Dobrý den,
prosím o pomoc s vyčištěným PC, kdy se mi mou neopatrností podařilo natáhnout si nějakou havěť do PC.
Automaticky se sáhl program RegClean Pro, Live PC Help a prohlížeč Opera, kterých se běžnou odinstalací nemohu zbavit. Dále mi je nabízeno stažení novější verze právě otevřeného programu.
OS Win10
Předem děkuji za rady.
Kadlec
Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:20, on 18.12.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16603)
Boot mode: Normal
Running processes:
C:\Users\Míla\AppData\Local\Microsoft\OneDrive\OneDrive.exe
D:\Program Files (x86)\DS Clock\dsclock.exe
D:\Program Files (x86)\PowerArchiver\PASTARTER.EXE
D:\Program Files (x86)\TotalCommanderPortable\TotalCommanderPortable.exe
D:\Program Files (x86)\TotalCommanderPortable\App\TotalCommander\TOTALCMD.EXE
D:\Programy\Odvyrování\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlPzIjvCcchA0PYHzuYYrniKTTb1eNy9gFTX2BUQowoyRhDlND5sQ43e2Jo5q-PddfFeiQFdudcWmyLEQ01CTsxR16FAzQqhV-VebSsSpE3D8WlorflJ7NGpGo1RPS9MwjbmQ9bnZ-JKc0rV&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlPzIjvCcchA0PYHzuYYrniKTTb1eNy9gFTX2BUQowoyRhDlND5sQ43e2Jo5q-PddfFeiQFdudcWmyLEQ01CTsxR16FAzQqhV-VebSsSpE3D8WlorflJ7NGpGo1RPS9MwjbmQ9bnZ-JKc0rV&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlPzIjvCcchA0PYHzuYYrniKTTb1eNy9gFTX2BUQowoyRhDlND5sQ43e2Jo5q-PddfFeiQFdudcWmyLEQ01CTsxR16FAzQqhV-VebSsSpE3D8WlorflJ7NGpGo1RPS9MwjbmQ9bnZ-JKc0rV&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 9AE03A87B2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 9AE03A87B2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlPzIjvCcchA0PYHzuYYrniKTTb1eNy9gFTX2BUQowoyRhDlND5sQ43e2Jo5q-PddfFeiQFdudcWmyLEQ01CTsxR16FAzQqhV-VebSsSpE3D8WlorflJ7NGpGo1RPS9MwjbmQ9bnZ-JKc0rV&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Míla\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [DS Clock] "D:\Program Files (x86)\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [PowerArchiver Tray] D:\Program Files (x86)\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\ProgramData\Zitenop\Stringzamlam.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Alcohol Virtual AHCI Controller Management Service (AxVirtualAHCISrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Dripkick Service (Dripkick) - Unknown owner - C:\Program Files\Dripkick\Dripkick.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Finwarm Service (FinwarmSvc) - Unknown owner - C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe
O23 - Service: Desktop Upload (ginoquci) - Unknown owner - C:\Users\MLA~1\AppData\Local\Temp\nsh90F.tmp
O23 - Service: Normal Blind Carbon Copy (hidekoqe) - Unknown owner - C:\Users\Míla\AppData\Local\1F00FDC0-1450471795-1B00-472E-C8600002356F\qnsc886E.tmp
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Comment Box Visit (rizyqibe) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Service KMSELDI - @ByELDI - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SSFK - TODO: <???> - C:\Program Files (x86)\SFK\SSFK.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Alter Glitch (xuwicywe) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Zitenop - Unknown owner - C:\ProgramData\\Zitenop\\Zitenop.exe
O23 - Service: Presentation Software Satellite (zizusyju) - Unknown owner - C:\Program.exe (file missing)
--
End of file - 12379 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím pomoc zavirované PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím pomoc zavirované PC
Krasny den Vam preju 
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan, pote na Cleaning
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím pomoc zavirované PC
Děkuji za pomoc.
