\export
2017-02-23 07:20 - 2017-02-23 07:20 - 00000000 ____D C:\WINDOWS\audit
2017-02-22 22:24 - 2017-02-22 22:28 - 427098090 _____ C:\Users\zdrahal\Downloads\Chéri---Michelle-Pfeiffer,-Rupert-Friend,-Kathy-Bates,-Felicity-Jones-2009-cz-dab.avi
2017-02-22 15:14 - 2017-02-22 15:14 - 00047958 _____ C:\Users\zdrahal\Downloads\Pohyb_13892487911_na_uctu_2000302534.pdf
2017-02-22 09:07 - 2017-02-22 12:57 - 00000000 ____D C:\Users\zdrahal\Desktop\UL_CSA
2017-02-21 12:57 - 2017-02-21 12:57 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215.pdf
2017-02-20 23:37 - 2017-02-20 23:37 - 36092047 _____ C:\Users\zdrahal\Desktop\Werner Leonhard-Control of Electrical Drives-Springer (2001).pdf
2017-02-20 23:10 - 2017-02-20 23:11 - 16219691 _____ C:\Users\zdrahal\Downloads\Czech.zip
2017-02-20 23:03 - 2017-02-20 23:03 - 00321525 _____ C:\Users\zdrahal\Downloads\024269.pdf
2017-02-19 23:03 - 2017-02-19 23:25 - 00000000 ____D C:\Program Files (x86)\Age of Empires II HD
2017-02-19 22:42 - 2017-02-19 22:51 - 966636757 _____ C:\Users\zdrahal\Downloads\Age-of-Empires-2-HD+Čeština+Crack (1).rar
2017-02-19 22:30 - 2017-02-19 22:33 - 391288316 _____ C:\Users\zdrahal\Downloads\Steel-Panthers-World-At-War.rar
2017-02-18 11:48 - 2017-02-18 11:48 - 00033475 _____ C:\Users\zdrahal\Downloads\F_2834911317.pdf
2017-02-18 01:00 - 2017-02-18 01:11 - 1483778946 _____ C:\Users\zdrahal\Downloads\The.Night.Watchman.2016.DVDRip.XviD.AC3-EVO.avi
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Jujubee S_A_
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-02-16 23:05 - 2017-03-01 21:03 - 00000000 ____D C:\Users\zdrahal\Desktop\Ila
2017-02-16 22:22 - 2017-02-16 22:22 - 00135903 _____ C:\Users\zdrahal\Downloads\vybor_zapis_15_01_20115.pdf
2017-02-16 20:16 - 2017-02-16 20:16 - 00212342 _____ C:\Users\zdrahal\Downloads\Seznam vlastníků bytů.pdf
2017-02-16 14:47 - 2017-02-16 14:47 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-16 14:47 - 2017-02-16 14:47 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 13:13 - 2017-02-15 13:13 - 01035943 _____ C:\Users\zdrahal\Desktop\IEC 60034-14_2017_draft.pdf
2017-02-15 08:07 - 2017-03-08 21:18 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-02-15 08:07 - 2017-03-08 15:12 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-02-15 08:07 - 2017-03-06 22:08 - 00002570 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-15 08:07 - 2017-03-06 22:08 - 00002500 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-15 08:07 - 2017-02-15 08:07 - 00003948 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-15 08:07 - 2017-02-15 08:07 - 00003696 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-12 23:34 - 2017-02-12 23:46 - 705433141 _____ C:\Users\zdrahal\Downloads\Cherry-Tree-CZ-Titulky-Horor,-Irsko,-2015....ID--154291.mkv
2017-02-12 14:31 - 2017-02-12 15:54 - 00000000 ____D C:\Users\zdrahal\Desktop\1MB1 vývody
2017-02-12 13:18 - 2017-03-02 22:21 - 00000000 ____D C:\Users\zdrahal\Desktop\backups
2017-02-12 12:16 - 2017-02-12 12:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Desktop\hijackthis.exe
2017-02-12 11:29 - 2017-02-12 11:29 - 00000000 ____D C:\Users\zdrahal\Downloads\backups
2017-02-12 11:09 - 2017-02-12 11:11 - 00000000 ____D C:\Program Files (x86)\Wsuiedfuloing
2017-02-12 10:53 - 2017-02-12 10:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Downloads\hijackthis.exe
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\rsit
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\Program Files\trend micro
2017-02-12 09:42 - 2017-02-12 11:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Ckafoy
2017-02-12 09:41 - 2017-02-12 09:41 - 00006100 _____ C:\WINDOWS\System32\Tasks\Qerzitainckeriward Launcher
2017-02-12 09:41 - 2017-02-12 09:41 - 00000000 ____D C:\Program Files (x86)\Qerzitainckeriward Launcher
2017-02-12 09:30 - 2017-02-12 09:30 - 00003258 _____ C:\WINDOWS\System32\Tasks\psv_LabOzeis
2017-02-11 23:11 - 2017-02-11 23:11 - 00004438 _____ C:\WINDOWS\System32\Tasks\SecureUpdater
2017-02-11 23:09 - 2017-03-08 21:18 - 00000276 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2017-02-11 23:09 - 2017-03-08 15:45 - 00000282 _____ C:\WINDOWS\Tasks\PC Clean Plus_DEFAULT.job
2017-02-11 23:09 - 2017-03-07 11:49 - 00000276 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2017-02-11 23:09 - 2017-03-01 23:09 - 00000290 _____ C:\WINDOWS\Tasks\PC Clean Plus_UPDATES.job
2017-02-11 23:09 - 2017-02-12 11:06 - 00000000 ____D C:\Program Files (x86)\pccleanplus
2017-02-11 23:09 - 2017-02-11 23:09 - 00024604 _____ C:\WINDOWS\System32\Tasks\{04080847-0B09-080E-0A11-7F79787E1104}
2017-02-11 23:09 - 2017-02-11 23:09 - 00003572 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2017-02-11 23:09 - 2017-02-11 23:09 - 00003308 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
2017-02-11 23:09 - 2017-02-11 23:09 - 00003242 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2017-02-11 23:09 - 2017-02-11 23:09 - 00003218 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_DEFAULT
2017-02-11 23:09 - 2017-02-11 23:09 - 00003122 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus
2017-02-11 23:09 - 2017-02-11 23:09 - 00003030 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_UPDATES
2017-02-11 23:09 - 2017-02-11 23:09 - 00002856 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2017-02-11 23:09 - 2017-02-11 23:09 - 00002554 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2017-02-11 23:09 - 2017-02-11 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2017-02-11 23:09 - 2017-02-11 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
2017-02-11 22:38 - 2017-02-11 22:38 - 00003256 _____ C:\WINDOWS\System32\Tasks\psv_Lam-Ron
2017-02-11 22:35 - 2017-02-11 22:35 - 00003270 _____ C:\WINDOWS\System32\Tasks\psv_Canzap
2017-02-11 22:35 - 2017-02-11 22:34 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
2017-02-11 22:34 - 2017-03-08 21:18 - 00000296 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
2017-02-11 22:34 - 2017-03-08 16:07 - 00000460 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-02-11 22:34 - 2017-02-12 10:38 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-11 22:34 - 2017-02-11 23:11 - 00003438 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-02-11 22:34 - 2017-02-11 23:11 - 00002564 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-02-11 22:34 - 2017-02-11 22:39 - 00000000 ____D C:\Program Files\żěŃą
2017-02-11 22:34 - 2017-02-11 22:38 - 00003560 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-02-11 22:34 - 2017-02-11 22:34 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Softlink
2017-02-11 22:32 - 2017-02-11 22:32 - 00003682 _____ C:\WINDOWS\System32\Tasks\Jogosephakeck
2017-02-11 22:30 - 2017-02-14 15:28 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
2017-02-11 22:30 - 2017-02-11 22:30 - 00000000 ____D C:\Program Files (x86)\Sterberph Controls
2017-02-11 22:29 - 2017-02-11 22:29 - 00006056 _____ C:\WINDOWS\System32\Tasks\Sterberph Controls
2017-02-11 22:28 - 2017-02-12 11:57 - 00000000 ____D C:\Program Files (x86)\Pejghtkerrodom
2017-02-11 22:28 - 2017-02-11 22:29 - 00000000 ____D C:\ProgramData\Microleaves
2017-02-11 22:27 - 2017-03-08 21:48 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-02-11 22:27 - 2017-03-08 21:48 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-02-11 22:27 - 2017-03-08 21:48 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-02-11 22:27 - 2017-03-08 13:29 - 00000366 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
2017-02-11 22:27 - 2017-02-11 22:27 - 00003196 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-11 22:26 - 2017-02-11 22:26 - 00000000 _____ C:\TOSTACK
2017-02-11 22:25 - 2017-02-12 11:43 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\cryptolib
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-08 21:26 - 2012-08-29 10:23 - 00883936 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-08 21:26 - 2012-08-29 10:23 - 00222930 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-08 21:26 - 2012-08-29 10:13 - 00864066 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-08 21:26 - 2012-08-29 10:13 - 00215712 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-08 21:26 - 2009-07-14 06:13 - 03244726 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 21:26 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-08 21:26 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-08 21:26 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\inf
2017-03-08 21:22 - 2016-09-22 08:12 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-08 21:20 - 2016-11-17 00:26 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Mozilla
2017-03-08 21:19 - 2015-10-08 21:14 - 00000405 _____ C:\WINDOWS\SMSCFG.INI
2017-03-08 21:18 - 2016-11-29 18:16 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Skype
2017-03-08 21:18 - 2016-06-01 09:38 - 00000000 __SHD C:\Users\zdrahal\IntelGraphicsProfiles
2017-03-08 21:18 - 2009-07-14 06:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 15:58 - 2016-05-13 15:06 - 00011091 _____ C:\WINDOWS\cfgall.ini
2017-03-08 15:33 - 2015-10-08 21:12 - 00008400 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-03-08 08:33 - 2016-05-13 15:03 - 00000000 ____D C:\Temp
2017-03-08 07:33 - 2016-06-01 09:39 - 00000000 ____D C:\Users\zdrahal\Tracing
2017-03-08 00:06 - 2016-06-01 21:41 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\uTorrent
2017-03-07 23:42 - 2016-06-01 20:38 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\vlc
2017-03-07 11:54 - 2016-10-17 14:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\ElevatedDiagnostics
2017-03-07 07:50 - 2016-06-01 15:06 - 00000000 ____D C:\Smart
2017-03-06 14:20 - 2016-06-01 09:38 - 00007728 __RSH C:\Users\zdrahal\ntuser.pol
2017-03-06 14:20 - 2016-06-01 09:38 - 00000000 ____D C:\Users\zdrahal
2017-03-06 11:19 - 2016-06-01 20:56 - 00451584 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2017-03-02 20:19 - 2016-06-01 09:39 - 00001723 _____ C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-01 12:24 - 2012-08-28 15:14 - 00158296 __RSH C:\ProgramData\ntuser.pol
2017-02-24 09:53 - 2017-01-02 20:55 - 00000000 ____D C:\Users\zdrahal\Desktop\clo
2017-02-23 13:09 - 2016-06-01 11:10 - 00000000 ____D C:\Users\zdrahal\Desktop\VYKAZOVÁNÍ
2017-02-19 23:33 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-15 20:10 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-15 08:07 - 2016-09-05 07:06 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-12 22:34 - 2016-06-01 12:28 - 00000000 ____D C:\2_VECI
2017-02-12 13:18 - 2016-05-16 09:27 - 00000000 ____D C:\Program Files (x86)\CRService
2017-02-12 10:50 - 2016-10-21 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 10:05 - 2016-09-05 19:46 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Google
2017-02-11 22:33 - 2015-10-08 11:15 - 03276772 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
==================== Files in the root of some directories =======
2017-03-06 22:08 - 2017-03-08 21:41 - 0024908 _____ () C:\Program Files (x86)\metadata
2017-03-06 22:08 - 2017-03-08 21:41 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2016-06-01 22:15 - 2016-06-01 22:15 - 0000001 _____ () C:\Users\zdrahal\AppData\Local\llftool.4.40.agreement
2016-06-01 22:18 - 2016-06-01 22:18 - 0000019 _____ () C:\Users\zdrahal\AppData\Local\llftool.license
2017-03-08 21:18 - 2017-03-08 21:18 - 0000004 ____H () C:\ProgramData\cm-lock
Some files in TEMP:
====================
2016-05-24 06:30 - 2015-09-07 13:47 - 0007168 _____ (Siemens AG) C:\Users\rezniceko\AppData\Local\Temp\GetJavaPath.exe
2016-05-24 06:30 - 2016-04-13 08:18 - 0015872 _____ (Siemens AG) C:\Users\rezniceko\AppData\Local\Temp\JreCheck.exe
2016-05-16 14:32 - 2013-11-25 16:43 - 0060296 _____ (Autodesk, Inc.) C:\Users\w9a93e10\AppData\Local\Temp\AcDeltree.exe
2016-05-31 14:41 - 2016-04-13 08:18 - 0015872 _____ (Siemens AG) C:\Users\w9a93e10\AppData\Local\Temp\JreCheck.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
SIZER for Siemens Drives (HKLM-x32\...\{53FDD695-AE45-42A8-994D-EA9B714C4761}) (Version: 3.15 - Siemens AG)
SIZER for Siemens Drives Product Database (x32 Version: 1.1 - Siemens AG) Hidden
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PC Clean Plus_DEFAULT.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC Clean Plus_UPDATES.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\zdrahal\Desktop" je 1456 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.zip
- (7.97 KiB) Staženo 116 x
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zpomalené načítání stránek
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zpomalené načítání stránek
# AdwCleaner v6.044 - Log vytvořen 08/03/2017 v 22:09:55
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Místní]
# Operační systém : Windows 7 Enterprise Service Pack 1 (X64)
# Uživatelské jméno : zdrahal - FST6008C
# Spuštěno z : C:\Users\zdrahal\Desktop\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: GoogleChromeUpService
[-] Služba smazána: KuaiZipDrive
[-] Služba smazána: KuaizipUpdateChecker
[-] Služba smazána: FirefoxU
[-] Služba smazána: Nettrans
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: ed2kidle
[-] Služba smazána: ucdrv
[-] Služba smazána: Zaamla
[-] Služba smazána: WinSnare
***** [ Složky ] *****
[-] Složka smazána: C:\Program Files (x86)\WinSnare(4.2.6)
[-] Složka smazána: C:\ProgramData\3d7cfc8d-24b5-0
[-] Složka smazána: C:\ProgramData\3d7cfc8d-5d53-0
[-] Složka smazána: C:\ProgramData\3d7cfc8d-6407-0
[-] Složka smazána: C:\ProgramData\3d7cfc8d-6773-0
[-] Složka smazána: C:\ProgramData\a3597868
[-] Složka smazána: C:\ProgramData\{08ce25ba-112c-0}
[-] Složka smazána: C:\ProgramData\{26444394-512c-1}
[-] Složka smazána: C:\ProgramData\{2ee60541-012c-1}
[-] Složka smazána: C:\ProgramData\{75a04e37-612c-0}
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\Softlink
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\WinSAPSvc
[#] Složka smazána po restartu: C:\Users\zdrahal\AppData\Roaming\winsapsvc
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\aMule
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
[-] Složka smazána: C:\ProgramData\NetworkPacketManitor
[-] Složka smazána: C:\ProgramData\Microleaves
[#] Složka smazána po restartu: C:\ProgramData\Application Data\NetworkPacketManitor
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Microleaves
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[-] Složka smazána: C:\Program Files (x86)\Microleaves
[-] Složka smazána: C:\Program Files (x86)\pccleanplus
[-] Složka smazána: C:\Program Files (x86)\MIO
[-] Složka smazána: C:\Program Files (x86)\amuleCexx
[-] Složka smazána: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
[-] Složka smazána: C:\Program Files (x86)\Firefox
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
[#] Složka smazána po restartu: C:\Users\zdrahal\AppData\Roaming\WinSnare
[#] Složka smazána po restartu: C:\Program Files (x86)\MIO
[-] Složka smazána: C:\Program Files (x86)\reports
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
[-] Soubor smazán: C:\WINDOWS\SysNative\drivers\KuaiZipDrive.sys
[-] Soubor smazán: C:\TOSTACK
[-] Soubor smazán: C:\Program Files (x86)\settings.dat
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[-] Zástupce vyléčen: C:\Users\Public\Desktop\Google Chrome.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simocalc\Homepage.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eacadfa43776aec\Google Chrome.lnk
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: Jogosephakeck
[-] Úloha smazána: {04080847-0B09-080E-0A11-7F79787E1104}
[-] Úloha smazána: SystemHealer Monitor
[-] Úloha smazána: SystemHealer Run Delay
[-] Úloha smazána: System HealerStartUp
[-] Úloha smazána: System HealerPeriod
[-] Úloha smazána: System Healer Task
[-] Úloha smazána: PC Clean Plus_UPDATES
[-] Úloha smazána: PC Clean Plus_DEFAULT
[-] Úloha smazána: PC Clean Plus
[-] Úloha smazána: Traffic Exchange Guardian
[-] Úloha smazána: Traffic Exchange Updater
[-] Úloha smazána: Traffic Exchange
[-] Úloha smazána: Traffic Exchange Guard
[-] Úloha smazána: SecureUpdater
[-] Úloha smazána: UCBrowserUpdaterCore
[-] Úloha smazána: UCBrowserSecureUpdater
[-] Úloha smazána: Milimili
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[-] Klíč smazán: HKU\.DEFAULT\Software\KuaiZip
[-] Klíč smazán: HKU\.DEFAULT\Software\ompndb
[-] Klíč smazán: HKU\.DEFAULT\Software\UpgSvr
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Installer
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\PC Clean Plus
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\System Healer
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\PC
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\AutoTime
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Event Monitor
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\KuaiZip
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\SNDA
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\KuaiZipSFX
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\WinSnare
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\mtZaamla
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\dlr
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\PopWnd
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\UpgSvr
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\KuaiZip
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ompndb
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\UpgSvr
[#] Klíč smazán po restartu: HKCU\Software\Installer
[#] Klíč smazán po restartu: HKCU\Software\PC Clean Plus
[#] Klíč smazán po restartu: HKCU\Software\System Healer
[#] Klíč smazán po restartu: HKCU\Software\PC
[#] Klíč smazán po restartu: HKCU\Software\AutoTime
[#] Klíč smazán po restartu: HKCU\Software\Event Monitor
[#] Klíč smazán po restartu: HKCU\Software\KuaiZip
[#] Klíč smazán po restartu: HKCU\Software\SNDA
[#] Klíč smazán po restartu: HKCU\Software\KuaiZipSFX
[#] Klíč smazán po restartu: HKCU\Software\WinSnare
[#] Klíč smazán po restartu: HKCU\Software\mtZaamla
[#] Klíč smazán po restartu: HKCU\Software\dlr
[#] Klíč smazán po restartu: HKCU\Software\PopWnd
[#] Klíč smazán po restartu: HKCU\Software\UpgSvr
[-] Klíč smazán: HKLM\SOFTWARE\Jawego
[-] Klíč smazán: HKLM\SOFTWARE\PC Clean Plus
[-] Klíč smazán: HKLM\SOFTWARE\PC
[-] Klíč smazán: HKLM\SOFTWARE\Event Monitor
[-] Klíč smazán: HKLM\SOFTWARE\youndooSoftware
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\ompndb
[-] Klíč smazán: HKLM\SOFTWARE\amule-custom
[-] Klíč smazán: HKLM\SOFTWARE\Microleaves
[-] Klíč smazán: HKLM\SOFTWARE\mtZaamla
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Klíč smazán po restartu: [x64] HKCU\Software\Installer
[#] Klíč smazán po restartu: [x64] HKCU\Software\PC Clean Plus
[#] Klíč smazán po restartu: [x64] HKCU\Software\System Healer
[#] Klíč smazán po restartu: [x64] HKCU\Software\PC
[#] Klíč smazán po restartu: [x64] HKCU\Software\AutoTime
[#] Klíč smazán po restartu: [x64] HKCU\Software\Event Monitor
[#] Klíč smazán po restartu: [x64] HKCU\Software\KuaiZip
[#] Klíč smazán po restartu: [x64] HKCU\Software\SNDA
[#] Klíč smazán po restartu: [x64] HKCU\Software\KuaiZipSFX
[#] Klíč smazán po restartu: [x64] HKCU\Software\WinSnare
[#] Klíč smazán po restartu: [x64] HKCU\Software\mtZaamla
[#] Klíč smazán po restartu: [x64] HKCU\Software\dlr
[#] Klíč smazán po restartu: [x64] HKCU\Software\PopWnd
[#] Klíč smazán po restartu: [x64] HKCU\Software\UpgSvr
[-] Klíč smazán: [x64] HKLM\SOFTWARE\ompndb
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microleaves
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Data obnovena: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Data obnovena: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\BHO.DLL
[-] Klíč smazán: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[#] Klíč smazán po restartu: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.crx\OpenWithProgids [UCHTML.AssocFile.CRX]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.crx\OpenWithProgids [UCHTML.AssocFile.CRX]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Klíč smazán: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [16783 Bajty] - [08/03/2017 22:09:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [17860 Bajty] - [08/03/2017 22:08:25]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [16931 Bajty] ##########