Vše bez problému provedeno podle vašich instrukcí a log přikládám
# AdwCleaner v5.025 - Logfile created 19/12/2015 at 20:09:09
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : Míla - MÍLA-PC
# Running from : C:\Users\Míla\Desktop\adwcleaner_5.025.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : QMUdisk
[-] Service Deleted : Service KMSELDI
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files\kmspico
[-] Folder Deleted : C:\Program Files (x86)\tencent
[-] Folder Deleted : C:\Program Files (x86)\Common Files\tencent
[-] Folder Deleted : C:\Program Files\Common Files\tencent
[-] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kmspico
[-] Folder Deleted : C:\Users\Míla\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\Míla\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\Míla\AppData\Roaming\cpuminer
[-] Folder Deleted : C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Folder Deleted : C:\Users\MLA~1\AppData\Local\Temp\tencent
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\tencent
***** [ Files ] *****
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TAOKernel64.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TFsFltX64.sys
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\METNSD
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5A83D7C9-4A14-4000-BC05-389268238753}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\Reg\Clean
[-] Key Deleted : HKLM\SOFTWARE\Reg\Clean
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tab]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3325 bytes] ##########
Vše bez problému provedeno podle vašich instrukcí a log přikládám
# AdwCleaner v5.025 - Logfile created 19/12/2015 at 20:09:09
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : Míla - MÍLA-PC
# Running from : C:\Users\Míla\Desktop\adwcleaner_5.025.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : QMUdisk
[-] Service Deleted : Service KMSELDI
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files\kmspico
[-] Folder Deleted : C:\Program Files (x86)\tencent
[-] Folder Deleted : C:\Program Files (x86)\Common Files\tencent
[-] Folder Deleted : C:\Program Files\Common Files\tencent
[-] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kmspico
[-] Folder Deleted : C:\Users\Míla\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\Míla\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\Míla\AppData\Roaming\cpuminer
[-] Folder Deleted : C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Folder Deleted : C:\Users\MLA~1\AppData\Local\Temp\tencent
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\tencent
***** [ Files ] *****
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TAOKernel64.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TFsFltX64.sys
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\METNSD
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5A83D7C9-4A14-4000-BC05-389268238753}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\Reg\Clean
[-] Key Deleted : HKLM\SOFTWARE\Reg\Clean
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tab]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3325 bytes] ##########
Re: Prosím pomoc zavirované PC
Je tento operacni system legalni? Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pozn. pri druhem a dalsim spusteni je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím pomoc zavirované PC
Ano, Win10 jsou nainstalovány po legálně zakoupených Win7 PRO.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Míla (administrator) on MÍLA-PC (20-12-2015 20:31:50)
Running from C:\Users\Míla\Desktop
Loaded Profiles: Míla (Available Profiles: Míla)
Platform: Windows 10 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(Alcohol Soft Development Team) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Duality Software) D:\Program Files (x86)\DS Clock\dsclock.exe
(ConeXware, Inc.) D:\Program Files (x86)\PowerArchiver\PASTARTER.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [DS Clock] => D:\Program Files (x86)\DS Clock\dsclock.exe [331776 2005-02-14] (Duality Software)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [PowerArchiver Tray] => D:\Program Files (x86)\PowerArchiver\PASTARTER.EXE [210296 2011-02-14] (ConeXware, Inc.)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\MountPoints2: {1f7efbb2-7441-11e5-b1da-806e6f6e6963} - "G:\EPSETUP.EXE"
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-07-10] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{dc91f2d3-2e48-4bd2-a2bd-d0ab52029f07}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130948606860700325&GUID=AE93D8DD-E26A-4B27-916D-789AE03A87B2
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130949417588053210&GUID=AE93D8DD-E26A-4B27-916D-789AE03A87B2
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://windows.microsoft.com/cs-cz/hotmail/home?ocid=iehp
SearchScopes: HKU\S-1-5-21-1584525098-450318526-2047645849-1000 -> {D51E603A-264D-4EDE-BD2E-1523D1372AE8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1584525098-450318526-2047645849-1000 -> hxxp://atlas.cz/
FireFox:
========
FF ProfilePath: C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default
FF DefaultSearchEngine:
FF Homepage: hxxp://atlas.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-03-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-03-23] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default\extensions\artur.dubovoy@gmail.com [2015-12-06]
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default\Extensions\cs@dictionaries.addons.mozilla.org [2015-10-21] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!3451DB77BEF75AB45FE84082B4FEEE4E3451.js [2015-12-17] <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\3451DB77BEF75AB45FE84082B4FEEE4E3451 [2015-12-17] <==== ATTENTION
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
R2 AxVirtualAHCISrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe [97704 2015-04-11] (Alcohol Soft Development Team)
R2 FinwarmSvc; C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe [45568 2015-12-17] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-17] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek )
R0 sptd2; C:\Windows\System32\Drivers\sptd2.sys [162960 2015-10-21] (Duplex Secure Ltd)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S1 EIO64; \SystemRoot\System32\drivers\EIO64.sys [X]
U3 idsvc; no ImagePath
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
S1 xdansrpj; \??\C:\WINDOWS\system32\drivers\xdansrpj.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-20 20:31 - 2015-12-20 20:32 - 00012470 _____ C:\Users\Míla\Desktop\FRST.txt
2015-12-20 20:31 - 2015-12-20 20:31 - 00000000 ____D C:\FRST
2015-12-20 20:30 - 2015-12-20 20:30 - 02370560 _____ (Farbar) C:\Users\Míla\Desktop\FRST64.exe
2015-12-20 20:25 - 2015-12-20 20:25 - 00000000 ___HD C:\OneDriveTemp
2015-12-20 20:24 - 2015-12-20 20:24 - 00016148 _____ C:\WINDOWS\system32\MÍLA-PC_Míla_HistoryPrediction.bin
2015-12-19 20:08 - 2015-12-19 20:09 - 00000000 ____D C:\AdwCleaner
2015-12-19 20:07 - 2015-12-19 20:06 - 01740288 _____ C:\Users\Míla\Desktop\adwcleaner_5.025.exe
2015-12-18 22:25 - 2015-12-18 20:54 - 00450881 ____R C:\WINDOWS\system32\Drivers\etc\hosts.orig
2015-12-18 22:15 - 2015-12-18 22:25 - 00001165 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-18 22:15 - 2015-12-18 22:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-18 22:15 - 2015-12-18 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-18 22:15 - 2015-12-18 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-18 22:15 - 2015-12-18 22:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-18 22:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-18 22:15 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-18 22:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-18 21:46 - 2015-12-18 22:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\rsit
2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\Program Files\trend micro
2015-12-18 20:59 - 2015-12-18 20:59 - 00000017 _____ C:\WINDOWS\SysWOW64\history.dat
2015-12-18 20:54 - 2015-12-17 14:27 - 00000931 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151218-205429.backup
2015-12-18 20:25 - 2015-12-18 20:25 - 16409960 _____ (Safer Networking Limited ) C:\Users\Míla\Desktop\setup-spybotsd162.exe
2015-12-18 20:22 - 2015-12-18 22:25 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-12-18 20:22 - 2015-12-18 20:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-18 20:22 - 2015-12-18 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-12-17 22:42 - 2015-12-17 23:09 - 00000000 ____D C:\Users\Míla\AppData\Roaming\Enigma Software Group
2015-12-17 22:42 - 2015-12-17 22:42 - 00000000 _____ C:\autoexec.bat
2015-12-17 22:41 - 2015-12-17 22:41 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-12-17 22:06 - 2015-12-18 22:25 - 00000270 __RSH C:\Users\Míla\ntuser.pol
2015-12-17 14:29 - 2015-12-17 14:29 - 00003232 _____ C:\WINDOWS\System32\Tasks\Bus Virtual
2015-12-17 14:29 - 2015-12-17 14:29 - 00003228 _____ C:\WINDOWS\System32\Tasks\Bus Virtual2
2015-12-17 14:28 - 2015-12-18 22:11 - 00000000 ____D C:\Users\Míla\AppData\Roaming\Opera Software
2015-12-17 14:28 - 2015-12-18 22:11 - 00000000 ____D C:\Users\Míla\AppData\Local\Opera Software
2015-12-17 14:28 - 2015-12-18 22:11 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-17 14:28 - 2015-12-17 14:27 - 00000931 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-12-17 14:18 - 2015-12-17 14:18 - 00005120 _____ C:\Users\Míla\AppData\Roaming\GiftBag.db