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Místní]
# Operační systém : Windows 7 Enterprise Service Pack 1 (X64)
# Uživatelské jméno : zdrahal - FST6008C
# Spuštěno z : C:\Users\zdrahal\Desktop\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: GoogleChromeUpService
[-] Služba smazána: KuaiZipDrive
[-] Služba smazána: KuaizipUpdateChecker
[-] Služba smazána: FirefoxU
[-] Služba smazána: Nettrans
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: ed2kidle
[-] Služba smazána: ucdrv
[-] Služba smazána: Zaamla
[-] Služba smazána: WinSnare
***** [ Složky ] *****
[-] Složka smazána: C:\Program Files (x86)\WinSnare(4.2.6)
[-] Složka smazána: C:\ProgramData\3d7cfc8d-24b5-0
[-] Složka smazána: C:\ProgramData\3d7cfc8d-5d53-0
[-] Složka smazána: C:\ProgramData\3d7cfc8d-6407-0
[-] Složka smazána: C:\ProgramData\3d7cfc8d-6773-0
[-] Složka smazána: C:\ProgramData\a3597868
[-] Složka smazána: C:\ProgramData\{08ce25ba-112c-0}
[-] Složka smazána: C:\ProgramData\{26444394-512c-1}
[-] Složka smazána: C:\ProgramData\{2ee60541-012c-1}
[-] Složka smazána: C:\ProgramData\{75a04e37-612c-0}
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\Softlink
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\WinSAPSvc
[#] Složka smazána po restartu: C:\Users\zdrahal\AppData\Roaming\winsapsvc
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\aMule
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
[-] Složka smazána: C:\ProgramData\NetworkPacketManitor
[-] Složka smazána: C:\ProgramData\Microleaves
[#] Složka smazána po restartu: C:\ProgramData\Application Data\NetworkPacketManitor
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Microleaves
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[-] Složka smazána: C:\Program Files (x86)\Microleaves
[-] Složka smazána: C:\Program Files (x86)\pccleanplus
[-] Složka smazána: C:\Program Files (x86)\MIO
[-] Složka smazána: C:\Program Files (x86)\amuleCexx
[-] Složka smazána: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
[-] Složka smazána: C:\Program Files (x86)\Firefox
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
[#] Složka smazána po restartu: C:\Users\zdrahal\AppData\Roaming\WinSnare
[#] Složka smazána po restartu: C:\Program Files (x86)\MIO
[-] Složka smazána: C:\Program Files (x86)\reports
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
[-] Soubor smazán: C:\WINDOWS\SysNative\drivers\KuaiZipDrive.sys
[-] Soubor smazán: C:\TOSTACK
[-] Soubor smazán: C:\Program Files (x86)\settings.dat
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[-] Zástupce vyléčen: C:\Users\Public\Desktop\Google Chrome.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simocalc\Homepage.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eacadfa43776aec\Google Chrome.lnk
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: Jogosephakeck
[-] Úloha smazána: {04080847-0B09-080E-0A11-7F79787E1104}
[-] Úloha smazána: SystemHealer Monitor
[-] Úloha smazána: SystemHealer Run Delay
[-] Úloha smazána: System HealerStartUp
[-] Úloha smazána: System HealerPeriod
[-] Úloha smazána: System Healer Task
[-] Úloha smazána: PC Clean Plus_UPDATES
[-] Úloha smazána: PC Clean Plus_DEFAULT
[-] Úloha smazána: PC Clean Plus
[-] Úloha smazána: Traffic Exchange Guardian
[-] Úloha smazána: Traffic Exchange Updater
[-] Úloha smazána: Traffic Exchange
[-] Úloha smazána: Traffic Exchange Guard
[-] Úloha smazána: SecureUpdater
[-] Úloha smazána: UCBrowserUpdaterCore
[-] Úloha smazána: UCBrowserSecureUpdater
[-] Úloha smazána: Milimili
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[-] Klíč smazán: HKU\.DEFAULT\Software\KuaiZip
[-] Klíč smazán: HKU\.DEFAULT\Software\ompndb
[-] Klíč smazán: HKU\.DEFAULT\Software\UpgSvr
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Installer
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\PC Clean Plus
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\System Healer
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\PC
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\AutoTime
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Event Monitor
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\KuaiZip
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\SNDA
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\KuaiZipSFX
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\WinSnare
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\mtZaamla
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\dlr
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\PopWnd
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\UpgSvr
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\KuaiZip
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ompndb
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\UpgSvr
[#] Klíč smazán po restartu: HKCU\Software\Installer
[#] Klíč smazán po restartu: HKCU\Software\PC Clean Plus
[#] Klíč smazán po restartu: HKCU\Software\System Healer
[#] Klíč smazán po restartu: HKCU\Software\PC
[#] Klíč smazán po restartu: HKCU\Software\AutoTime
[#] Klíč smazán po restartu: HKCU\Software\Event Monitor
[#] Klíč smazán po restartu: HKCU\Software\KuaiZip
[#] Klíč smazán po restartu: HKCU\Software\SNDA
[#] Klíč smazán po restartu: HKCU\Software\KuaiZipSFX
[#] Klíč smazán po restartu: HKCU\Software\WinSnare
[#] Klíč smazán po restartu: HKCU\Software\mtZaamla
[#] Klíč smazán po restartu: HKCU\Software\dlr
[#] Klíč smazán po restartu: HKCU\Software\PopWnd
[#] Klíč smazán po restartu: HKCU\Software\UpgSvr
[-] Klíč smazán: HKLM\SOFTWARE\Jawego
[-] Klíč smazán: HKLM\SOFTWARE\PC Clean Plus
[-] Klíč smazán: HKLM\SOFTWARE\PC
[-] Klíč smazán: HKLM\SOFTWARE\Event Monitor
[-] Klíč smazán: HKLM\SOFTWARE\youndooSoftware
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\ompndb
[-] Klíč smazán: HKLM\SOFTWARE\amule-custom
[-] Klíč smazán: HKLM\SOFTWARE\Microleaves
[-] Klíč smazán: HKLM\SOFTWARE\mtZaamla
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Klíč smazán po restartu: [x64] HKCU\Software\Installer
[#] Klíč smazán po restartu: [x64] HKCU\Software\PC Clean Plus
[#] Klíč smazán po restartu: [x64] HKCU\Software\System Healer
[#] Klíč smazán po restartu: [x64] HKCU\Software\PC
[#] Klíč smazán po restartu: [x64] HKCU\Software\AutoTime
[#] Klíč smazán po restartu: [x64] HKCU\Software\Event Monitor
[#] Klíč smazán po restartu: [x64] HKCU\Software\KuaiZip
[#] Klíč smazán po restartu: [x64] HKCU\Software\SNDA
[#] Klíč smazán po restartu: [x64] HKCU\Software\KuaiZipSFX
[#] Klíč smazán po restartu: [x64] HKCU\Software\WinSnare
[#] Klíč smazán po restartu: [x64] HKCU\Software\mtZaamla
[#] Klíč smazán po restartu: [x64] HKCU\Software\dlr
[#] Klíč smazán po restartu: [x64] HKCU\Software\PopWnd
[#] Klíč smazán po restartu: [x64] HKCU\Software\UpgSvr
[-] Klíč smazán: [x64] HKLM\SOFTWARE\ompndb
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microleaves
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Data obnovena: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Data obnovena: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\BHO.DLL
[-] Klíč smazán: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[#] Klíč smazán po restartu: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.crx\OpenWithProgids [UCHTML.AssocFile.CRX]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.crx\OpenWithProgids [UCHTML.AssocFile.CRX]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Klíč smazán: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [16783 Bajty] - [08/03/2017 22:09:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [17860 Bajty] - [08/03/2017 22:08:25]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [16931 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zpomalené načítání stránek
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zpomalené načítání stránek
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by zdrahal (administrator) on FST6008C (08-03-2017 22:35:24)
Running from C:\Users\zdrahal\Desktop
Loaded Profiles: zdrahal (Available Profiles: zdrahal & FSTM_local)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\CxUtilSvc.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(HP) C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
() C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(Dell Software Inc) C:\Windows\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\fvenotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Conexant) C:\Program Files\CONEXANT\MicTray\MicTray64.exe
(Atos IT Solutions and Services GmbH) C:\Program Files\CardOS API\bin\cardoscp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(SAP AG) C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 16\MmReminderService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MicTray] => C:\Program Files\Conexant\MicTray\MicTray64.exe [11289176 2015-12-24] (Conexant)
HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\HP-NB-AIO\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc.)
HKLM\...\Run: [CardOS API] => C:\Program Files\CardOS API\bin\cardoscp.exe [169472 2012-10-30] (Atos IT Solutions and Services GmbH)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1568760 2016-05-30] (FileOpen Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USM] => C:\Program Files (x86)\Siemens\USM\USM.exe [57344 2007-11-07] (Siemens AG)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2503608 2016-05-26] (Trend Micro Inc.)
HKLM-x32\...\Run: [SBUSGUI] => C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe [717376 2014-01-15] (SAP AG)
HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 16\MMReminderService.exe [116424 2015-10-08] (Mindjet)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Disallowed\Certificates: 02C2D931062D7B1DC2A5C7F5F0685064081FB221 (U)
HKLM\...\Disallowed\Certificates: 08738A96A4853A52ACEF23F782E8E1FEA7BCED02 (U)
HKLM\...\Disallowed\Certificates: 08E4987249BC450748A4A78133CBF041A3510033 (U)
HKLM\...\Disallowed\Certificates: 09271DD621EBD3910C2EA1D059F99B8181405A17 (U)
HKLM\...\Disallowed\Certificates: 09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E (U)
HKLM\...\Disallowed\Certificates: 1916A2AF346D399F50313C393200F14140456616 (U)
HKLM\...\Disallowed\Certificates: 23EF3384E21F70F034C467D4CBA6EB61429F174E (U)
HKLM\...\Disallowed\Certificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (U)
HKLM\...\Disallowed\Certificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (U)
HKLM\...\Disallowed\Certificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (U)
HKLM\...\Disallowed\Certificates: 330D8D3FD325A0E5FDDDA27013A2E75E7130165F (U)
HKLM\...\Disallowed\Certificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (U)
HKLM\...\Disallowed\Certificates: 374D5B925B0BD83494E656EB8087127275DB83CE (U)
HKLM\...\Disallowed\Certificates: 3A26012171855D4020C973BEC3F4F9DA45BD2B83 (U)
HKLM\...\Disallowed\Certificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (U)
HKLM\...\Disallowed\Certificates: 3EB44E5FFE6DC72DED703E99902722DB38FFD1CB (U)
HKLM\...\Disallowed\Certificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (U)
HKLM\...\Disallowed\Certificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (U)
HKLM\...\Disallowed\Certificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (U)
HKLM\...\Disallowed\Certificates: 4822824ECE7ED1450C039AA077DC1F8AE3489BBF (U)
HKLM\...\Disallowed\Certificates: 4D8547B7F864132A7F62D9B75B068521F10B68E3 (U)
HKLM\...\Disallowed\Certificates: 4DF13947493CFF69CDE554881C5F114E97C3D03B (U)
HKLM\...\Disallowed\Certificates: 4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F (U)
HKLM\...\Disallowed\Certificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (U)
HKLM\...\Disallowed\Certificates: 587B59FB52D8A683CBE1CA00E6393D7BB923BC92 (U)
HKLM\...\Disallowed\Certificates: 5CE339465F41A1E423149F65544095404DE6EBE2 (U)
HKLM\...\Disallowed\Certificates: 5D5185DF1EB7DC76015422EC8138A5724BEE2886 (U)
HKLM\...\Disallowed\Certificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (U)
HKLM\...\Disallowed\Certificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (U)
HKLM\...\Disallowed\Certificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (U)
HKLM\...\Disallowed\Certificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (U)
HKLM\...\Disallowed\Certificates: 6431723036FD26DEA502792FA595922493030F97 (U)
HKLM\...\Disallowed\Certificates: 6690C02B922CBD3FF0D0A5994DBD336592887E3F (U)
HKLM\...\Disallowed\Certificates: 7311E77EC400109D6A5326D8F6696204FD59AA3B (U)
HKLM\...\Disallowed\Certificates: 7613BF0BA261006CAC3ED2DDBEF343425357F18B (U)
HKLM\...\Disallowed\Certificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (U)
HKLM\...\Disallowed\Certificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (U)
HKLM\...\Disallowed\Certificates: 838FFD509DE868F481C29819992E38A4F7082873 (U)
HKLM\...\Disallowed\Certificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (U)
HKLM\...\Disallowed\Certificates: 8977E8569D2A633AF01D0394851681CE122683A6 (U)
HKLM\...\Disallowed\Certificates: 8B2E65A5DA17FCCCBCDE7EF87B0C0ED5D0701F9F (U)
HKLM\...\Disallowed\Certificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (U)
HKLM\...\Disallowed\Certificates: 915A478DB939925DA8D9AEA12D8BBA140D26599C (U)
HKLM\...\Disallowed\Certificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (U)
HKLM\...\Disallowed\Certificates: 98A04E4163357790C4A79E6D713FF0AF51FE6927 (U)
HKLM\...\Disallowed\Certificates: A1505D9843C826DD67ED4EA5209804BDBB0DF502 (U)
HKLM\...\Disallowed\Certificates: A221D360309B5C3C4097C44CC779ACC5A9845B66 (U)
HKLM\...\Disallowed\Certificates: A35A8C727E88BCCA40A3F9679CE8CA00C26789FD (U)
HKLM\...\Disallowed\Certificates: A7B5531DDC87129E2C3BB14767953D6745FB14A6 (U)
HKLM\...\Disallowed\Certificates: A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 (U)
HKLM\...\Disallowed\Certificates: B533345D06F64516403C00DA03187D3BFEF59156 (U)
HKLM\...\Disallowed\Certificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (U)
HKLM\...\Disallowed\Certificates: BED412B1334D7DFCEBA3015E5F9F905D571C45CF (U)
HKLM\...\Disallowed\Certificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (U)
HKLM\...\Disallowed\Certificates: C6796490CDEEAAB31AED798752ECD003E6866CB2 (U)
HKLM\...\Disallowed\Certificates: C69F28C825139E65A646C434ACA5A1D200295DB1 (U)
HKLM\...\Disallowed\Certificates: CEA586B2CE593EC7D939898337C57814708AB2BE (U)
HKLM\...\Disallowed\Certificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (U)
HKLM\...\Disallowed\Certificates: D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E (U)
HKLM\...\Disallowed\Certificates: D2DBF71823B2B8E78F5958096150BFCB97CC388A (U)
HKLM\...\Disallowed\Certificates: D43153C8C25F0041287987250F1E3CABAC8C2177 (U)
HKLM\...\Disallowed\Certificates: D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B (U)
HKLM\...\Disallowed\Certificates: DB5042ED256FF426867B332887ECCE2D95E79614 (U)
HKLM\...\Disallowed\Certificates: E1F3591E769865C4E447ACC37EAFC9E2BFE4C576 (U)
HKLM\...\Disallowed\Certificates: E38A2B7663B86796436D8DF5898D9FAA6835B238 (U)
HKLM\...\Disallowed\Certificates: E95DD86F32C771F0341743EBD75EC33C74A3DED9 (U)
HKLM\...\Disallowed\Certificates: E9809E023B4512AA4D4D53F40569C313C1D0294D (U)
HKLM\...\Disallowed\Certificates: F5A874F3987EB0A9961A564B669A9050F770308A (U)
HKLM\...\Disallowed\Certificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (U)
HKLM\...\Disallowed\Certificates: F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB (U)
HKLM\...\Disallowed\Certificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (U)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {084b234d-f5c3-11e6-8772-fc3fdb8400b9} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {11108763-27fb-11e6-8598-fc3fdb8400b9} - G:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {17e1a827-a005-11e6-9ced-a434d9a1e617} - H:\winopen.exe \index.html
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {9e838994-6112-11e6-8c52-a434d9a1e617} - G:\Setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {e9aa8549-4b13-11e6-9c57-a434d9a1e617} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {f1a8eb31-6a06-11e6-9705-a434d9a1e617} - I:\setup.exe
HKLM\...\Providers\yks9i9i9: C:\Program Files (x86)\Sterberph Controls\local64spl.dll [315904 2017-02-11] ()
ShellExecuteHooks: No Name - {49CA6BDA-ECD2-11E6-B70F-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Plpoentthvutain\Chuvet.dll -> No File
ShellExecuteHooks: No Name - {AD722266-ECD2-11E6-BE37-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Ckafoy\Pherluycogch.dll [148992 2017-02-12] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-06-01]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2016-06-01]
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-1292428093-838170752-682003330-178154] => hxxp://proxyconf
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{45324F4F-8AA9-4B43-95D4-3FAA46B6AE44}: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{713DCD72-8B2E-40F3-9B11-8165CE768E78}: [DhcpNameServer] 163.242.85.210 163.242.85.221
Tcpip\..\Interfaces\{AC13ADEB-99DE-4136-859A-4261097663FD}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://proxyconf
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://intranet.entry.siemens.com/osiep/
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {2AB6ACB9-161E-4889-8A3F-A00C87B703CD} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {A0D64377-9E9F-4024-ACC7-F8F38B13A802} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {E421A340-388A-4253-A18A-E517AB25411C} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: PDFXChange 4.0 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2015-10-08] (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
FireFox:
========
FF DefaultProfile: nckuckjx.default
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\nckuckjx.default\Profiles\nckuckjx.default [not found]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default [2017-02-13]
FF NewTab: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2016-06-01]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2016-06-02]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default [2017-03-08]
FF NewTab: Firefox\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF SelectedSearchEngine: Firefox\Firefox\Profiles\nckuckjx.default -> youndoo
FF Extension: (SimilarWeb) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-07] [not signed]
FF Extension: (FF Adr) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-06] [not signed]
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2017-03-06]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2017-03-06]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-03-06] [not signed]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\startsearch.xml [2017-03-06]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey [2017-03-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-20] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-04-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData2
CHR Profile: C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-03-06] <==== ATTENTION
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apps_Cfg; C:\ProgramData\Apple\Apps\config.dll [120320 2017-03-06] () [File not signed]
R2 BarTender System Service; C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe [36432 2013-11-19] (Seagull Scientific, Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 Commander Service; C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe [1272912 2013-11-19] ()
R2 Coqaph; C:\Program Files (x86)\Pejghtkerrodom\drraseckoqolycr.dll [148992 2017-02-11] () [File not signed]
S4 CRS Service; C:\Program Files (x86)\CRService\CRService.exe [110592 2004-10-05] () [File not signed]
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe [135288 2015-08-09] (Conexant Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [674136 2016-01-19] (Pulse Secure, LLC)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [385016 2016-05-30] (FileOpen Systems Inc.)
R2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [782048 2015-11-16] (HP)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [1102560 2015-10-19] (HP)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [150632 2015-10-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [364472 2015-12-05] (Intel Corporation)
R2 Kyubey; C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe [111104 2017-03-08] () [File not signed]
R2 Maestro; C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe [232528 2013-11-19] (Seagull Scientific, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5684544 2016-05-26] (Trend Micro Inc.)
R2 QsRUMAgent; C:\WINDOWS\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [894976 2014-11-13] (Dell Software Inc) [File not signed]
S3 smstsmgr; C:\WINDOWS\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
S4 SQLAgent$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-11-18] (Synaptics Incorporated)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592896 2016-05-26] (Trend Micro Inc.)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe [851056 2016-05-26] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5298688 2016-05-26] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 gemeloki; [X]
S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AmdGpio2; C:\WINDOWS\system32\drivers\AmdGpio2.sys [45296 2015-06-19] (Advanced Micro Devices, INC.)
S3 amdi2c; C:\WINDOWS\system32\drivers\amdi2c.sys [60656 2015-06-19] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
S3 blackberryncm; C:\WINDOWS\System32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R3 btmaux; C:\WINDOWS\System32\DRIVERS\btmaux.sys [141800 2015-07-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [1445688 2014-11-20] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-01] (Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [502256 2015-08-13] (Intel Corporation)
S3 ew_usbenumfilter; C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys [15744 2013-10-28] (MBB Technologies Co., Ltd.)
S3 hidemi; C:\WINDOWS\system32\drivers\hidemi.sys [30544 2015-08-21] (Microchip)
S3 huawei_cdcacm; C:\WINDOWS\system32\drivers\ew_jucdcacm.sys [110592 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_enumerator; C:\WINDOWS\system32\drivers\ew_jubusenum.sys [92672 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\system32\drivers\ew_juextctrl.sys [30720 2014-01-02] (MBB Technologies Co., Ltd.)
S3 hwdatacard; C:\WINDOWS\system32\drivers\ewusbmdm.sys [226176 2014-01-02] (MBB Technologies Co., Ltd.)
R0 iaStorF; C:\WINDOWS\System32\drivers\iaStorF.sys [31712 2015-10-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\System32\DRIVERS\ibtusb.sys [96496 2015-09-10] (Intel Corporation)
S3 mchpemi; C:\WINDOWS\system32\drivers\mchpemi.sys [37728 2015-08-21] (Microchip)
R3 MEIx64; C:\WINDOWS\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-09] (Intel Corporation)
R3 NETwNs64; C:\WINDOWS\System32\DRIVERS\Netwsw02.sys [3422472 2016-01-01] (Intel Corporation)
R3 prepdrvr; C:\WINDOWS\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 qcfilter; C:\WINDOWS\system32\drivers\hpusbfilter.sys [40448 2015-11-19] (HP)
S3 qcusbser; C:\WINDOWS\system32\drivers\hpusbser.sys [238592 2015-11-19] (HP)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (BlackBerry Limited)
R3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [42600 2015-11-18] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [730368 2015-12-14] (Sunplus)
S3 SzCCID; C:\WINDOWS\System32\DRIVERS\SzCCID.sys [51352 2015-06-03] (Generic)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [120640 2016-05-25] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [324408 2015-11-30] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [79168 2016-05-25] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393952 2016-08-22] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66784 2016-08-22] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [102176 2016-04-30] (Trend Micro Inc.)
R3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2578656 2016-08-22] (Trend Micro Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-08 22:35 - 2017-03-08 22:36 - 00037989 _____ C:\Users\zdrahal\Desktop\FRST.txt
2017-03-08 22:13 - 2017-03-08 22:34 - 00000000 ____D C:\Program Files (x86)\reports
2017-03-08 22:13 - 2017-03-08 22:17 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-03-08 22:13 - 2017-03-08 22:13 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-08 22:11 - 2017-03-08 22:11 - 00000004 ____H C:\ProgramData\cm-lock
2017-03-08 22:07 - 2017-03-08 22:09 - 00000000 ____D C:\AdwCleaner
2017-03-08 22:06 - 2017-03-08 22:05 - 04031440 _____ C:\Users\zdrahal\Desktop\adwcleaner_6.044.exe
2017-03-08 22:05 - 2017-03-08 22:05 - 04031440 _____ C:\Users\zdrahal\Downloads\adwcleaner_6.044.exe
2017-03-08 21:46 - 2017-03-08 21:47 - 00000000 ____D C:\FRST
2017-03-08 21:44 - 2017-03-08 21:44 - 00112640 _____ (forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
2017-03-08 21:43 - 2017-03-08 21:44 - 02423808 _____ (Farbar) C:\Users\zdrahal\Desktop\FRST64.exe
2017-03-08 21:21 - 2017-03-08 21:21 - 00000000 ____D C:\Program Files (x86)\58C067C0_cacayima
2017-03-08 08:30 - 2017-03-08 08:30 - 00941183 _____ C:\Users\zdrahal\Desktop\Protokoll_Suche.zip
2017-03-08 08:30 - 2017-03-08 08:30 - 00000000 ____D C:\Users\zdrahal\Desktop\Protokoll_Suche
2017-03-07 23:45 - 2017-03-07 23:45 - 00000000 ____D C:\Program Files (x86)\58BF3816_cacayima
2017-03-07 21:55 - 2017-03-07 21:55 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215 (1).pdf
2017-03-07 21:45 - 2017-03-07 21:45 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-07 10:45 - 2017-03-07 10:45 - 07605801 _____ C:\Users\zdrahal\Desktop\SIEMENS S120 Servo overview2 080414.pdf
2017-03-07 10:36 - 2017-03-07 10:36 - 12977206 _____ C:\Users\zdrahal\Desktop\enman_sinamics-v6-4_2015_en.pdf
2017-03-06 23:41 - 2017-03-06 23:41 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015 (1).rar
2017-03-06 23:14 - 2017-03-06 23:17 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015.rar
2017-03-06 22:10 - 2017-03-08 21:21 - 00002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-08 21:21 - 00002005 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Firefox
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Firefox
2017-03-06 22:08 - 2017-03-08 22:34 - 00031572 _____ C:\Program Files (x86)\metadata
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Coldmay
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\ProgramData\Apple
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Program Files (x86)\Coldmay
2017-03-04 22:12 - 2011-04-06 18:21 - 273165554 _____ C:\Users\zdrahal\Desktop\Garage_5_4_2011.avi
2017-03-04 12:24 - 2017-03-04 12:24 - 14876943 _____ C:\Users\zdrahal\Downloads\IBb_HLAVNI_VYKRES.pdf
2017-03-04 12:24 - 2017-03-04 12:24 - 01044234 _____ C:\Users\zdrahal\Downloads\UZEMNI_PLAN_OOP.pdf
2017-03-03 23:29 - 2017-03-03 23:29 - 00000000 ____D C:\Users\zdrahal\Documents\aMule Downloads
2017-03-03 13:07 - 2017-03-03 14:47 - 00000000 ___SD C:\Users\zdrahal\Documents\SharePoint – koncepty
2017-03-03 10:42 - 2017-03-03 10:36 - 30757680 _____ C:\Users\zdrahal\Downloads\simotics-low-voltage-motors-catalog-d81-1-en-2016.zip
2017-03-03 10:30 - 2017-03-03 10:30 - 13982950 _____ C:\Users\zdrahal\Downloads\sinamics-projektierungshandbuch-lv-de.pdf
2017-03-02 23:12 - 2017-03-02 23:14 - 213929163 _____ C:\Users\zdrahal\Downloads\sw_20170127_631_U_5.16_371_gdb_pn_user.zip
2017-03-02 22:32 - 2017-03-02 22:32 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\U3
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-02 20:19 - 2017-03-02 20:19 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Kyubey
2017-03-02 20:16 - 2017-03-02 20:16 - 00000000 ____D C:\WINDOWS\SysWOW64\{C5C16BF2-3257-4498-A5C2-DFDF85D7E259}
2017-03-01 10:17 - 2017-03-01 10:17 - 00000000 ____D C:\WINDOWS\Quest Resource Updating Agent
2017-03-01 07:13 - 2017-03-01 07:13 - 02610081 _____ C:\Users\zdrahal\Downloads\osm-uderu-hodin (1).mobi
2017-02-27 22:31 - 2017-02-27 22:31 - 25971958 _____ C:\Users\zdrahal\Downloads\Visingr---Zbraně-21.-století.pdf
2017-02-26 21:49 - 2017-02-26 21:50 - 106616851 _____ C:\Users\zdrahal\Downloads\S4A.zip
2017-02-26 21:35 - 2017-02-26 21:36 - 27926619 _____ C:\Users\zdrahal\Downloads\Dějiny národního hospodářství.pdf
2017-02-25 23:39 - 2017-02-25 23:39 - 00614385 _____ C:\Users\zdrahal\Desktop\Bezpecnost_Evropy.pdf
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Apowersoft
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Apowersoft
2017-02-25 22:58 - 2017-02-25 22:58 - 01226104 _____ (Apowersoft Ltd. ) C:\Users\zdrahal\Downloads\apowersoft-online-launcher.exe
2017-02-24 23:31 - 2017-02-24 23:39 - 1134763162 _____ C:\Users\zdrahal\Downloads\Hotel-of-the-Damned-(2016)en.mkv
2017-02-24 14:23 - 2017-02-24 14:23 - 00000000 ____D C:\export
2017-02-23 07:20 - 2017-02-23 07:20 - 00000000 ____D C:\WINDOWS\audit
2017-02-22 22:24 - 2017-02-22 22:28 - 427098090 _____ C:\Users\zdrahal\Downloads\Chéri---Michelle-Pfeiffer,-Rupert-Friend,-Kathy-Bates,-Felicity-Jones-2009-cz-dab.avi
2017-02-22 15:14 - 2017-02-22 15:14 - 00047958 _____ C:\Users\zdrahal\Downloads\Pohyb_13892487911_na_uctu_2000302534.pdf
2017-02-22 09:07 - 2017-02-22 12:57 - 00000000 ____D C:\Users\zdrahal\Desktop\UL_CSA
2017-02-21 12:57 - 2017-02-21 12:57 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215.pdf
2017-02-20 23:37 - 2017-02-20 23:37 - 36092047 _____ C:\Users\zdrahal\Desktop\Werner Leonhard-Control of Electrical Drives-Springer (2001).pdf
2017-02-20 23:10 - 2017-02-20 23:11 - 16219691 _____ C:\Users\zdrahal\Downloads\Czech.zip
2017-02-20 23:03 - 2017-02-20 23:03 - 00321525 _____ C:\Users\zdrahal\Downloads\024269.pdf
2017-02-19 23:03 - 2017-02-19 23:25 - 00000000 ____D C:\Program Files (x86)\Age of Empires II HD
2017-02-19 22:42 - 2017-02-19 22:51 - 966636757 _____ C:\Users\zdrahal\Downloads\Age-of-Empires-2-HD+Čeština+Crack (1).rar
2017-02-19 22:30 - 2017-02-19 22:33 - 391288316 _____ C:\Users\zdrahal\Downloads\Steel-Panthers-World-At-War.rar
2017-02-18 11:48 - 2017-02-18 11:48 - 00033475 _____ C:\Users\zdrahal\Downloads\F_2834911317.pdf
2017-02-18 01:00 - 2017-02-18 01:11 - 1483778946 _____ C:\Users\zdrahal\Downloads\The.Night.Watchman.2016.DVDRip.XviD.AC3-EVO.avi
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Jujubee S_A_
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-02-16 23:05 - 2017-03-01 21:03 - 00000000 ____D C:\Users\zdrahal\Desktop\Ila
2017-02-16 22:22 - 2017-02-16 22:22 - 00135903 _____ C:\Users\zdrahal\Downloads\vybor_zapis_15_01_20115.pdf
2017-02-16 20:16 - 2017-02-16 20:16 - 00212342 _____ C:\Users\zdrahal\Downloads\Seznam vlastníků bytů.pdf
2017-02-16 14:47 - 2017-02-16 14:47 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-16 14:47 - 2017-02-16 14:47 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 13:13 - 2017-02-15 13:13 - 01035943 _____ C:\Users\zdrahal\Desktop\IEC 60034-14_2017_draft.pdf
2017-02-15 08:07 - 2017-03-08 22:12 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-02-15 08:07 - 2017-03-08 22:11 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-02-15 08:07 - 2017-03-08 22:09 - 00001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-15 08:07 - 2017-03-08 22:09 - 00001150 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-15 08:07 - 2017-02-15 08:07 - 00003948 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-15 08:07 - 2017-02-15 08:07 - 00003696 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-12 23:34 - 2017-02-12 23:46 - 705433141 _____ C:\Users\zdrahal\Downloads\Cherry-Tree-CZ-Titulky-Horor,-Irsko,-2015....ID--154291.mkv
2017-02-12 14:31 - 2017-02-12 15:54 - 00000000 ____D C:\Users\zdrahal\Desktop\1MB1 vývody
2017-02-12 13:18 - 2017-03-02 22:21 - 00000000 ____D C:\Users\zdrahal\Desktop\backups
2017-02-12 12:16 - 2017-02-12 12:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Desktop\hijackthis.exe
2017-02-12 11:29 - 2017-02-12 11:29 - 00000000 ____D C:\Users\zdrahal\Downloads\backups
2017-02-12 11:09 - 2017-02-12 11:11 - 00000000 ____D C:\Program Files (x86)\Wsuiedfuloing
2017-02-12 10:53 - 2017-02-12 10:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Downloads\hijackthis.exe
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\rsit
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\Program Files\trend micro
2017-02-12 09:42 - 2017-02-12 11:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Ckafoy
2017-02-12 09:41 - 2017-02-12 09:41 - 00006100 _____ C:\WINDOWS\System32\Tasks\Qerzitainckeriward Launcher
2017-02-12 09:41 - 2017-02-12 09:41 - 00000000 ____D C:\Program Files (x86)\Qerzitainckeriward Launcher
2017-02-12 09:30 - 2017-02-12 09:30 - 00003258 _____ C:\WINDOWS\System32\Tasks\psv_LabOzeis
2017-02-11 22:38 - 2017-02-11 22:38 - 00003256 _____ C:\WINDOWS\System32\Tasks\psv_Lam-Ron
2017-02-11 22:35 - 2017-02-11 22:35 - 00003270 _____ C:\WINDOWS\System32\Tasks\psv_Canzap
2017-02-11 22:34 - 2017-03-08 22:07 - 00000460 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-02-11 22:34 - 2017-02-12 10:38 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-11 22:34 - 2017-02-11 23:11 - 00003438 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-02-11 22:34 - 2017-02-11 22:39 - 00000000 ____D C:\Program Files\żěŃą
2017-02-11 22:30 - 2017-02-11 22:30 - 00000000 ____D C:\Program Files (x86)\Sterberph Controls
2017-02-11 22:29 - 2017-02-11 22:29 - 00006056 _____ C:\WINDOWS\System32\Tasks\Sterberph Controls
2017-02-11 22:28 - 2017-02-12 11:57 - 00000000 ____D C:\Program Files (x86)\Pejghtkerrodom
2017-02-11 22:27 - 2017-03-08 22:36 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-02-11 22:27 - 2017-03-08 22:36 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-02-11 22:27 - 2017-03-08 22:36 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\cryptolib
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-08 22:22 - 2016-09-22 08:12 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-08 22:19 - 2012-08-29 10:23 - 00883936 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-08 22:19 - 2012-08-29 10:23 - 00222930 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-08 22:19 - 2012-08-29 10:13 - 00864066 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-08 22:19 - 2012-08-29 10:13 - 00215712 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-08 22:19 - 2009-07-14 06:13 - 03244726 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 22:19 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-08 22:19 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-08 22:19 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\inf
2017-03-08 22:12 - 2016-11-29 18:16 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Skype
2017-03-08 22:12 - 2016-06-01 09:38 - 00000000 __SHD C:\Users\zdrahal\IntelGraphicsProfiles
2017-03-08 22:11 - 2015-10-08 21:14 - 00000405 _____ C:\WINDOWS\SMSCFG.INI
2017-03-08 22:10 - 2009-07-14 06:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 22:09 - 2016-06-01 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simocalc
2017-03-08 22:09 - 2016-06-01 09:39 - 00000979 _____ C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-08 21:20 - 2016-11-17 00:26 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Mozilla
2017-03-08 15:58 - 2016-05-13 15:06 - 00011091 _____ C:\WINDOWS\cfgall.ini
2017-03-08 15:33 - 2015-10-08 21:12 - 00008400 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-03-08 08:33 - 2016-05-13 15:03 - 00000000 ____D C:\Temp
2017-03-08 07:33 - 2016-06-01 09:39 - 00000000 ____D C:\Users\zdrahal\Tracing
2017-03-08 00:06 - 2016-06-01 21:41 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\uTorrent
2017-03-07 23:42 - 2016-06-01 20:38 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\vlc
2017-03-07 11:54 - 2016-10-17 14:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\ElevatedDiagnostics
2017-03-07 07:50 - 2016-06-01 15:06 - 00000000 ____D C:\Smart
2017-03-06 14:20 - 2016-06-01 09:38 - 00007728 __RSH C:\Users\zdrahal\ntuser.pol
2017-03-06 14:20 - 2016-06-01 09:38 - 00000000 ____D C:\Users\zdrahal
2017-03-06 11:19 - 2016-06-01 20:56 - 00451584 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2017-03-01 12:24 - 2012-08-28 15:14 - 00158296 __RSH C:\ProgramData\ntuser.pol
2017-02-24 09:53 - 2017-01-02 20:55 - 00000000 ____D C:\Users\zdrahal\Desktop\clo
2017-02-23 13:09 - 2016-06-01 11:10 - 00000000 ____D C:\Users\zdrahal\Desktop\VYKAZOVÁNÍ
2017-02-19 23:33 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-15 20:10 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-15 08:07 - 2016-09-05 07:06 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-12 22:34 - 2016-06-01 12:28 - 00000000 ____D C:\2_VECI
2017-02-12 13:18 - 2016-05-16 09:27 - 00000000 ____D C:\Program Files (x86)\CRService
2017-02-12 10:50 - 2016-10-21 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 10:05 - 2016-09-05 19:46 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Google
2017-02-11 22:33 - 2015-10-08 11:15 - 03276772 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
==================== Files in the root of some directories =======
2017-03-06 22:08 - 2017-03-08 22:34 - 0031572 _____ () C:\Program Files (x86)\metadata
2017-03-08 22:13 - 2017-03-08 22:17 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2016-06-01 22:15 - 2016-06-01 22:15 - 0000001 _____ () C:\Users\zdrahal\AppData\Local\llftool.4.40.agreement
2016-06-01 22:18 - 2016-06-01 22:18 - 0000019 _____ () C:\Users\zdrahal\AppData\Local\llftool.license
2017-03-08 22:11 - 2017-03-08 22:11 - 0000004 ____H () C:\ProgramData\cm-lock
Some files in TEMP:
====================
2016-05-24 06:30 - 2015-09-07 13:47 - 0007168 _____ (Siemens AG) C:\Users\rezniceko\AppData\Local\Temp\GetJavaPath.exe
2016-05-24 06:30 - 2016-04-13 08:18 - 0015872 _____ (Siemens AG) C:\Users\rezniceko\AppData\Local\Temp\JreCheck.exe
2016-05-16 14:32 - 2013-11-25 16:43 - 0060296 _____ (Autodesk, Inc.) C:\Users\w9a93e10\AppData\Local\Temp\AcDeltree.exe
2016-05-31 14:41 - 2016-04-13 08:18 - 0015872 _____ (Siemens AG) C:\Users\w9a93e10\AppData\Local\Temp\JreCheck.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
SIZER for Siemens Drives (HKLM-x32\...\{53FDD695-AE45-42A8-994D-EA9B714C4761}) (Version: 3.15 - Siemens AG)
SIZER for Siemens Drives Product Database (x32 Version: 1.1 - Siemens AG) Hidden
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\zdrahal\Desktop" je 1459 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by zdrahal (administrator) on FST6008C (08-03-2017 22:35:24)
Running from C:\Users\zdrahal\Desktop
Loaded Profiles: zdrahal (Available Profiles: zdrahal & FSTM_local)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\CxUtilSvc.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(HP) C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
() C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(Dell Software Inc) C:\Windows\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\fvenotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Conexant) C:\Program Files\CONEXANT\MicTray\MicTray64.exe
(Atos IT Solutions and Services GmbH) C:\Program Files\CardOS API\bin\cardoscp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(SAP AG) C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 16\MmReminderService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MicTray] => C:\Program Files\Conexant\MicTray\MicTray64.exe [11289176 2015-12-24] (Conexant)
HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\HP-NB-AIO\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc.)