2015-12-17 14:18 - 2015-12-17 14:18 - 00000000 ____D C:\Users\M韑a\AppData\Roaming\Tencent
2015-12-17 14:18 - 2015-12-17 14:18 - 00000000 ____D C:\Users\M韑a
2015-12-17 14:16 - 2015-12-18 22:25 - 00000270 __RSH C:\ProgramData\ntuser.pol
2015-12-17 13:53 - 2015-12-17 13:53 - 00000000 ____D C:\Users\Míla\AppData\Local\SiDiary
2015-12-17 09:53 - 2015-12-17 09:53 - 00191504 _____ (Prolific Technology Inc.) C:\WINDOWS\system32\Drivers\ser2pl64.sys
2015-12-17 09:53 - 2015-12-17 09:53 - 00000000 ____D C:\WINDOWS\LastGood
2015-12-17 09:52 - 2015-12-17 09:52 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2015-12-17 09:39 - 2015-12-17 13:18 - 00000000 ____D C:\WINDOWS\OTBackup
2015-12-17 09:35 - 2015-12-17 09:35 - 00003464 _____ C:\WINDOWS\System32\Tasks\{B5BAB777-DC8B-4D75-8F0A-277663520260}
2015-12-17 09:23 - 2015-12-17 09:23 - 00000000 ____D C:\Users\Míla\AppData\Local\{FD37D6C0-2049-4AE2-B903-AA87CA9EABB9}
2015-12-17 09:09 - 2015-12-17 09:09 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-12-17 09:00 - 2015-12-17 09:00 - 00000000 ____D C:\Users\Míla\AppData\Local\{95DD20F6-507D-4254-B0C6-D187C2769568}
2015-12-17 09:00 - 2015-12-17 09:00 - 00000000 ____D C:\Program Files (x86)\Silabs
2015-12-17 08:59 - 2006-06-02 16:40 - 01066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomctl.ocx
2015-12-17 08:59 - 2006-06-02 16:40 - 00647872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCT2.OCX
2015-12-17 08:59 - 2006-06-02 16:40 - 00438976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHFLXGD.OCX
2015-12-17 08:59 - 2006-06-02 16:40 - 00203976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Richtx32.ocx
2015-12-17 08:59 - 2006-06-02 16:40 - 00140488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COMDLG32.OCX
2015-12-17 08:59 - 2006-06-02 16:40 - 00067376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Sysinfo.ocx
2015-12-17 08:59 - 2001-08-06 17:28 - 00007952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBCCP32.CPL
2015-12-17 08:59 - 2001-08-06 17:13 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DS32GT.DLL
2015-12-17 08:59 - 2001-08-06 17:08 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBC32GT.DLL
2015-12-17 08:59 - 2000-08-02 15:44 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdocurs.dll
2015-12-17 08:59 - 1999-01-11 20:21 - 00026224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBC16GT.DLL
2015-12-17 08:59 - 1999-01-11 20:18 - 00004656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DS16GT.DLL
2015-12-17 08:59 - 1998-10-19 12:34 - 00037062 _____ C:\WINDOWS\SysWOW64\odbcinst.hlp
2015-12-17 08:59 - 1998-10-19 12:34 - 00000324 _____ C:\WINDOWS\SysWOW64\odbcinst.cnt
2015-12-17 08:59 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL
2015-12-17 08:58 - 2015-12-17 13:53 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-12-13 15:14 - 2015-12-13 15:14 - 00001133 ____N C:\Users\Míla\Desktop\recepty facebook – zástupce.lnk
2015-12-09 20:26 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 20:26 - 2015-12-01 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-09 20:26 - 2015-12-01 06:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-09 20:26 - 2015-12-01 06:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-09 20:26 - 2015-12-01 06:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 20:26 - 2015-12-01 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 20:26 - 2015-12-01 05:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-09 20:26 - 2015-11-25 06:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-09 20:26 - 2015-11-25 06:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-09 20:26 - 2015-11-25 06:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 20:26 - 2015-11-25 06:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 20:26 - 2015-11-25 06:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 20:26 - 2015-11-25 06:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-09 20:26 - 2015-11-25 06:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 20:26 - 2015-11-25 06:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-09 20:26 - 2015-11-25 06:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 20:26 - 2015-11-25 06:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 20:26 - 2015-11-25 06:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 20:26 - 2015-11-25 05:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 20:26 - 2015-11-25 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 20:26 - 2015-11-25 05:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 20:26 - 2015-11-25 05:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-09 20:26 - 2015-11-25 05:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-09 20:26 - 2015-11-25 05:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-09 20:26 - 2015-11-25 05:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-09 20:26 - 2015-11-25 05:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 20:26 - 2015-11-25 05:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-09 20:26 - 2015-11-25 05:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-09 20:26 - 2015-11-25 05:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 20:26 - 2015-11-25 05:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-09 20:26 - 2015-11-25 05:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 20:26 - 2015-11-25 05:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-09 20:26 - 2015-11-25 05:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 20:26 - 2015-11-25 05:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 20:26 - 2015-11-25 05:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-09 20:26 - 2015-11-25 05:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-09 20:26 - 2015-11-25 05:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 20:26 - 2015-11-25 05:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-09 20:26 - 2015-11-25 05:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-09 20:26 - 2015-11-25 05:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 20:26 - 2015-11-25 05:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 20:26 - 2015-11-25 05:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 20:26 - 2015-11-25 05:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 20:26 - 2015-11-25 05:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-09 20:26 - 2015-11-25 05:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-09 20:26 - 2015-11-25 05:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 20:26 - 2015-11-25 05:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-09 20:26 - 2015-11-25 05:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-09 20:26 - 2015-11-25 05:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-09 20:26 - 2015-11-25 05:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 20:26 - 2015-11-25 05:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 20:26 - 2015-11-25 05:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-09 20:26 - 2015-11-25 05:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-09 20:26 - 2015-11-25 05:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 20:26 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 20:26 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-11-28 21:31 - 2015-11-28 21:31 - 00000000 ____D C:\ProgramData\ConeXware
2015-11-28 21:30 - 2015-11-28 21:30 - 00000000 ____D C:\ProgramData\Caphyon
2015-11-28 21:30 - 2015-11-28 21:30 - 00000000 ____D C:\Program Files (x86)\PatchBeam
2015-11-28 21:29 - 2015-11-28 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-20 20:31 - 2015-07-10 10:47 - 00000000 ____D C:\Windows
2015-12-20 20:27 - 2015-10-19 21:38 - 00004192 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1E143A82-F3F7-46EF-8242-2747071AA966}
2015-12-20 20:25 - 2015-10-17 09:33 - 00000000 ___RD C:\Users\Míla\OneDrive
2015-12-20 05:11 - 2015-10-17 09:19 - 01762290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-20 05:11 - 2015-09-10 06:05 - 00745406 _____ C:\WINDOWS\system32\perfh005.dat
2015-12-20 05:11 - 2015-09-10 06:05 - 00149344 _____ C:\WINDOWS\system32\perfc005.dat
2015-12-20 05:11 - 2015-07-30 23:40 - 00000000 ____D C:\WINDOWS\INF
2015-12-20 05:06 - 2015-10-17 09:12 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-20 05:06 - 2015-07-30 22:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-19 22:37 - 2015-10-17 08:17 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-19 22:04 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-19 20:09 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-18 22:26 - 2015-11-06 22:10 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-18 22:26 - 2015-10-18 21:00 - 00001220 _____ C:\Users\Public\Desktop\WD My Cloud.lnk
2015-12-18 22:26 - 2015-10-17 09:14 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-18 22:26 - 2015-07-10 06:02 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk
2015-12-18 22:26 - 2015-07-10 06:02 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2015-12-18 22:26 - 2015-07-10 03:09 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2015-12-18 22:26 - 2015-07-10 03:01 - 00001578 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-12-18 22:26 - 2015-07-10 02:57 - 00002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2015-12-18 22:26 - 2015-07-10 02:57 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2015-12-18 22:25 - 2015-11-12 21:15 - 00000997 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-12-18 22:25 - 2015-11-06 22:10 - 00002118 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-18 22:25 - 2015-11-04 22:17 - 00001062 _____ C:\Users\Míla\Desktop\Daum Potplayer-64 Bits.lnk