HKLM\...\Run: [CardOS API] => C:\Program Files\CardOS API\bin\cardoscp.exe [169472 2012-10-30] (Atos IT Solutions and Services GmbH)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1568760 2016-05-30] (FileOpen Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USM] => C:\Program Files (x86)\Siemens\USM\USM.exe [57344 2007-11-07] (Siemens AG)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2503608 2016-05-26] (Trend Micro Inc.)
HKLM-x32\...\Run: [SBUSGUI] => C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe [717376 2014-01-15] (SAP AG)
HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 16\MMReminderService.exe [116424 2015-10-08] (Mindjet)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Disallowed\Certificates: 02C2D931062D7B1DC2A5C7F5F0685064081FB221 (U)
HKLM\...\Disallowed\Certificates: 08738A96A4853A52ACEF23F782E8E1FEA7BCED02 (U)
HKLM\...\Disallowed\Certificates: 08E4987249BC450748A4A78133CBF041A3510033 (U)
HKLM\...\Disallowed\Certificates: 09271DD621EBD3910C2EA1D059F99B8181405A17 (U)
HKLM\...\Disallowed\Certificates: 09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E (U)
HKLM\...\Disallowed\Certificates: 1916A2AF346D399F50313C393200F14140456616 (U)
HKLM\...\Disallowed\Certificates: 23EF3384E21F70F034C467D4CBA6EB61429F174E (U)
HKLM\...\Disallowed\Certificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (U)
HKLM\...\Disallowed\Certificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (U)
HKLM\...\Disallowed\Certificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (U)
HKLM\...\Disallowed\Certificates: 330D8D3FD325A0E5FDDDA27013A2E75E7130165F (U)
HKLM\...\Disallowed\Certificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (U)
HKLM\...\Disallowed\Certificates: 374D5B925B0BD83494E656EB8087127275DB83CE (U)
HKLM\...\Disallowed\Certificates: 3A26012171855D4020C973BEC3F4F9DA45BD2B83 (U)
HKLM\...\Disallowed\Certificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (U)
HKLM\...\Disallowed\Certificates: 3EB44E5FFE6DC72DED703E99902722DB38FFD1CB (U)
HKLM\...\Disallowed\Certificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (U)
HKLM\...\Disallowed\Certificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (U)
HKLM\...\Disallowed\Certificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (U)
HKLM\...\Disallowed\Certificates: 4822824ECE7ED1450C039AA077DC1F8AE3489BBF (U)
HKLM\...\Disallowed\Certificates: 4D8547B7F864132A7F62D9B75B068521F10B68E3 (U)
HKLM\...\Disallowed\Certificates: 4DF13947493CFF69CDE554881C5F114E97C3D03B (U)
HKLM\...\Disallowed\Certificates: 4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F (U)
HKLM\...\Disallowed\Certificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (U)
HKLM\...\Disallowed\Certificates: 587B59FB52D8A683CBE1CA00E6393D7BB923BC92 (U)
HKLM\...\Disallowed\Certificates: 5CE339465F41A1E423149F65544095404DE6EBE2 (U)
HKLM\...\Disallowed\Certificates: 5D5185DF1EB7DC76015422EC8138A5724BEE2886 (U)
HKLM\...\Disallowed\Certificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (U)
HKLM\...\Disallowed\Certificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (U)
HKLM\...\Disallowed\Certificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (U)
HKLM\...\Disallowed\Certificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (U)
HKLM\...\Disallowed\Certificates: 6431723036FD26DEA502792FA595922493030F97 (U)
HKLM\...\Disallowed\Certificates: 6690C02B922CBD3FF0D0A5994DBD336592887E3F (U)
HKLM\...\Disallowed\Certificates: 7311E77EC400109D6A5326D8F6696204FD59AA3B (U)
HKLM\...\Disallowed\Certificates: 7613BF0BA261006CAC3ED2DDBEF343425357F18B (U)
HKLM\...\Disallowed\Certificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (U)
HKLM\...\Disallowed\Certificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (U)
HKLM\...\Disallowed\Certificates: 838FFD509DE868F481C29819992E38A4F7082873 (U)
HKLM\...\Disallowed\Certificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (U)
HKLM\...\Disallowed\Certificates: 8977E8569D2A633AF01D0394851681CE122683A6 (U)
HKLM\...\Disallowed\Certificates: 8B2E65A5DA17FCCCBCDE7EF87B0C0ED5D0701F9F (U)
HKLM\...\Disallowed\Certificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (U)
HKLM\...\Disallowed\Certificates: 915A478DB939925DA8D9AEA12D8BBA140D26599C (U)
HKLM\...\Disallowed\Certificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (U)
HKLM\...\Disallowed\Certificates: 98A04E4163357790C4A79E6D713FF0AF51FE6927 (U)
HKLM\...\Disallowed\Certificates: A1505D9843C826DD67ED4EA5209804BDBB0DF502 (U)
HKLM\...\Disallowed\Certificates: A221D360309B5C3C4097C44CC779ACC5A9845B66 (U)
HKLM\...\Disallowed\Certificates: A35A8C727E88BCCA40A3F9679CE8CA00C26789FD (U)
HKLM\...\Disallowed\Certificates: A7B5531DDC87129E2C3BB14767953D6745FB14A6 (U)
HKLM\...\Disallowed\Certificates: A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 (U)
HKLM\...\Disallowed\Certificates: B533345D06F64516403C00DA03187D3BFEF59156 (U)
HKLM\...\Disallowed\Certificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (U)
HKLM\...\Disallowed\Certificates: BED412B1334D7DFCEBA3015E5F9F905D571C45CF (U)
HKLM\...\Disallowed\Certificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (U)
HKLM\...\Disallowed\Certificates: C6796490CDEEAAB31AED798752ECD003E6866CB2 (U)
HKLM\...\Disallowed\Certificates: C69F28C825139E65A646C434ACA5A1D200295DB1 (U)
HKLM\...\Disallowed\Certificates: CEA586B2CE593EC7D939898337C57814708AB2BE (U)
HKLM\...\Disallowed\Certificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (U)
HKLM\...\Disallowed\Certificates: D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E (U)
HKLM\...\Disallowed\Certificates: D2DBF71823B2B8E78F5958096150BFCB97CC388A (U)
HKLM\...\Disallowed\Certificates: D43153C8C25F0041287987250F1E3CABAC8C2177 (U)
HKLM\...\Disallowed\Certificates: D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B (U)
HKLM\...\Disallowed\Certificates: DB5042ED256FF426867B332887ECCE2D95E79614 (U)
HKLM\...\Disallowed\Certificates: E1F3591E769865C4E447ACC37EAFC9E2BFE4C576 (U)
HKLM\...\Disallowed\Certificates: E38A2B7663B86796436D8DF5898D9FAA6835B238 (U)
HKLM\...\Disallowed\Certificates: E95DD86F32C771F0341743EBD75EC33C74A3DED9 (U)
HKLM\...\Disallowed\Certificates: E9809E023B4512AA4D4D53F40569C313C1D0294D (U)
HKLM\...\Disallowed\Certificates: F5A874F3987EB0A9961A564B669A9050F770308A (U)
HKLM\...\Disallowed\Certificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (U)
HKLM\...\Disallowed\Certificates: F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB (U)
HKLM\...\Disallowed\Certificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (U)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {084b234d-f5c3-11e6-8772-fc3fdb8400b9} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {11108763-27fb-11e6-8598-fc3fdb8400b9} - G:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {17e1a827-a005-11e6-9ced-a434d9a1e617} - H:\winopen.exe \index.html
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {9e838994-6112-11e6-8c52-a434d9a1e617} - G:\Setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {e9aa8549-4b13-11e6-9c57-a434d9a1e617} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {f1a8eb31-6a06-11e6-9705-a434d9a1e617} - I:\setup.exe
HKLM\...\Providers\yks9i9i9: C:\Program Files (x86)\Sterberph Controls\local64spl.dll [315904 2017-02-11] ()
ShellExecuteHooks: No Name - {49CA6BDA-ECD2-11E6-B70F-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Plpoentthvutain\Chuvet.dll -> No File
ShellExecuteHooks: No Name - {AD722266-ECD2-11E6-BE37-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Ckafoy\Pherluycogch.dll [148992 2017-02-12] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-06-01]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2016-06-01]
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-1292428093-838170752-682003330-178154] => hxxp://proxyconf
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{45324F4F-8AA9-4B43-95D4-3FAA46B6AE44}: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{713DCD72-8B2E-40F3-9B11-8165CE768E78}: [DhcpNameServer] 163.242.85.210 163.242.85.221
Tcpip\..\Interfaces\{AC13ADEB-99DE-4136-859A-4261097663FD}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://proxyconf
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://intranet.entry.siemens.com/osiep/
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {2AB6ACB9-161E-4889-8A3F-A00C87B703CD} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {A0D64377-9E9F-4024-ACC7-F8F38B13A802} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {E421A340-388A-4253-A18A-E517AB25411C} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: PDFXChange 4.0 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2015-10-08] (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
FireFox:
========
FF DefaultProfile: nckuckjx.default
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\nckuckjx.default\Profiles\nckuckjx.default [not found]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default [2017-02-13]
FF NewTab: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2016-06-01]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2016-06-02]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default [2017-03-08]
FF NewTab: Firefox\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF SelectedSearchEngine: Firefox\Firefox\Profiles\nckuckjx.default -> youndoo
FF Extension: (SimilarWeb) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-07] [not signed]
FF Extension: (FF Adr) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-06] [not signed]
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2017-03-06]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2017-03-06]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-03-06] [not signed]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\startsearch.xml [2017-03-06]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey [2017-03-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-20] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-04-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData2
CHR Profile: C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-03-06] <==== ATTENTION
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apps_Cfg; C:\ProgramData\Apple\Apps\config.dll [120320 2017-03-06] () [File not signed]
R2 BarTender System Service; C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe [36432 2013-11-19] (Seagull Scientific, Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 Commander Service; C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe [1272912 2013-11-19] ()
R2 Coqaph; C:\Program Files (x86)\Pejghtkerrodom\drraseckoqolycr.dll [148992 2017-02-11] () [File not signed]
S4 CRS Service; C:\Program Files (x86)\CRService\CRService.exe [110592 2004-10-05] () [File not signed]
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe [135288 2015-08-09] (Conexant Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [674136 2016-01-19] (Pulse Secure, LLC)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [385016 2016-05-30] (FileOpen Systems Inc.)
R2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [782048 2015-11-16] (HP)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [1102560 2015-10-19] (HP)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [150632 2015-10-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [364472 2015-12-05] (Intel Corporation)
R2 Kyubey; C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe [111104 2017-03-08] () [File not signed]
R2 Maestro; C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe [232528 2013-11-19] (Seagull Scientific, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5684544 2016-05-26] (Trend Micro Inc.)
R2 QsRUMAgent; C:\WINDOWS\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [894976 2014-11-13] (Dell Software Inc) [File not signed]
S3 smstsmgr; C:\WINDOWS\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
S4 SQLAgent$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-11-18] (Synaptics Incorporated)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592896 2016-05-26] (Trend Micro Inc.)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe [851056 2016-05-26] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5298688 2016-05-26] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 gemeloki; [X]
S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AmdGpio2; C:\WINDOWS\system32\drivers\AmdGpio2.sys [45296 2015-06-19] (Advanced Micro Devices, INC.)
S3 amdi2c; C:\WINDOWS\system32\drivers\amdi2c.sys [60656 2015-06-19] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
S3 blackberryncm; C:\WINDOWS\System32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R3 btmaux; C:\WINDOWS\System32\DRIVERS\btmaux.sys [141800 2015-07-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [1445688 2014-11-20] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-01] (Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [502256 2015-08-13] (Intel Corporation)
S3 ew_usbenumfilter; C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys [15744 2013-10-28] (MBB Technologies Co., Ltd.)
S3 hidemi; C:\WINDOWS\system32\drivers\hidemi.sys [30544 2015-08-21] (Microchip)
S3 huawei_cdcacm; C:\WINDOWS\system32\drivers\ew_jucdcacm.sys [110592 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_enumerator; C:\WINDOWS\system32\drivers\ew_jubusenum.sys [92672 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\system32\drivers\ew_juextctrl.sys [30720 2014-01-02] (MBB Technologies Co., Ltd.)
S3 hwdatacard; C:\WINDOWS\system32\drivers\ewusbmdm.sys [226176 2014-01-02] (MBB Technologies Co., Ltd.)
R0 iaStorF; C:\WINDOWS\System32\drivers\iaStorF.sys [31712 2015-10-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\System32\DRIVERS\ibtusb.sys [96496 2015-09-10] (Intel Corporation)
S3 mchpemi; C:\WINDOWS\system32\drivers\mchpemi.sys [37728 2015-08-21] (Microchip)
R3 MEIx64; C:\WINDOWS\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-09] (Intel Corporation)
R3 NETwNs64; C:\WINDOWS\System32\DRIVERS\Netwsw02.sys [3422472 2016-01-01] (Intel Corporation)
R3 prepdrvr; C:\WINDOWS\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 qcfilter; C:\WINDOWS\system32\drivers\hpusbfilter.sys [40448 2015-11-19] (HP)
S3 qcusbser; C:\WINDOWS\system32\drivers\hpusbser.sys [238592 2015-11-19] (HP)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (BlackBerry Limited)
R3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [42600 2015-11-18] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [730368 2015-12-14] (Sunplus)
S3 SzCCID; C:\WINDOWS\System32\DRIVERS\SzCCID.sys [51352 2015-06-03] (Generic)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [120640 2016-05-25] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [324408 2015-11-30] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [79168 2016-05-25] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393952 2016-08-22] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66784 2016-08-22] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [102176 2016-04-30] (Trend Micro Inc.)
R3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2578656 2016-08-22] (Trend Micro Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-08 22:35 - 2017-03-08 22:36 - 00037989 _____ C:\Users\zdrahal\Desktop\FRST.txt
2017-03-08 22:13 - 2017-03-08 22:34 - 00000000 ____D C:\Program Files (x86)\reports
2017-03-08 22:13 - 2017-03-08 22:17 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-03-08 22:13 - 2017-03-08 22:13 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-08 22:11 - 2017-03-08 22:11 - 00000004 ____H C:\ProgramData\cm-lock
2017-03-08 22:07 - 2017-03-08 22:09 - 00000000 ____D C:\AdwCleaner
2017-03-08 22:06 - 2017-03-08 22:05 - 04031440 _____ C:\Users\zdrahal\Desktop\adwcleaner_6.044.exe
2017-03-08 22:05 - 2017-03-08 22:05 - 04031440 _____ C:\Users\zdrahal\Downloads\adwcleaner_6.044.exe
2017-03-08 21:46 - 2017-03-08 21:47 - 00000000 ____D C:\FRST
2017-03-08 21:44 - 2017-03-08 21:44 - 00112640 _____ (forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
2017-03-08 21:43 - 2017-03-08 21:44 - 02423808 _____ (Farbar) C:\Users\zdrahal\Desktop\FRST64.exe
2017-03-08 21:21 - 2017-03-08 21:21 - 00000000 ____D C:\Program Files (x86)\58C067C0_cacayima
2017-03-08 08:30 - 2017-03-08 08:30 - 00941183 _____ C:\Users\zdrahal\Desktop\Protokoll_Suche.zip
2017-03-08 08:30 - 2017-03-08 08:30 - 00000000 ____D C:\Users\zdrahal\Desktop\Protokoll_Suche
2017-03-07 23:45 - 2017-03-07 23:45 - 00000000 ____D C:\Program Files (x86)\58BF3816_cacayima
2017-03-07 21:55 - 2017-03-07 21:55 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215 (1).pdf
2017-03-07 21:45 - 2017-03-07 21:45 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-07 10:45 - 2017-03-07 10:45 - 07605801 _____ C:\Users\zdrahal\Desktop\SIEMENS S120 Servo overview2 080414.pdf
2017-03-07 10:36 - 2017-03-07 10:36 - 12977206 _____ C:\Users\zdrahal\Desktop\enman_sinamics-v6-4_2015_en.pdf
2017-03-06 23:41 - 2017-03-06 23:41 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015 (1).rar
2017-03-06 23:14 - 2017-03-06 23:17 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015.rar
2017-03-06 22:10 - 2017-03-08 21:21 - 00002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-08 21:21 - 00002005 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Firefox
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Firefox
2017-03-06 22:08 - 2017-03-08 22:34 - 00031572 _____ C:\Program Files (x86)\metadata
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Coldmay
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\ProgramData\Apple
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Program Files (x86)\Coldmay
2017-03-04 22:12 - 2011-04-06 18:21 - 273165554 _____ C:\Users\zdrahal\Desktop\Garage_5_4_2011.avi
2017-03-04 12:24 - 2017-03-04 12:24 - 14876943 _____ C:\Users\zdrahal\Downloads\IBb_HLAVNI_VYKRES.pdf
2017-03-04 12:24 - 2017-03-04 12:24 - 01044234 _____ C:\Users\zdrahal\Downloads\UZEMNI_PLAN_OOP.pdf
2017-03-03 23:29 - 2017-03-03 23:29 - 00000000 ____D C:\Users\zdrahal\Documents\aMule Downloads
2017-03-03 13:07 - 2017-03-03 14:47 - 00000000 ___SD C:\Users\zdrahal\Documents\SharePoint – koncepty
2017-03-03 10:42 - 2017-03-03 10:36 - 30757680 _____ C:\Users\zdrahal\Downloads\simotics-low-voltage-motors-catalog-d81-1-en-2016.zip
2017-03-03 10:30 - 2017-03-03 10:30 - 13982950 _____ C:\Users\zdrahal\Downloads\sinamics-projektierungshandbuch-lv-de.pdf
2017-03-02 23:12 - 2017-03-02 23:14 - 213929163 _____ C:\Users\zdrahal\Downloads\sw_20170127_631_U_5.16_371_gdb_pn_user.zip
2017-03-02 22:32 - 2017-03-02 22:32 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\U3
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-02 20:19 - 2017-03-02 20:19 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Kyubey
2017-03-02 20:16 - 2017-03-02 20:16 - 00000000 ____D C:\WINDOWS\SysWOW64\{C5C16BF2-3257-4498-A5C2-DFDF85D7E259}
2017-03-01 10:17 - 2017-03-01 10:17 - 00000000 ____D C:\WINDOWS\Quest Resource Updating Agent
2017-03-01 07:13 - 2017-03-01 07:13 - 02610081 _____ C:\Users\zdrahal\Downloads\osm-uderu-hodin (1).mobi
2017-02-27 22:31 - 2017-02-27 22:31 - 25971958 _____ C:\Users\zdrahal\Downloads\Visingr---Zbraně-21.-století.pdf
2017-02-26 21:49 - 2017-02-26 21:50 - 106616851 _____ C:\Users\zdrahal\Downloads\S4A.zip
2017-02-26 21:35 - 2017-02-26 21:36 - 27926619 _____ C:\Users\zdrahal\Downloads\Dějiny národního hospodářství.pdf
2017-02-25 23:39 - 2017-02-25 23:39 - 00614385 _____ C:\Users\zdrahal\Desktop\Bezpecnost_Evropy.pdf
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Apowersoft
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Apowersoft
2017-02-25 22:58 - 2017-02-25 22:58 - 01226104 _____ (Apowersoft Ltd. ) C:\Users\zdrahal\Downloads\apowersoft-online-launcher.exe
2017-02-24 23:31 - 2017-02-24 23:39 - 1134763162 _____ C:\Users\zdrahal\Downloads\Hotel-of-the-Damned-(2016)en.mkv
2017-02-24 14:23 - 2017-02-24 14:23 - 00000000 ____D C:\export
2017-02-23 07:20 - 2017-02-23 07:20 - 00000000 ____D C:\WINDOWS\audit
2017-02-22 22:24 - 2017-02-22 22:28 - 427098090 _____ C:\Users\zdrahal\Downloads\Chéri---Michelle-Pfeiffer,-Rupert-Friend,-Kathy-Bates,-Felicity-Jones-2009-cz-dab.avi
2017-02-22 15:14 - 2017-02-22 15:14 - 00047958 _____ C:\Users\zdrahal\Downloads\Pohyb_13892487911_na_uctu_2000302534.pdf
2017-02-22 09:07 - 2017-02-22 12:57 - 00000000 ____D C:\Users\zdrahal\Desktop\UL_CSA
2017-02-21 12:57 - 2017-02-21 12:57 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215.pdf
2017-02-20 23:37 - 2017-02-20 23:37 - 36092047 _____ C:\Users\zdrahal\Desktop\Werner Leonhard-Control of Electrical Drives-Springer (2001).pdf
2017-02-20 23:10 - 2017-02-20 23:11 - 16219691 _____ C:\Users\zdrahal\Downloads\Czech.zip
2017-02-20 23:03 - 2017-02-20 23:03 - 00321525 _____ C:\Users\zdrahal\Downloads\024269.pdf
2017-02-19 23:03 - 2017-02-19 23:25 - 00000000 ____D C:\Program Files (x86)\Age of Empires II HD
2017-02-19 22:42 - 2017-02-19 22:51 - 966636757 _____ C:\Users\zdrahal\Downloads\Age-of-Empires-2-HD+Čeština+Crack (1).rar
2017-02-19 22:30 - 2017-02-19 22:33 - 391288316 _____ C:\Users\zdrahal\Downloads\Steel-Panthers-World-At-War.rar
2017-02-18 11:48 - 2017-02-18 11:48 - 00033475 _____ C:\Users\zdrahal\Downloads\F_2834911317.pdf
2017-02-18 01:00 - 2017-02-18 01:11 - 1483778946 _____ C:\Users\zdrahal\Downloads\The.Night.Watchman.2016.DVDRip.XviD.AC3-EVO.avi
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Jujubee S_A_
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-02-16 23:05 - 2017-03-01 21:03 - 00000000 ____D C:\Users\zdrahal\Desktop\Ila
2017-02-16 22:22 - 2017-02-16 22:22 - 00135903 _____ C:\Users\zdrahal\Downloads\vybor_zapis_15_01_20115.pdf
2017-02-16 20:16 - 2017-02-16 20:16 - 00212342 _____ C:\Users\zdrahal\Downloads\Seznam vlastníků bytů.pdf
2017-02-16 14:47 - 2017-02-16 14:47 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-16 14:47 - 2017-02-16 14:47 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 13:13 - 2017-02-15 13:13 - 01035943 _____ C:\Users\zdrahal\Desktop\IEC 60034-14_2017_draft.pdf
2017-02-15 08:07 - 2017-03-08 22:12 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-02-15 08:07 - 2017-03-08 22:11 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-02-15 08:07 - 2017-03-08 22:09 - 00001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-15 08:07 - 2017-03-08 22:09 - 00001150 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-15 08:07 - 2017-02-15 08:07 - 00003948 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-15 08:07 - 2017-02-15 08:07 - 00003696 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-12 23:34 - 2017-02-12 23:46 - 705433141 _____ C:\Users\zdrahal\Downloads\Cherry-Tree-CZ-Titulky-Horor,-Irsko,-2015....ID--154291.mkv
2017-02-12 14:31 - 2017-02-12 15:54 - 00000000 ____D C:\Users\zdrahal\Desktop\1MB1 vývody
2017-02-12 13:18 - 2017-03-02 22:21 - 00000000 ____D C:\Users\zdrahal\Desktop\backups
2017-02-12 12:16 - 2017-02-12 12:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Desktop\hijackthis.exe
2017-02-12 11:29 - 2017-02-12 11:29 - 00000000 ____D C:\Users\zdrahal\Downloads\backups
2017-02-12 11:09 - 2017-02-12 11:11 - 00000000 ____D C:\Program Files (x86)\Wsuiedfuloing
2017-02-12 10:53 - 2017-02-12 10:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Downloads\hijackthis.exe
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\rsit
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\Program Files\trend micro
2017-02-12 09:42 - 2017-02-12 11:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Ckafoy
2017-02-12 09:41 - 2017-02-12 09:41 - 00006100 _____ C:\WINDOWS\System32\Tasks\Qerzitainckeriward Launcher
2017-02-12 09:41 - 2017-02-12 09:41 - 00000000 ____D C:\Program Files (x86)\Qerzitainckeriward Launcher
2017-02-12 09:30 - 2017-02-12 09:30 - 00003258 _____ C:\WINDOWS\System32\Tasks\psv_LabOzeis
2017-02-11 22:38 - 2017-02-11 22:38 - 00003256 _____ C:\WINDOWS\System32\Tasks\psv_Lam-Ron
2017-02-11 22:35 - 2017-02-11 22:35 - 00003270 _____ C:\WINDOWS\System32\Tasks\psv_Canzap
2017-02-11 22:34 - 2017-03-08 22:07 - 00000460 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-02-11 22:34 - 2017-02-12 10:38 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-11 22:34 - 2017-02-11 23:11 - 00003438 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-02-11 22:34 - 2017-02-11 22:39 - 00000000 ____D C:\Program Files\żěŃą
2017-02-11 22:30 - 2017-02-11 22:30 - 00000000 ____D C:\Program Files (x86)\Sterberph Controls
2017-02-11 22:29 - 2017-02-11 22:29 - 00006056 _____ C:\WINDOWS\System32\Tasks\Sterberph Controls
2017-02-11 22:28 - 2017-02-12 11:57 - 00000000 ____D C:\Program Files (x86)\Pejghtkerrodom
2017-02-11 22:27 - 2017-03-08 22:36 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-02-11 22:27 - 2017-03-08 22:36 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-02-11 22:27 - 2017-03-08 22:36 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\cryptolib
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-08 22:22 - 2016-09-22 08:12 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-08 22:19 - 2012-08-29 10:23 - 00883936 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-08 22:19 - 2012-08-29 10:23 - 00222930 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-08 22:19 - 2012-08-29 10:13 - 00864066 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-08 22:19 - 2012-08-29 10:13 - 00215712 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-08 22:19 - 2009-07-14 06:13 - 03244726 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 22:19 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-08 22:19 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-08 22:19 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\inf
2017-03-08 22:12 - 2016-11-29 18:16 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Skype
2017-03-08 22:12 - 2016-06-01 09:38 - 00000000 __SHD C:\Users\zdrahal\IntelGraphicsProfiles
2017-03-08 22:11 - 2015-10-08 21:14 - 00000405 _____ C:\WINDOWS\SMSCFG.INI
2017-03-08 22:10 - 2009-07-14 06:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 22:09 - 2016-06-01 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simocalc
2017-03-08 22:09 - 2016-06-01 09:39 - 00000979 _____ C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-08 21:20 - 2016-11-17 00:26 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Mozilla
2017-03-08 15:58 - 2016-05-13 15:06 - 00011091 _____ C:\WINDOWS\cfgall.ini
2017-03-08 15:33 - 2015-10-08 21:12 - 00008400 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-03-08 08:33 - 2016-05-13 15:03 - 00000000 ____D C:\Temp
2017-03-08 07:33 - 2016-06-01 09:39 - 00000000 ____D C:\Users\zdrahal\Tracing
2017-03-08 00:06 - 2016-06-01 21:41 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\uTorrent
2017-03-07 23:42 - 2016-06-01 20:38 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\vlc
2017-03-07 11:54 - 2016-10-17 14:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\ElevatedDiagnostics
2017-03-07 07:50 - 2016-06-01 15:06 - 00000000 ____D C:\Smart
2017-03-06 14:20 - 2016-06-01 09:38 - 00007728 __RSH C:\Users\zdrahal\ntuser.pol
2017-03-06 14:20 - 2016-06-01 09:38 - 00000000 ____D C:\Users\zdrahal
2017-03-06 11:19 - 2016-06-01 20:56 - 00451584 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2017-03-01 12:24 - 2012-08-28 15:14 - 00158296 __RSH C:\ProgramData\ntuser.pol
2017-02-24 09:53 - 2017-01-02 20:55 - 00000000 ____D C:\Users\zdrahal\Desktop\clo
2017-02-23 13:09 - 2016-06-01 11:10 - 00000000 ____D C:\Users\zdrahal\Desktop\VYKAZOVÁNÍ
2017-02-19 23:33 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-15 20:10 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-15 08:07 - 2016-09-05 07:06 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-12 22:34 - 2016-06-01 12:28 - 00000000 ____D C:\2_VECI
2017-02-12 13:18 - 2016-05-16 09:27 - 00000000 ____D C:\Program Files (x86)\CRService
2017-02-12 10:50 - 2016-10-21 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 10:05 - 2016-09-05 19:46 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Google
2017-02-11 22:33 - 2015-10-08 11:15 - 03276772 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
==================== Files in the root of some directories =======
2017-03-06 22:08 - 2017-03-08 22:34 - 0031572 _____ () C:\Program Files (x86)\metadata
2017-03-08 22:13 - 2017-03-08 22:17 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2016-06-01 22:15 - 2016-06-01 22:15 - 0000001 _____ () C:\Users\zdrahal\AppData\Local\llftool.4.40.agreement
2016-06-01 22:18 - 2016-06-01 22:18 - 0000019 _____ () C:\Users\zdrahal\AppData\Local\llftool.license
2017-03-08 22:11 - 2017-03-08 22:11 - 0000004 ____H () C:\ProgramData\cm-lock
Some files in TEMP:
====================
2016-05-24 06:30 - 2015-09-07 13:47 - 0007168 _____ (Siemens AG) C:\Users\rezniceko\AppData\Local\Temp\GetJavaPath.exe
2016-05-24 06:30 - 2016-04-13 08:18 - 0015872 _____ (Siemens AG) C:\Users\rezniceko\AppData\Local\Temp\JreCheck.exe
2016-05-16 14:32 - 2013-11-25 16:43 - 0060296 _____ (Autodesk, Inc.) C:\Users\w9a93e10\AppData\Local\Temp\AcDeltree.exe
2016-05-31 14:41 - 2016-04-13 08:18 - 0015872 _____ (Siemens AG) C:\Users\w9a93e10\AppData\Local\Temp\JreCheck.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
SIZER for Siemens Drives (HKLM-x32\...\{53FDD695-AE45-42A8-994D-EA9B714C4761}) (Version: 3.15 - Siemens AG)
SIZER for Siemens Drives Product Database (x32 Version: 1.1 - Siemens AG) Hidden
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\zdrahal\Desktop" je 1459 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.zip
- (6.9 KiB) Staženo 118 x
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zpomalené načítání stránek
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {084b234d-f5c3-11e6-8772-fc3fdb8400b9} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {11108763-27fb-11e6-8598-fc3fdb8400b9} - G:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {17e1a827-a005-11e6-9ced-a434d9a1e617} - H:\winopen.exe \index.html
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {9e838994-6112-11e6-8c52-a434d9a1e617} - G:\Setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {e9aa8549-4b13-11e6-9c57-a434d9a1e617} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {f1a8eb31-6a06-11e6-9705-a434d9a1e617} - I:\setup.exe
HKLM\...\Providers\yks9i9i9: C:\Program Files (x86)\Sterberph Controls\local64spl.dll [315904 2017-02-11] ()
ShellExecuteHooks: No Name - {49CA6BDA-ECD2-11E6-B70F-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Plpoentthvutain\Chuvet.dll -> No File
C:\Program Files (x86)\Sterberph Controls
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-12]
S4 gemeloki; [X]
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {2AB6ACB9-161E-4889-8A3F-A00C87B703CD} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {A0D64377-9E9F-4024-ACC7-F8F38B13A802} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {E421A340-388A-4253-A18A-E517AB25411C} URL =
FF NewTab: Firefox\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e05 ... 52&type=hp
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\startsearch.xml [2017-03-06]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
CHR Profile: C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-03-06] <==== ATTENTION
C:\Users\rezniceko\AppData\Local\Temp
Task: {3BD58EAC-A04D-431F-BB5C-940DC7022DE1} - System32\Tasks\psv_LabOzeis => cmd.exe /c regedit.exe /s "C:\ProgramData\Zaamla\Medplus.reg" & del "C:\ProgramData\Zaamla\Medplus.reg" & SCHTASKS /Delete /TN "psv_LabOzeis" /F <==== ATTENTION
Task: {717898AC-EFAF-4B05-BBE0-0B9860033E87} - System32\Tasks\psv_Canzap => cmd.exe /c regedit.exe /s "C:\ProgramData\Zaamla\HomeDomhome.reg" & del "C:\ProgramData\Zaamla\HomeDomhome.reg" & SCHTASKS /Delete /TN "psv_Canzap" /F <==== ATTENTION
Task: {7C57552F-F677-413D-94AF-7E5AD6B3CBF8} - \{D1D41CE5-667F-AB4E-4B65-61700B7A60BE} -> No File <==== ATTENTION
Task: {7D1EA7EA-135C-4830-8D4E-1969A3B50326} - \{3D9BED2A-80D7-D1EF-8DFC-7C3D1205AC1C} -> No File <==== ATTENTION
Task: {811AB381-0715-4885-A2D4-C01330B6DD17} - System32\Tasks\psv_Lam-Ron => cmd.exe /c regedit.exe /s "C:\ProgramData\Zaamla\Flexlux.reg" & del "C:\ProgramData\Zaamla\Flexlux.reg" & SCHTASKS /Delete /TN "psv_Lam-Ron" /F <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zpomalené načítání stránek
Dobrý večer,
zasílám aktuální výpis po čištění
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by zdrahal (administrator) on FST6008C (09-03-2017 22:06:30)
Running from C:\Users\zdrahal\Desktop
Loaded Profiles: zdrahal (Available Profiles: zdrahal & FSTM_local)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\CxUtilSvc.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(HP) C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
() C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(Dell Software Inc) C:\Windows\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\fvenotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Conexant) C:\Program Files\CONEXANT\MicTray\MicTray64.exe
(Atos IT Solutions and Services GmbH) C:\Program Files\CardOS API\bin\cardoscp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(SAP AG) C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 16\MmReminderService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MicTray] => C:\Program Files\Conexant\MicTray\MicTray64.exe [11289176 2015-12-24] (Conexant)
HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\HP-NB-AIO\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc.)
HKLM\...\Run: [CardOS API] => C:\Program Files\CardOS API\bin\cardoscp.exe [169472 2012-10-30] (Atos IT Solutions and Services GmbH)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1568760 2016-05-30] (FileOpen Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USM] => C:\Program Files (x86)\Siemens\USM\USM.exe [57344 2007-11-07] (Siemens AG)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2503608 2016-05-26] (Trend Micro Inc.)
HKLM-x32\...\Run: [SBUSGUI] => C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe [717376 2014-01-15] (SAP AG)
HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 16\MMReminderService.exe [116424 2015-10-08] (Mindjet)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Disallowed\Certificates: 02C2D931062D7B1DC2A5C7F5F0685064081FB221 (U)
HKLM\...\Disallowed\Certificates: 08738A96A4853A52ACEF23F782E8E1FEA7BCED02 (U)
HKLM\...\Disallowed\Certificates: 08E4987249BC450748A4A78133CBF041A3510033 (U)
HKLM\...\Disallowed\Certificates: 09271DD621EBD3910C2EA1D059F99B8181405A17 (U)
HKLM\...\Disallowed\Certificates: 09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E (U)
HKLM\...\Disallowed\Certificates: 1916A2AF346D399F50313C393200F14140456616 (U)
HKLM\...\Disallowed\Certificates: 23EF3384E21F70F034C467D4CBA6EB61429F174E (U)
HKLM\...\Disallowed\Certificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (U)
HKLM\...\Disallowed\Certificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (U)
HKLM\...\Disallowed\Certificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (U)
HKLM\...\Disallowed\Certificates: 330D8D3FD325A0E5FDDDA27013A2E75E7130165F (U)
HKLM\...\Disallowed\Certificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (U)
HKLM\...\Disallowed\Certificates: 374D5B925B0BD83494E656EB8087127275DB83CE (U)
HKLM\...\Disallowed\Certificates: 3A26012171855D4020C973BEC3F4F9DA45BD2B83 (U)
HKLM\...\Disallowed\Certificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (U)
HKLM\...\Disallowed\Certificates: 3EB44E5FFE6DC72DED703E99902722DB38FFD1CB (U)
HKLM\...\Disallowed\Certificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (U)
HKLM\...\Disallowed\Certificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (U)
HKLM\...\Disallowed\Certificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (U)
HKLM\...\Disallowed\Certificates: 4822824ECE7ED1450C039AA077DC1F8AE3489BBF (U)
HKLM\...\Disallowed\Certificates: 4D8547B7F864132A7F62D9B75B068521F10B68E3 (U)
HKLM\...\Disallowed\Certificates: 4DF13947493CFF69CDE554881C5F114E97C3D03B (U)
HKLM\...\Disallowed\Certificates: 4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F (U)
HKLM\...\Disallowed\Certificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (U)
HKLM\...\Disallowed\Certificates: 587B59FB52D8A683CBE1CA00E6393D7BB923BC92 (U)
HKLM\...\Disallowed\Certificates: 5CE339465F41A1E423149F65544095404DE6EBE2 (U)
HKLM\...\Disallowed\Certificates: 5D5185DF1EB7DC76015422EC8138A5724BEE2886 (U)
HKLM\...\Disallowed\Certificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (U)
HKLM\...\Disallowed\Certificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (U)
HKLM\...\Disallowed\Certificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (U)
HKLM\...\Disallowed\Certificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (U)
HKLM\...\Disallowed\Certificates: 6431723036FD26DEA502792FA595922493030F97 (U)
HKLM\...\Disallowed\Certificates: 6690C02B922CBD3FF0D0A5994DBD336592887E3F (U)
HKLM\...\Disallowed\Certificates: 7311E77EC400109D6A5326D8F6696204FD59AA3B (U)
HKLM\...\Disallowed\Certificates: 7613BF0BA261006CAC3ED2DDBEF343425357F18B (U)
HKLM\...\Disallowed\Certificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (U)
HKLM\...\Disallowed\Certificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (U)
HKLM\...\Disallowed\Certificates: 838FFD509DE868F481C29819992E38A4F7082873 (U)
HKLM\...\Disallowed\Certificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (U)
HKLM\...\Disallowed\Certificates: 8977E8569D2A633AF01D0394851681CE122683A6 (U)
HKLM\...\Disallowed\Certificates: 8B2E65A5DA17FCCCBCDE7EF87B0C0ED5D0701F9F (U)
HKLM\...\Disallowed\Certificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (U)
HKLM\...\Disallowed\Certificates: 915A478DB939925DA8D9AEA12D8BBA140D26599C (U)
HKLM\...\Disallowed\Certificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (U)
HKLM\...\Disallowed\Certificates: 98A04E4163357790C4A79E6D713FF0AF51FE6927 (U)
HKLM\...\Disallowed\Certificates: A1505D9843C826DD67ED4EA5209804BDBB0DF502 (U)
HKLM\...\Disallowed\Certificates: A221D360309B5C3C4097C44CC779ACC5A9845B66 (U)
HKLM\...\Disallowed\Certificates: A35A8C727E88BCCA40A3F9679CE8CA00C26789FD (U)
HKLM\...\Disallowed\Certificates: A7B5531DDC87129E2C3BB14767953D6745FB14A6 (U)
HKLM\...\Disallowed\Certificates: A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 (U)
HKLM\...\Disallowed\Certificates: B533345D06F64516403C00DA03187D3BFEF59156 (U)
HKLM\...\Disallowed\Certificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (U)
HKLM\...\Disallowed\Certificates: BED412B1334D7DFCEBA3015E5F9F905D571C45CF (U)
HKLM\...\Disallowed\Certificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (U)
HKLM\...\Disallowed\Certificates: C6796490CDEEAAB31AED798752ECD003E6866CB2 (U)
HKLM\...\Disallowed\Certificates: C69F28C825139E65A646C434ACA5A1D200295DB1 (U)
HKLM\...\Disallowed\Certificates: CEA586B2CE593EC7D939898337C57814708AB2BE (U)
HKLM\...\Disallowed\Certificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (U)
HKLM\...\Disallowed\Certificates: D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E (U)
HKLM\...\Disallowed\Certificates: D2DBF71823B2B8E78F5958096150BFCB97CC388A (U)
HKLM\...\Disallowed\Certificates: D43153C8C25F0041287987250F1E3CABAC8C2177 (U)
HKLM\...\Disallowed\Certificates: D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B (U)
HKLM\...\Disallowed\Certificates: DB5042ED256FF426867B332887ECCE2D95E79614 (U)
HKLM\...\Disallowed\Certificates: E1F3591E769865C4E447ACC37EAFC9E2BFE4C576 (U)
HKLM\...\Disallowed\Certificates: E38A2B7663B86796436D8DF5898D9FAA6835B238 (U)
HKLM\...\Disallowed\Certificates: E95DD86F32C771F0341743EBD75EC33C74A3DED9 (U)
HKLM\...\Disallowed\Certificates: E9809E023B4512AA4D4D53F40569C313C1D0294D (U)
HKLM\...\Disallowed\Certificates: F5A874F3987EB0A9961A564B669A9050F770308A (U)
HKLM\...\Disallowed\Certificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (U)
HKLM\...\Disallowed\Certificates: F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB (U)
HKLM\...\Disallowed\Certificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (U)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoSimpleStartMenu] 1
ShellExecuteHooks: No Name - {AD722266-ECD2-11E6-BE37-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Ckafoy\Pherluycogch.dll [148992 2017-02-12] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-06-01]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2016-06-01]
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-1292428093-838170752-682003330-178154] => hxxp://proxyconf
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{45324F4F-8AA9-4B43-95D4-3FAA46B6AE44}: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{713DCD72-8B2E-40F3-9B11-8165CE768E78}: [DhcpNameServer] 163.242.85.210 163.242.85.221
Tcpip\..\Interfaces\{AC13ADEB-99DE-4136-859A-4261097663FD}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://proxyconf
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://intranet.entry.siemens.com/osiep/
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: PDFXChange 4.0 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2015-10-08] (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
FireFox:
========
FF DefaultProfile: nckuckjx.default
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\nckuckjx.default\Profiles\nckuckjx.default [not found]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default [2017-03-09]
FF NewTab: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2016-06-01]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2016-06-02]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default [2017-03-09]
FF SelectedSearchEngine: Firefox\Firefox\Profiles\nckuckjx.default -> youndoo
FF Extension: (SimilarWeb) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-07] [not signed]
FF Extension: (FF Adr) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-06] [not signed]
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2017-03-06]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2017-03-06]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-03-06] [not signed]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-20] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-04-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData2
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Apps_Cfg; C:\ProgramData\Apple\Apps\config.dll [120320 2017-03-06] () [File not signed]
S2 BarTender System Service; C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe [36432 2013-11-19] (Seagull Scientific, Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S2 Commander Service; C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe [1272912 2013-11-19] ()
R2 Coqaph; C:\Program Files (x86)\Pejghtkerrodom\drraseckoqolycr.dll [148992 2017-02-11] () [File not signed]
S4 CRS Service; C:\Program Files (x86)\CRService\CRService.exe [110592 2004-10-05] () [File not signed]
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe [135288 2015-08-09] (Conexant Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [674136 2016-01-19] (Pulse Secure, LLC)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [385016 2016-05-30] (FileOpen Systems Inc.)
R2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [782048 2015-11-16] (HP)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [1102560 2015-10-19] (HP)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [150632 2015-10-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [364472 2015-12-05] (Intel Corporation)
R2 Kyubey; C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe [111104 2017-03-08] () [File not signed]
R2 Maestro; C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe [232528 2013-11-19] (Seagull Scientific, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5684544 2016-05-26] (Trend Micro Inc.)
R2 QsRUMAgent; C:\WINDOWS\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [894976 2014-11-13] (Dell Software Inc) [File not signed]
S3 smstsmgr; C:\WINDOWS\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
S4 SQLAgent$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-11-18] (Synaptics Incorporated)
S3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592896 2016-05-26] (Trend Micro Inc.)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe [851056 2016-05-26] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5298688 2016-05-26] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AmdGpio2; C:\WINDOWS\system32\drivers\AmdGpio2.sys [45296 2015-06-19] (Advanced Micro Devices, INC.)
S3 amdi2c; C:\WINDOWS\system32\drivers\amdi2c.sys [60656 2015-06-19] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
S3 blackberryncm; C:\WINDOWS\System32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R3 btmaux; C:\WINDOWS\System32\DRIVERS\btmaux.sys [141800 2015-07-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [1445688 2014-11-20] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-01] (Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [502256 2015-08-13] (Intel Corporation)
S3 ew_usbenumfilter; C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys [15744 2013-10-28] (MBB Technologies Co., Ltd.)
S3 hidemi; C:\WINDOWS\system32\drivers\hidemi.sys [30544 2015-08-21] (Microchip)
S3 huawei_cdcacm; C:\WINDOWS\system32\drivers\ew_jucdcacm.sys [110592 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_enumerator; C:\WINDOWS\system32\drivers\ew_jubusenum.sys [92672 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\system32\drivers\ew_juextctrl.sys [30720 2014-01-02] (MBB Technologies Co., Ltd.)
S3 hwdatacard; C:\WINDOWS\system32\drivers\ewusbmdm.sys [226176 2014-01-02] (MBB Technologies Co., Ltd.)
R0 iaStorF; C:\WINDOWS\System32\drivers\iaStorF.sys [31712 2015-10-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\System32\DRIVERS\ibtusb.sys [96496 2015-09-10] (Intel Corporation)
S3 mchpemi; C:\WINDOWS\system32\drivers\mchpemi.sys [37728 2015-08-21] (Microchip)
R3 MEIx64; C:\WINDOWS\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-09] (Intel Corporation)
R3 NETwNs64; C:\WINDOWS\System32\DRIVERS\Netwsw02.sys [3422472 2016-01-01] (Intel Corporation)
R3 prepdrvr; C:\WINDOWS\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 qcfilter; C:\WINDOWS\system32\drivers\hpusbfilter.sys [40448 2015-11-19] (HP)
S3 qcusbser; C:\WINDOWS\system32\drivers\hpusbser.sys [238592 2015-11-19] (HP)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (BlackBerry Limited)
R3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [42600 2015-11-18] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [730368 2015-12-14] (Sunplus)
R3 SzCCID; C:\WINDOWS\System32\DRIVERS\SzCCID.sys [51352 2015-06-03] (Generic)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [120640 2016-05-25] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [324408 2015-11-30] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [79168 2016-05-25] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393952 2016-08-22] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66784 2016-08-22] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [102176 2016-04-30] (Trend Micro Inc.)
R3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.)
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ATTENTION
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2578656 2016-08-22] (Trend Micro Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-09 22:07 - 2017-03-09 22:07 - 07680000 _____ C:\Program Files (x86)\GUTC024.tmp
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\GUMC013.tmp
2017-03-09 22:06 - 2017-03-09 22:06 - 00032609 _____ C:\Users\zdrahal\Desktop\FRST.txt
2017-03-09 22:05 - 2017-03-09 22:05 - 00000004 ____H C:\ProgramData\cm-lock
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ___HD C:\WINDOWS\AxInstSV
2017-03-09 21:45 - 2017-03-09 21:45 - 00000000 ____D C:\WINDOWS\SysWOW64\{85330E59-5510-4D4C-A752-ACB5AA752C0C}
2017-03-09 21:23 - 2017-03-09 22:03 - 00013327 _____ C:\Users\zdrahal\Desktop\Fixlog.txt
2017-03-09 12:22 - 2017-03-09 12:22 - 00000000 ____D C:\Users\w9a93e10\AppData\Local\Coldmay
2017-03-09 12:06 - 2017-03-09 12:29 - 00000000 ____D C:\Users\w9a93e10\AppData\Local\Google
2017-03-08 22:13 - 2017-03-09 21:14 - 00000000 ____D C:\Program Files (x86)\reports
2017-03-08 22:13 - 2017-03-09 21:08 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-03-08 22:13 - 2017-03-09 17:51 - 00000273 _____ C:\Users\Public\Documents\temp.dat
2017-03-08 22:07 - 2017-03-08 22:09 - 00000000 ____D C:\AdwCleaner
2017-03-08 22:05 - 2017-03-08 22:05 - 04031440 _____ C:\Users\zdrahal\Downloads\adwcleaner_6.044.exe
2017-03-08 21:46 - 2017-03-09 22:06 - 00000000 ____D C:\FRST
2017-03-08 21:44 - 2017-03-08 21:44 - 00112640 _____ (forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
2017-03-08 21:43 - 2017-03-08 21:44 - 02423808 _____ (Farbar) C:\Users\zdrahal\Desktop\FRST64.exe
2017-03-08 21:21 - 2017-03-08 21:21 - 00000000 ____D C:\Program Files (x86)\58C067C0_cacayima
2017-03-08 08:30 - 2017-03-08 08:30 - 00941183 _____ C:\Users\zdrahal\Desktop\Protokoll_Suche.zip
2017-03-08 08:30 - 2017-03-08 08:30 - 00000000 ____D C:\Users\zdrahal\Desktop\Protokoll_Suche
2017-03-07 23:45 - 2017-03-07 23:45 - 00000000 ____D C:\Program Files (x86)\58BF3816_cacayima
2017-03-07 21:55 - 2017-03-07 21:55 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215 (1).pdf
2017-03-07 21:45 - 2017-03-07 21:45 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-07 10:45 - 2017-03-07 10:45 - 07605801 _____ C:\Users\zdrahal\Desktop\SIEMENS S120 Servo overview2 080414.pdf
2017-03-07 10:36 - 2017-03-07 10:36 - 12977206 _____ C:\Users\zdrahal\Desktop\enman_sinamics-v6-4_2015_en.pdf
2017-03-06 23:14 - 2017-03-06 23:17 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015.rar
2017-03-06 22:10 - 2017-03-08 21:21 - 00002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-08 21:21 - 00002005 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Firefox
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Firefox
2017-03-06 22:08 - 2017-03-09 21:14 - 00044312 _____ C:\Program Files (x86)\metadata
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Coldmay
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\ProgramData\Apple
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Program Files (x86)\Coldmay
2017-03-04 22:12 - 2011-04-06 18:21 - 273165554 _____ C:\Users\zdrahal\Desktop\Garage_5_4_2011.avi
2017-03-04 12:24 - 2017-03-04 12:24 - 14876943 _____ C:\Users\zdrahal\Downloads\IBb_HLAVNI_VYKRES.pdf
2017-03-04 12:24 - 2017-03-04 12:24 - 01044234 _____ C:\Users\zdrahal\Downloads\UZEMNI_PLAN_OOP.pdf
2017-03-03 23:29 - 2017-03-03 23:29 - 00000000 ____D C:\Users\zdrahal\Documents\aMule Downloads
2017-03-03 13:07 - 2017-03-03 14:47 - 00000000 ___SD C:\Users\zdrahal\Documents\SharePoint – koncepty
2017-03-03 10:42 - 2017-03-03 10:36 - 30757680 _____ C:\Users\zdrahal\Downloads\simotics-low-voltage-motors-catalog-d81-1-en-2016.zip
2017-03-03 10:30 - 2017-03-03 10:30 - 13982950 _____ C:\Users\zdrahal\Downloads\sinamics-projektierungshandbuch-lv-de.pdf
2017-03-02 23:12 - 2017-03-02 23:14 - 213929163 _____ C:\Users\zdrahal\Downloads\sw_20170127_631_U_5.16_371_gdb_pn_user.zip
2017-03-02 22:32 - 2017-03-02 22:32 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\U3
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-02 20:19 - 2017-03-02 20:19 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Kyubey
2017-03-02 20:16 - 2017-03-02 20:16 - 00000000 ____D C:\WINDOWS\SysWOW64\{C5C16BF2-3257-4498-A5C2-DFDF85D7E259}
2017-03-01 10:17 - 2017-03-01 10:17 - 00000000 ____D C:\WINDOWS\Quest Resource Updating Agent
2017-03-01 07:13 - 2017-03-01 07:13 - 02610081 _____ C:\Users\zdrahal\Downloads\osm-uderu-hodin (1).mobi
2017-02-27 22:31 - 2017-02-27 22:31 - 25971958 _____ C:\Users\zdrahal\Downloads\Visingr---Zbraně-21.-století.pdf
2017-02-26 21:49 - 2017-02-26 21:50 - 106616851 _____ C:\Users\zdrahal\Downloads\S4A.zip
2017-02-26 21:35 - 2017-02-26 21:36 - 27926619 _____ C:\Users\zdrahal\Downloads\Dějiny národního hospodářství.pdf
2017-02-25 23:39 - 2017-02-25 23:39 - 00614385 _____ C:\Users\zdrahal\Desktop\Bezpecnost_Evropy.pdf
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Apowersoft
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Apowersoft
2017-02-25 22:58 - 2017-02-25 22:58 - 01226104 _____ (Apowersoft Ltd. ) C:\Users\zdrahal\Downloads\apowersoft-online-launcher.exe
2017-02-24 23:31 - 2017-02-24 23:39 - 1134763162 _____ C:\Users\zdrahal\Downloads\Hotel-of-the-Damned-(2016)en.mkv
2017-02-24 14:23 - 2017-02-24 14:23 - 00000000 ____D C:\export
2017-02-23 07:20 - 2017-02-23 07:20 - 00000000 ____D C:\WINDOWS\audit
2017-02-22 22:24 - 2017-02-22 22:28 - 427098090 _____ C:\Users\zdrahal\Downloads\Chéri---Michelle-Pfeiffer,-Rupert-Friend,-Kathy-Bates,-Felicity-Jones-2009-cz-dab.avi
2017-02-22 15:14 - 2017-02-22 15:14 - 00047958 _____ C:\Users\zdrahal\Downloads\Pohyb_13892487911_na_uctu_2000302534.pdf
2017-02-22 09:07 - 2017-02-22 12:57 - 00000000 ____D C:\Users\zdrahal\Desktop\UL_CSA
2017-02-21 12:57 - 2017-02-21 12:57 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215.pdf
2017-02-20 23:37 - 2017-02-20 23:37 - 36092047 _____ C:\Users\zdrahal\Desktop\Werner Leonhard-Control of Electrical Drives-Springer (2001).pdf
2017-02-20 23:10 - 2017-02-20 23:11 - 16219691 _____ C:\Users\zdrahal\Downloads\Czech.zip
2017-02-20 23:03 - 2017-02-20 23:03 - 00321525 _____ C:\Users\zdrahal\Downloads\024269.pdf
2017-02-19 23:03 - 2017-02-19 23:25 - 00000000 ____D C:\Program Files (x86)\Age of Empires II HD
2017-02-19 22:30 - 2017-02-19 22:33 - 391288316 _____ C:\Users\zdrahal\Downloads\Steel-Panthers-World-At-War.rar
2017-02-18 11:48 - 2017-02-18 11:48 - 00033475 _____ C:\Users\zdrahal\Downloads\F_2834911317.pdf
2017-02-18 01:00 - 2017-02-18 01:11 - 1483778946 _____ C:\Users\zdrahal\Downloads\The.Night.Watchman.2016.DVDRip.XviD.AC3-EVO.avi
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Jujubee S_A_
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-02-16 23:05 - 2017-03-01 21:03 - 00000000 ____D C:\Users\zdrahal\Desktop\Ila
2017-02-16 22:22 - 2017-02-16 22:22 - 00135903 _____ C:\Users\zdrahal\Downloads\vybor_zapis_15_01_20115.pdf
2017-02-16 20:16 - 2017-02-16 20:16 - 00212342 _____ C:\Users\zdrahal\Downloads\Seznam vlastníků bytů.pdf
2017-02-16 14:47 - 2017-02-16 14:47 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-16 14:47 - 2017-02-16 14:47 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 13:13 - 2017-02-15 13:13 - 01035943 _____ C:\Users\zdrahal\Desktop\IEC 60034-14_2017_draft.pdf
2017-02-15 08:07 - 2017-03-08 22:09 - 00001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-15 08:07 - 2017-03-08 22:09 - 00001150 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-15 08:07 - 2017-02-15 08:07 - 00003948 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-15 08:07 - 2017-02-15 08:07 - 00003696 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-12 23:34 - 2017-02-12 23:46 - 705433141 _____ C:\Users\zdrahal\Downloads\Cherry-Tree-CZ-Titulky-Horor,-Irsko,-2015....ID--154291.mkv
2017-02-12 14:31 - 2017-02-12 15:54 - 00000000 ____D C:\Users\zdrahal\Desktop\1MB1 vývody
2017-02-12 13:18 - 2017-03-02 22:21 - 00000000 ____D C:\Users\zdrahal\Desktop\backups
2017-02-12 11:29 - 2017-02-12 11:29 - 00000000 ____D C:\Users\zdrahal\Downloads\backups
2017-02-12 11:09 - 2017-02-12 11:11 - 00000000 ____D C:\Program Files (x86)\Wsuiedfuloing
2017-02-12 10:53 - 2017-02-12 10:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Downloads\hijackthis.exe
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\rsit
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\Program Files\trend micro
2017-02-12 09:42 - 2017-02-12 11:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Ckafoy
2017-02-12 09:41 - 2017-02-12 09:41 - 00006100 _____ C:\WINDOWS\System32\Tasks\Qerzitainckeriward Launcher
2017-02-12 09:41 - 2017-02-12 09:41 - 00000000 ____D C:\Program Files (x86)\Qerzitainckeriward Launcher
2017-02-11 22:34 - 2017-02-12 10:38 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-11 22:34 - 2017-02-11 23:11 - 00003438 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-02-11 22:34 - 2017-02-11 22:39 - 00000000 ____D C:\Program Files\żěŃą
2017-02-11 22:29 - 2017-02-11 22:29 - 00006056 _____ C:\WINDOWS\System32\Tasks\Sterberph Controls
2017-02-11 22:28 - 2017-02-12 11:57 - 00000000 ____D C:\Program Files (x86)\Pejghtkerrodom
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\cryptolib
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-09 22:06 - 2016-11-29 18:16 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Skype
2017-03-09 22:06 - 2015-10-08 21:14 - 00000405 _____ C:\WINDOWS\SMSCFG.INI
2017-03-09 22:05 - 2016-06-01 09:38 - 00000000 __SHD C:\Users\zdrahal\IntelGraphicsProfiles
2017-03-09 22:05 - 2009-07-14 06:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-09 21:23 - 2016-06-01 11:10 - 00000000 ____D C:\Users\zdrahal\Desktop\H
2017-03-09 21:23 - 2009-07-14 04:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-09 21:23 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-03-09 21:22 - 2016-09-22 08:12 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-09 17:10 - 2016-05-13 15:06 - 00011091 _____ C:\WINDOWS\cfgall.ini
2017-03-09 17:02 - 2015-10-08 21:12 - 00008400 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-03-09 13:53 - 2012-08-29 10:23 - 00883936 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-09 13:53 - 2012-08-29 10:23 - 00222930 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-09 13:53 - 2012-08-29 10:13 - 00864066 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-09 13:53 - 2012-08-29 10:13 - 00215712 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-09 13:53 - 2009-07-14 06:13 - 03244726 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-09 13:53 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-09 13:53 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-09 13:53 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\inf
2017-03-09 13:46 - 2016-06-01 09:38 - 00007728 __RSH C:\Users\zdrahal\ntuser.pol
2017-03-09 13:46 - 2016-06-01 09:38 - 00000000 ____D C:\Users\zdrahal
2017-03-09 12:54 - 2016-06-01 09:39 - 00000000 ____D C:\Users\zdrahal\Tracing
2017-03-09 12:48 - 2009-07-14 06:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-03-09 12:43 - 2016-05-16 07:55 - 00000000 __SHD C:\Users\w9a93e10\IntelGraphicsProfiles
2017-03-09 12:43 - 2016-05-16 07:55 - 00000000 ____D C:\Users\w9a93e10\Tracing
2017-03-09 12:12 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-03-09 12:11 - 2016-05-14 00:28 - 00000000 ____D C:\Intel
2017-03-09 12:06 - 2016-05-16 07:55 - 00147776 _____ C:\Users\w9a93e10\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-09 12:06 - 2016-05-16 07:55 - 00007728 __RSH C:\Users\w9a93e10\ntuser.pol
2017-03-09 12:06 - 2016-05-16 07:55 - 00000000 ____D C:\Users\w9a93e10
2017-03-08 23:44 - 2016-06-01 21:41 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\uTorrent
2017-03-08 23:44 - 2016-06-01 20:38 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\vlc
2017-03-08 22:09 - 2016-06-01 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simocalc
2017-03-08 22:09 - 2016-06-01 09:39 - 00000979 _____ C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-08 21:20 - 2016-11-17 00:26 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Mozilla
2017-03-08 08:33 - 2016-05-13 15:03 - 00000000 ____D C:\Temp
2017-03-07 11:54 - 2016-10-17 14:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\ElevatedDiagnostics
2017-03-07 07:50 - 2016-06-01 15:06 - 00000000 ____D C:\Smart
2017-03-06 11:19 - 2016-06-01 20:56 - 00451584 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2017-03-01 12:24 - 2012-08-28 15:14 - 00158296 __RSH C:\ProgramData\ntuser.pol
2017-02-24 09:53 - 2017-01-02 20:55 - 00000000 ____D C:\Users\zdrahal\Desktop\clo
2017-02-23 13:09 - 2016-06-01 11:10 - 00000000 ____D C:\Users\zdrahal\Desktop\VYKAZOVÁNÍ
2017-02-19 23:33 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-15 20:10 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-15 08:07 - 2016-09-05 07:06 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-12 22:34 - 2016-06-01 12:28 - 00000000 ____D C:\2_VECI
2017-02-12 13:18 - 2016-05-16 09:27 - 00000000 ____D C:\Program Files (x86)\CRService
2017-02-12 10:50 - 2016-10-21 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 10:05 - 2016-09-05 19:46 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Google
2017-02-11 22:33 - 2015-10-08 11:15 - 03276772 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
==================== Files in the root of some directories =======
2017-03-09 22:07 - 2017-03-09 22:07 - 7680000 _____ () C:\Program Files (x86)\GUTC024.tmp
2017-03-06 22:08 - 2017-03-09 21:14 - 0044312 _____ () C:\Program Files (x86)\metadata
2017-03-08 22:13 - 2017-03-09 21:08 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2016-06-01 22:15 - 2016-06-01 22:15 - 0000001 _____ () C:\Users\zdrahal\AppData\Local\llftool.4.40.agreement
2016-06-01 22:18 - 2016-06-01 22:18 - 0000019 _____ () C:\Users\zdrahal\AppData\Local\llftool.license
2017-03-09 22:05 - 2017-03-09 22:05 - 0000004 ____H () C:\ProgramData\cm-lock
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
SIZER for Siemens Drives (HKLM-x32\...\{53FDD695-AE45-42A8-994D-EA9B714C4761}) (Version: 3.15 - Siemens AG)
SIZER for Siemens Drives Product Database (x32 Version: 1.1 - Siemens AG) Hidden
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\zdrahal\Desktop" je 1459 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
zasílám aktuální výpis po čištění
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by zdrahal (administrator) on FST6008C (09-03-2017 22:06:30)
Running from C:\Users\zdrahal\Desktop
Loaded Profiles: zdrahal (Available Profiles: zdrahal & FSTM_local)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\CxUtilSvc.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(HP) C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
() C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(Dell Software Inc) C:\Windows\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\fvenotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Conexant) C:\Program Files\CONEXANT\MicTray\MicTray64.exe
(Atos IT Solutions and Services GmbH) C:\Program Files\CardOS API\bin\cardoscp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(SAP AG) C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 16\MmReminderService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MicTray] => C:\Program Files\Conexant\MicTray\MicTray64.exe [11289176 2015-12-24] (Conexant)
HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\HP-NB-AIO\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc.)
HKLM\...\Run: [CardOS API] => C:\Program Files\CardOS API\bin\cardoscp.exe [169472 2012-10-30] (Atos IT Solutions and Services GmbH)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1568760 2016-05-30] (FileOpen Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USM] => C:\Program Files (x86)\Siemens\USM\USM.exe [57344 2007-11-07] (Siemens AG)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2503608 2016-05-26] (Trend Micro Inc.)
HKLM-x32\...\Run: [SBUSGUI] => C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe [717376 2014-01-15] (SAP AG)
HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 16\MMReminderService.exe [116424 2015-10-08] (Mindjet)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Disallowed\Certificates: 02C2D931062D7B1DC2A5C7F5F0685064081FB221 (U)
HKLM\...\Disallowed\Certificates: 08738A96A4853A52ACEF23F782E8E1FEA7BCED02 (U)
HKLM\...\Disallowed\Certificates: 08E4987249BC450748A4A78133CBF041A3510033 (U)
HKLM\...\Disallowed\Certificates: 09271DD621EBD3910C2EA1D059F99B8181405A17 (U)
HKLM\...\Disallowed\Certificates: 09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E (U)
HKLM\...\Disallowed\Certificates: 1916A2AF346D399F50313C393200F14140456616 (U)
HKLM\...\Disallowed\Certificates: 23EF3384E21F70F034C467D4CBA6EB61429F174E (U)
HKLM\...\Disallowed\Certificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (U)
HKLM\...\Disallowed\Certificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (U)
HKLM\...\Disallowed\Certificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (U)
HKLM\...\Disallowed\Certificates: 330D8D3FD325A0E5FDDDA27013A2E75E7130165F (U)
HKLM\...\Disallowed\Certificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (U)
HKLM\...\Disallowed\Certificates: 374D5B925B0BD83494E656EB8087127275DB83CE (U)
HKLM\...\Disallowed\Certificates: 3A26012171855D4020C973BEC3F4F9DA45BD2B83 (U)
HKLM\...\Disallowed\Certificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (U)
HKLM\...\Disallowed\Certificates: 3EB44E5FFE6DC72DED703E99902722DB38FFD1CB (U)
HKLM\...\Disallowed\Certificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (U)
HKLM\...\Disallowed\Certificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (U)
HKLM\...\Disallowed\Certificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (U)
HKLM\...\Disallowed\Certificates: 4822824ECE7ED1450C039AA077DC1F8AE3489BBF (U)
HKLM\...\Disallowed\Certificates: 4D8547B7F864132A7F62D9B75B068521F10B68E3 (U)
HKLM\...\Disallowed\Certificates: 4DF13947493CFF69CDE554881C5F114E97C3D03B (U)
HKLM\...\Disallowed\Certificates: 4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F (U)
HKLM\...\Disallowed\Certificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (U)
HKLM\...\Disallowed\Certificates: 587B59FB52D8A683CBE1CA00E6393D7BB923BC92 (U)
HKLM\...\Disallowed\Certificates: 5CE339465F41A1E423149F65544095404DE6EBE2 (U)
HKLM\...\Disallowed\Certificates: 5D5185DF1EB7DC76015422EC8138A5724BEE2886 (U)
HKLM\...\Disallowed\Certificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (U)
HKLM\...\Disallowed\Certificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (U)
HKLM\...\Disallowed\Certificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (U)
HKLM\...\Disallowed\Certificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (U)
HKLM\...\Disallowed\Certificates: 6431723036FD26DEA502792FA595922493030F97 (U)
HKLM\...\Disallowed\Certificates: 6690C02B922CBD3FF0D0A5994DBD336592887E3F (U)
HKLM\...\Disallowed\Certificates: 7311E77EC400109D6A5326D8F6696204FD59AA3B (U)
HKLM\...\Disallowed\Certificates: 7613BF0BA261006CAC3ED2DDBEF343425357F18B (U)
HKLM\...\Disallowed\Certificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (U)
HKLM\...\Disallowed\Certificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (U)
HKLM\...\Disallowed\Certificates: 838FFD509DE868F481C29819992E38A4F7082873 (U)
HKLM\...\Disallowed\Certificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (U)
HKLM\...\Disallowed\Certificates: 8977E8569D2A633AF01D0394851681CE122683A6 (U)
HKLM\...\Disallowed\Certificates: 8B2E65A5DA17FCCCBCDE7EF87B0C0ED5D0701F9F (U)
HKLM\...\Disallowed\Certificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (U)
HKLM\...\Disallowed\Certificates: 915A478DB939925DA8D9AEA12D8BBA140D26599C (U)
HKLM\...\Disallowed\Certificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (U)
HKLM\...\Disallowed\Certificates: 98A04E4163357790C4A79E6D713FF0AF51FE6927 (U)
HKLM\...\Disallowed\Certificates: A1505D9843C826DD67ED4EA5209804BDBB0DF502 (U)
HKLM\...\Disallowed\Certificates: A221D360309B5C3C4097C44CC779ACC5A9845B66 (U)
HKLM\...\Disallowed\Certificates: A35A8C727E88BCCA40A3F9679CE8CA00C26789FD (U)
HKLM\...\Disallowed\Certificates: A7B5531DDC87129E2C3BB14767953D6745FB14A6 (U)
HKLM\...\Disallowed\Certificates: A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 (U)
HKLM\...\Disallowed\Certificates: B533345D06F64516403C00DA03187D3BFEF59156 (U)
HKLM\...\Disallowed\Certificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (U)
HKLM\...\Disallowed\Certificates: BED412B1334D7DFCEBA3015E5F9F905D571C45CF (U)
HKLM\...\Disallowed\Certificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (U)
HKLM\...\Disallowed\Certificates: C6796490CDEEAAB31AED798752ECD003E6866CB2 (U)
HKLM\...\Disallowed\Certificates: C69F28C825139E65A646C434ACA5A1D200295DB1 (U)
HKLM\...\Disallowed\Certificates: CEA586B2CE593EC7D939898337C57814708AB2BE (U)
HKLM\...\Disallowed\Certificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (U)
HKLM\...\Disallowed\Certificates: D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E (U)
HKLM\...\Disallowed\Certificates: D2DBF71823B2B8E78F5958096150BFCB97CC388A (U)
HKLM\...\Disallowed\Certificates: D43153C8C25F0041287987250F1E3CABAC8C2177 (U)
HKLM\...\Disallowed\Certificates: D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B (U)
HKLM\...\Disallowed\Certificates: DB5042ED256FF426867B332887ECCE2D95E79614 (U)
HKLM\...\Disallowed\Certificates: E1F3591E769865C4E447ACC37EAFC9E2BFE4C576 (U)
HKLM\...\Disallowed\Certificates: E38A2B7663B86796436D8DF5898D9FAA6835B238 (U)
HKLM\...\Disallowed\Certificates: E95DD86F32C771F0341743EBD75EC33C74A3DED9 (U)
HKLM\...\Disallowed\Certificates: E9809E023B4512AA4D4D53F40569C313C1D0294D (U)
HKLM\...\Disallowed\Certificates: F5A874F3987EB0A9961A564B669A9050F770308A (U)
HKLM\...\Disallowed\Certificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (U)
HKLM\...\Disallowed\Certificates: F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB (U)
HKLM\...\Disallowed\Certificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (U)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoSimpleStartMenu] 1
ShellExecuteHooks: No Name - {AD722266-ECD2-11E6-BE37-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Ckafoy\Pherluycogch.dll [148992 2017-02-12] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-06-01]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2016-06-01]
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-1292428093-838170752-682003330-178154] => hxxp://proxyconf
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{45324F4F-8AA9-4B43-95D4-3FAA46B6AE44}: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{713DCD72-8B2E-40F3-9B11-8165CE768E78}: [DhcpNameServer] 163.242.85.210 163.242.85.221
Tcpip\..\Interfaces\{AC13ADEB-99DE-4136-859A-4261097663FD}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://proxyconf
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://intranet.entry.siemens.com/osiep/
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: PDFXChange 4.0 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2015-10-08] (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
FireFox:
========
FF DefaultProfile: nckuckjx.default
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\nckuckjx.default\Profiles\nckuckjx.default [not found]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default [2017-03-09]
FF NewTab: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2016-06-01]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2016-06-02]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default [2017-03-09]
FF SelectedSearchEngine: Firefox\Firefox\Profiles\nckuckjx.default -> youndoo
FF Extension: (SimilarWeb) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-07] [not signed]
FF Extension: (FF Adr) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-06] [not signed]
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2017-03-06]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2017-03-06]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-03-06] [not signed]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-20] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-04-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData2
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Apps_Cfg; C:\ProgramData\Apple\Apps\config.dll [120320 2017-03-06] () [File not signed]
S2 BarTender System Service; C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe [36432 2013-11-19] (Seagull Scientific, Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S2 Commander Service; C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe [1272912 2013-11-19] ()
R2 Coqaph; C:\Program Files (x86)\Pejghtkerrodom\drraseckoqolycr.dll [148992 2017-02-11] () [File not signed]
S4 CRS Service; C:\Program Files (x86)\CRService\CRService.exe [110592 2004-10-05] () [File not signed]
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe [135288 2015-08-09] (Conexant Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [674136 2016-01-19] (Pulse Secure, LLC)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [385016 2016-05-30] (FileOpen Systems Inc.)
R2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [782048 2015-11-16] (HP)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [1102560 2015-10-19] (HP)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [150632 2015-10-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [364472 2015-12-05] (Intel Corporation)
R2 Kyubey; C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe [111104 2017-03-08] () [File not signed]
R2 Maestro; C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe [232528 2013-11-19] (Seagull Scientific, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5684544 2016-05-26] (Trend Micro Inc.)
R2 QsRUMAgent; C:\WINDOWS\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [894976 2014-11-13] (Dell Software Inc) [File not signed]
S3 smstsmgr; C:\WINDOWS\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
S4 SQLAgent$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-11-18] (Synaptics Incorporated)
S3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592896 2016-05-26] (Trend Micro Inc.)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe [851056 2016-05-26] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5298688 2016-05-26] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AmdGpio2; C:\WINDOWS\system32\drivers\AmdGpio2.sys [45296 2015-06-19] (Advanced Micro Devices, INC.)
S3 amdi2c; C:\WINDOWS\system32\drivers\amdi2c.sys [60656 2015-06-19] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
S3 blackberryncm; C:\WINDOWS\System32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R3 btmaux; C:\WINDOWS\System32\DRIVERS\btmaux.sys [141800 2015-07-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [1445688 2014-11-20] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-01] (Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [502256 2015-08-13] (Intel Corporation)
S3 ew_usbenumfilter; C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys [15744 2013-10-28] (MBB Technologies Co., Ltd.)
S3 hidemi; C:\WINDOWS\system32\drivers\hidemi.sys [30544 2015-08-21] (Microchip)
S3 huawei_cdcacm; C:\WINDOWS\system32\drivers\ew_jucdcacm.sys [110592 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_enumerator; C:\WINDOWS\system32\drivers\ew_jubusenum.sys [92672 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\system32\drivers\ew_juextctrl.sys [30720 2014-01-02] (MBB Technologies Co., Ltd.)
S3 hwdatacard; C:\WINDOWS\system32\drivers\ewusbmdm.sys [226176 2014-01-02] (MBB Technologies Co., Ltd.)
R0 iaStorF; C:\WINDOWS\System32\drivers\iaStorF.sys [31712 2015-10-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\System32\DRIVERS\ibtusb.sys [96496 2015-09-10] (Intel Corporation)
S3 mchpemi; C:\WINDOWS\system32\drivers\mchpemi.sys [37728 2015-08-21] (Microchip)
R3 MEIx64; C:\WINDOWS\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-09] (Intel Corporation)
R3 NETwNs64; C:\WINDOWS\System32\DRIVERS\Netwsw02.sys [3422472 2016-01-01] (Intel Corporation)
R3 prepdrvr; C:\WINDOWS\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 qcfilter; C:\WINDOWS\system32\drivers\hpusbfilter.sys [40448 2015-11-19] (HP)
S3 qcusbser; C:\WINDOWS\system32\drivers\hpusbser.sys [238592 2015-11-19] (HP)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (BlackBerry Limited)
R3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [42600 2015-11-18] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [730368 2015-12-14] (Sunplus)
R3 SzCCID; C:\WINDOWS\System32\DRIVERS\SzCCID.sys [51352 2015-06-03] (Generic)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [120640 2016-05-25] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [324408 2015-11-30] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [79168 2016-05-25] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393952 2016-08-22] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66784 2016-08-22] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [102176 2016-04-30] (Trend Micro Inc.)
R3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.)
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ATTENTION
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2578656 2016-08-22] (Trend Micro Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-09 22:07 - 2017-03-09 22:07 - 07680000 _____ C:\Program Files (x86)\GUTC024.tmp
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\GUMC013.tmp
2017-03-09 22:06 - 2017-03-09 22:06 - 00032609 _____ C:\Users\zdrahal\Desktop\FRST.txt
2017-03-09 22:05 - 2017-03-09 22:05 - 00000004 ____H C:\ProgramData\cm-lock
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ___HD C:\WINDOWS\AxInstSV
2017-03-09 21:45 - 2017-03-09 21:45 - 00000000 ____D C:\WINDOWS\SysWOW64\{85330E59-5510-4D4C-A752-ACB5AA752C0C}
2017-03-09 21:23 - 2017-03-09 22:03 - 00013327 _____ C:\Users\zdrahal\Desktop\Fixlog.txt
2017-03-09 12:22 - 2017-03-09 12:22 - 00000000 ____D C:\Users\w9a93e10\AppData\Local\Coldmay
2017-03-09 12:06 - 2017-03-09 12:29 - 00000000 ____D C:\Users\w9a93e10\AppData\Local\Google
2017-03-08 22:13 - 2017-03-09 21:14 - 00000000 ____D C:\Program Files (x86)\reports
2017-03-08 22:13 - 2017-03-09 21:08 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-03-08 22:13 - 2017-03-09 17:51 - 00000273 _____ C:\Users\Public\Documents\temp.dat
2017-03-08 22:07 - 2017-03-08 22:09 - 00000000 ____D C:\AdwCleaner
2017-03-08 22:05 - 2017-03-08 22:05 - 04031440 _____ C:\Users\zdrahal\Downloads\adwcleaner_6.044.exe
2017-03-08 21:46 - 2017-03-09 22:06 - 00000000 ____D C:\FRST
2017-03-08 21:44 - 2017-03-08 21:44 - 00112640 _____ (forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
2017-03-08 21:43 - 2017-03-08 21:44 - 02423808 _____ (Farbar) C:\Users\zdrahal\Desktop\FRST64.exe
2017-03-08 21:21 - 2017-03-08 21:21 - 00000000 ____D C:\Program Files (x86)\58C067C0_cacayima
2017-03-08 08:30 - 2017-03-08 08:30 - 00941183 _____ C:\Users\zdrahal\Desktop\Protokoll_Suche.zip
2017-03-08 08:30 - 2017-03-08 08:30 - 00000000 ____D C:\Users\zdrahal\Desktop\Protokoll_Suche
2017-03-07 23:45 - 2017-03-07 23:45 - 00000000 ____D C:\Program Files (x86)\58BF3816_cacayima
2017-03-07 21:55 - 2017-03-07 21:55 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215 (1).pdf
2017-03-07 21:45 - 2017-03-07 21:45 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-07 10:45 - 2017-03-07 10:45 - 07605801 _____ C:\Users\zdrahal\Desktop\SIEMENS S120 Servo overview2 080414.pdf
2017-03-07 10:36 - 2017-03-07 10:36 - 12977206 _____ C:\Users\zdrahal\Desktop\enman_sinamics-v6-4_2015_en.pdf
2017-03-06 23:14 - 2017-03-06 23:17 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015.rar
2017-03-06 22:10 - 2017-03-08 21:21 - 00002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-08 21:21 - 00002005 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Firefox
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Firefox
2017-03-06 22:08 - 2017-03-09 21:14 - 00044312 _____ C:\Program Files (x86)\metadata
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Coldmay
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\ProgramData\Apple
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Program Files (x86)\Coldmay
2017-03-04 22:12 - 2011-04-06 18:21 - 273165554 _____ C:\Users\zdrahal\Desktop\Garage_5_4_2011.avi
2017-03-04 12:24 - 2017-03-04 12:24 - 14876943 _____ C:\Users\zdrahal\Downloads\IBb_HLAVNI_VYKRES.pdf
2017-03-04 12:24 - 2017-03-04 12:24 - 01044234 _____ C:\Users\zdrahal\Downloads\UZEMNI_PLAN_OOP.pdf
2017-03-03 23:29 - 2017-03-03 23:29 - 00000000 ____D C:\Users\zdrahal\Documents\aMule Downloads
2017-03-03 13:07 - 2017-03-03 14:47 - 00000000 ___SD C:\Users\zdrahal\Documents\SharePoint – koncepty
2017-03-03 10:42 - 2017-03-03 10:36 - 30757680 _____ C:\Users\zdrahal\Downloads\simotics-low-voltage-motors-catalog-d81-1-en-2016.zip
2017-03-03 10:30 - 2017-03-03 10:30 - 13982950 _____ C:\Users\zdrahal\Downloads\sinamics-projektierungshandbuch-lv-de.pdf
2017-03-02 23:12 - 2017-03-02 23:14 - 213929163 _____ C:\Users\zdrahal\Downloads\sw_20170127_631_U_5.16_371_gdb_pn_user.zip
2017-03-02 22:32 - 2017-03-02 22:32 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\U3
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-02 20:19 - 2017-03-02 20:19 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Kyubey
2017-03-02 20:16 - 2017-03-02 20:16 - 00000000 ____D C:\WINDOWS\SysWOW64\{C5C16BF2-3257-4498-A5C2-DFDF85D7E259}
2017-03-01 10:17 - 2017-03-01 10:17 - 00000000 ____D C:\WINDOWS\Quest Resource Updating Agent
2017-03-01 07:13 - 2017-03-01 07:13 - 02610081 _____ C:\Users\zdrahal\Downloads\osm-uderu-hodin (1).mobi
2017-02-27 22:31 - 2017-02-27 22:31 - 25971958 _____ C:\Users\zdrahal\Downloads\Visingr---Zbraně-21.-století.pdf
2017-02-26 21:49 - 2017-02-26 21:50 - 106616851 _____ C:\Users\zdrahal\Downloads\S4A.zip
2017-02-26 21:35 - 2017-02-26 21:36 - 27926619 _____ C:\Users\zdrahal\Downloads\Dějiny národního hospodářství.pdf
2017-02-25 23:39 - 2017-02-25 23:39 - 00614385 _____ C:\Users\zdrahal\Desktop\Bezpecnost_Evropy.pdf
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Apowersoft
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Apowersoft
2017-02-25 22:58 - 2017-02-25 22:58 - 01226104 _____ (Apowersoft Ltd. ) C:\Users\zdrahal\Downloads\apowersoft-online-launcher.exe
2017-02-24 23:31 - 2017-02-24 23:39 - 1134763162 _____ C:\Users\zdrahal\Downloads\Hotel-of-the-Damned-(2016)en.mkv
2017-02-24 14:23 - 2017-02-24 14:23 - 00000000 ____D C:\export
2017-02-23 07:20 - 2017-02-23 07:20 - 00000000 ____D C:\WINDOWS\audit
2017-02-22 22:24 - 2017-02-22 22:28 - 427098090 _____ C:\Users\zdrahal\Downloads\Chéri---Michelle-Pfeiffer,-Rupert-Friend,-Kathy-Bates,-Felicity-Jones-2009-cz-dab.avi
2017-02-22 15:14 - 2017-02-22 15:14 - 00047958 _____ C:\Users\zdrahal\Downloads\Pohyb_13892487911_na_uctu_2000302534.pdf
2017-02-22 09:07 - 2017-02-22 12:57 - 00000000 ____D C:\Users\zdrahal\Desktop\UL_CSA
2017-02-21 12:57 - 2017-02-21 12:57 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215.pdf
2017-02-20 23:37 - 2017-02-20 23:37 - 36092047 _____ C:\Users\zdrahal\Desktop\Werner Leonhard-Control of Electrical Drives-Springer (2001).pdf
2017-02-20 23:10 - 2017-02-20 23:11 - 16219691 _____ C:\Users\zdrahal\Downloads\Czech.zip
2017-02-20 23:03 - 2017-02-20 23:03 - 00321525 _____ C:\Users\zdrahal\Downloads\024269.pdf
2017-02-19 23:03 - 2017-02-19 23:25 - 00000000 ____D C:\Program Files (x86)\Age of Empires II HD
2017-02-19 22:30 - 2017-02-19 22:33 - 391288316 _____ C:\Users\zdrahal\Downloads\Steel-Panthers-World-At-War.rar
2017-02-18 11:48 - 2017-02-18 11:48 - 00033475 _____ C:\Users\zdrahal\Downloads\F_2834911317.pdf
2017-02-18 01:00 - 2017-02-18 01:11 - 1483778946 _____ C:\Users\zdrahal\Downloads\The.Night.Watchman.2016.DVDRip.XviD.AC3-EVO.avi
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Jujubee S_A_
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-02-16 23:05 - 2017-03-01 21:03 - 00000000 ____D C:\Users\zdrahal\Desktop\Ila
2017-02-16 22:22 - 2017-02-16 22:22 - 00135903 _____ C:\Users\zdrahal\Downloads\vybor_zapis_15_01_20115.pdf
2017-02-16 20:16 - 2017-02-16 20:16 - 00212342 _____ C:\Users\zdrahal\Downloads\Seznam vlastníků bytů.pdf
2017-02-16 14:47 - 2017-02-16 14:47 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-16 14:47 - 2017-02-16 14:47 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 13:13 - 2017-02-15 13:13 - 01035943 _____ C:\Users\zdrahal\Desktop\IEC 60034-14_2017_draft.pdf
2017-02-15 08:07 - 2017-03-08 22:09 - 00001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-15 08:07 - 2017-03-08 22:09 - 00001150 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-15 08:07 - 2017-02-15 08:07 - 00003948 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-15 08:07 - 2017-02-15 08:07 - 00003696 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-12 23:34 - 2017-02-12 23:46 - 705433141 _____ C:\Users\zdrahal\Downloads\Cherry-Tree-CZ-Titulky-Horor,-Irsko,-2015....ID--154291.mkv
2017-02-12 14:31 - 2017-02-12 15:54 - 00000000 ____D C:\Users\zdrahal\Desktop\1MB1 vývody
2017-02-12 13:18 - 2017-03-02 22:21 - 00000000 ____D C:\Users\zdrahal\Desktop\backups
2017-02-12 11:29 - 2017-02-12 11:29 - 00000000 ____D C:\Users\zdrahal\Downloads\backups
2017-02-12 11:09 - 2017-02-12 11:11 - 00000000 ____D C:\Program Files (x86)\Wsuiedfuloing
2017-02-12 10:53 - 2017-02-12 10:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Downloads\hijackthis.exe
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\rsit
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\Program Files\trend micro
2017-02-12 09:42 - 2017-02-12 11:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Ckafoy
2017-02-12 09:41 - 2017-02-12 09:41 - 00006100 _____ C:\WINDOWS\System32\Tasks\Qerzitainckeriward Launcher
2017-02-12 09:41 - 2017-02-12 09:41 - 00000000 ____D C:\Program Files (x86)\Qerzitainckeriward Launcher
2017-02-11 22:34 - 2017-02-12 10:38 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-11 22:34 - 2017-02-11 23:11 - 00003438 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-02-11 22:34 - 2017-02-11 22:39 - 00000000 ____D C:\Program Files\żěŃą
2017-02-11 22:29 - 2017-02-11 22:29 - 00006056 _____ C:\WINDOWS\System32\Tasks\Sterberph Controls
2017-02-11 22:28 - 2017-02-12 11:57 - 00000000 ____D C:\Program Files (x86)\Pejghtkerrodom
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\cryptolib
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-09 22:06 - 2016-11-29 18:16 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Skype
2017-03-09 22:06 - 2015-10-08 21:14 - 00000405 _____ C:\WINDOWS\SMSCFG.INI
2017-03-09 22:05 - 2016-06-01 09:38 - 00000000 __SHD C:\Users\zdrahal\IntelGraphicsProfiles
2017-03-09 22:05 - 2009-07-14 06:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-09 21:23 - 2016-06-01 11:10 - 00000000 ____D C:\Users\zdrahal\Desktop\H
2017-03-09 21:23 - 2009-07-14 04:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-09 21:23 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-03-09 21:22 - 2016-09-22 08:12 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-09 17:10 - 2016-05-13 15:06 - 00011091 _____ C:\WINDOWS\cfgall.ini
2017-03-09 17:02 - 2015-10-08 21:12 - 00008400 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-03-09 13:53 - 2012-08-29 10:23 - 00883936 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-09 13:53 - 2012-08-29 10:23 - 00222930 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-09 13:53 - 2012-08-29 10:13 - 00864066 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-09 13:53 - 2012-08-29 10:13 - 00215712 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-09 13:53 - 2009-07-14 06:13 - 03244726 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-09 13:53 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-09 13:53 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-09 13:53 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\inf
2017-03-09 13:46 - 2016-06-01 09:38 - 00007728 __RSH C:\Users\zdrahal\ntuser.pol
2017-03-09 13:46 - 2016-06-01 09:38 - 00000000 ____D C:\Users\zdrahal
2017-03-09 12:54 - 2016-06-01 09:39 - 00000000 ____D C:\Users\zdrahal\Tracing
2017-03-09 12:48 - 2009-07-14 06:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-03-09 12:43 - 2016-05-16 07:55 - 00000000 __SHD C:\Users\w9a93e10\IntelGraphicsProfiles
2017-03-09 12:43 - 2016-05-16 07:55 - 00000000 ____D C:\Users\w9a93e10\Tracing
2017-03-09 12:12 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-03-09 12:11 - 2016-05-14 00:28 - 00000000 ____D C:\Intel
2017-03-09 12:06 - 2016-05-16 07:55 - 00147776 _____ C:\Users\w9a93e10\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-09 12:06 - 2016-05-16 07:55 - 00007728 __RSH C:\Users\w9a93e10\ntuser.pol
2017-03-09 12:06 - 2016-05-16 07:55 - 00000000 ____D C:\Users\w9a93e10
2017-03-08 23:44 - 2016-06-01 21:41 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\uTorrent
2017-03-08 23:44 - 2016-06-01 20:38 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\vlc
2017-03-08 22:09 - 2016-06-01 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simocalc
2017-03-08 22:09 - 2016-06-01 09:39 - 00000979 _____ C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-08 21:20 - 2016-11-17 00:26 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Mozilla
2017-03-08 08:33 - 2016-05-13 15:03 - 00000000 ____D C:\Temp
2017-03-07 11:54 - 2016-10-17 14:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\ElevatedDiagnostics
2017-03-07 07:50 - 2016-06-01 15:06 - 00000000 ____D C:\Smart
2017-03-06 11:19 - 2016-06-01 20:56 - 00451584 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2017-03-01 12:24 - 2012-08-28 15:14 - 00158296 __RSH C:\ProgramData\ntuser.pol
2017-02-24 09:53 - 2017-01-02 20:55 - 00000000 ____D C:\Users\zdrahal\Desktop\clo
2017-02-23 13:09 - 2016-06-01 11:10 - 00000000 ____D C:\Users\zdrahal\Desktop\VYKAZOVÁNÍ
2017-02-19 23:33 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-15 20:10 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-15 08:07 - 2016-09-05 07:06 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-12 22:34 - 2016-06-01 12:28 - 00000000 ____D C:\2_VECI
2017-02-12 13:18 - 2016-05-16 09:27 - 00000000 ____D C:\Program Files (x86)\CRService
2017-02-12 10:50 - 2016-10-21 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 10:05 - 2016-09-05 19:46 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Google
2017-02-11 22:33 - 2015-10-08 11:15 - 03276772 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
==================== Files in the root of some directories =======
2017-03-09 22:07 - 2017-03-09 22:07 - 7680000 _____ () C:\Program Files (x86)\GUTC024.tmp
2017-03-06 22:08 - 2017-03-09 21:14 - 0044312 _____ () C:\Program Files (x86)\metadata
2017-03-08 22:13 - 2017-03-09 21:08 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2016-06-01 22:15 - 2016-06-01 22:15 - 0000001 _____ () C:\Users\zdrahal\AppData\Local\llftool.4.40.agreement
2016-06-01 22:18 - 2016-06-01 22:18 - 0000019 _____ () C:\Users\zdrahal\AppData\Local\llftool.license
2017-03-09 22:05 - 2017-03-09 22:05 - 0000004 ____H () C:\ProgramData\cm-lock
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
SIZER for Siemens Drives (HKLM-x32\...\{53FDD695-AE45-42A8-994D-EA9B714C4761}) (Version: 3.15 - Siemens AG)
SIZER for Siemens Drives Product Database (x32 Version: 1.1 - Siemens AG) Hidden
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\zdrahal\Desktop" je 1459 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zpomalené načítání stránek
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zpomalené načítání stránek
Dobrý den, situace se zlepšila. Děkuji. Akorát při spouštění prohlížeče Google Chrome automaticky najíždí domovská stránka http://www.youndoo.com nebo
http://www.luckystarting.com , ač mám nastavenou domovskou stránku google.com.
http://www.luckystarting.com , ač mám nastavenou domovskou stránku google.com.
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zpomalené načítání stránek
OK. Ještě vyčistíme prohlížeče. Udělejte následující skeny:
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?