2015-12-18 22:25 - 2015-10-21 15:32 - 00002042 _____ C:\Users\Public\Desktop\Pinnacle Studio 17.lnk
2015-12-18 22:25 - 2015-10-21 15:25 - 00001247 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2015-12-18 22:25 - 2015-10-21 15:15 - 00000719 _____ C:\Users\Public\Desktop\OpenTTD.lnk
2015-12-18 22:25 - 2015-10-19 05:43 - 00000722 _____ C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\PowerArchiver.lnk
2015-12-18 22:25 - 2015-10-18 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-18 22:25 - 2015-10-17 09:33 - 00002384 _____ C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-18 22:25 - 2015-10-17 09:33 - 00001047 _____ C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Volitelné funkce.lnk
2015-12-18 22:25 - 2015-10-17 09:13 - 00000000 ____D C:\Users\Míla
2015-12-18 22:25 - 2015-10-16 21:28 - 00001219 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2015-12-18 22:24 - 2015-07-30 22:49 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-18 22:04 - 2015-10-17 09:31 - 00000000 ____D C:\Users\Míla\AppData\Local\Packages
2015-12-18 20:55 - 2015-10-16 20:50 - 00000000 ____D C:\Users\Míla\AppData\Local\VirtualStore
2015-12-18 20:23 - 2015-07-30 23:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-17 22:06 - 2015-07-30 22:49 - 00405592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-17 14:30 - 2015-10-16 20:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-17 14:16 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-12-17 14:15 - 2015-10-18 20:34 - 00002028 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2015-12-11 10:46 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\rescache
2015-12-11 09:36 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-10 21:59 - 2015-10-18 17:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-10 21:59 - 2015-10-18 17:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 21:58 - 2009-07-14 03:34 - 00000478 _____ C:\WINDOWS\win.ini
2015-12-10 21:56 - 2015-10-17 00:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-10 21:56 - 2015-07-30 23:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-10 21:54 - 2015-10-17 00:45 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-01 01:32 - 2015-07-30 23:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 01:32 - 2015-07-30 23:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-12-17 14:18 - 2015-12-17 14:18 - 0005120 _____ () C:\Users\Míla\AppData\Roaming\GiftBag.db
2015-10-18 20:08 - 2015-10-18 20:08 - 0038503 _____ () C:\Users\Míla\AppData\Roaming\Hodnoty oddělené čárkami.ADR
2015-10-21 15:33 - 2015-10-21 15:33 - 0000209 _____ () C:\Users\Míla\AppData\Roaming\MÍLA-PC.MTBF.txt
2015-10-21 15:33 - 2015-10-21 15:41 - 0000904 _____ () C:\Users\Míla\AppData\Roaming\__AvidCloudManager.log
2015-10-21 15:34 - 2015-10-21 15:34 - 0003584 _____ () C:\Users\Míla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Users\Míla\AppData\Local\Temp\3588.tmp.exe
C:\Users\Míla\AppData\Local\Temp\B250.tmp.exe
C:\Users\Míla\AppData\Local\Temp\DPInstx64.exe
C:\Users\Míla\AppData\Local\Temp\DPInstx86.exe
C:\Users\Míla\AppData\Local\Temp\DPInst_Monx64.exe
C:\Users\Míla\AppData\Local\Temp\DPInst_Monx86.exe
C:\Users\Míla\AppData\Local\Temp\E2F5.tmp.exe
C:\Users\Míla\AppData\Local\Temp\OS_Detect.exe
C:\Users\Míla\AppData\Local\Temp\patchbeam.exe
C:\Users\Míla\AppData\Local\Temp\qqpcmgr_v11.1.16908.217_72809_Silence.exe
C:\Users\Míla\AppData\Local\Temp\setup.exe
C:\Users\Míla\AppData\Local\Temp\tcuni_crk.exe
C:\Users\Míla\AppData\Local\Temp\_is469F.exe
C:\Users\Míla\AppData\Local\Temp\_isCFD9.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-10 21:51
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Míla (2015-12-20 20:32:21)
Running from C:\Users\Míla\Desktop
Windows 10 Pro (X64) (2015-10-17 08:31:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1584525098-450318526-2047645849-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1584525098-450318526-2047645849-503 - Limited - Disabled)
Guest (S-1-5-21-1584525098-450318526-2047645849-501 - Limited - Disabled)
Míla (S-1-5-21-1584525098-450318526-2047645849-1000 - Administrator - Enabled) => C:\Users\Míla
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.30 - ASUSTeK Computer Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
ATI Catalyst Install Manager (HKLM\...\{AB7F4312-8037-4EBF-9D0F-5513CDFD534C}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Creative Pack Volume 3 - Kids (HKLM-x32\...\{7F2D1105-70ED-4379-8772-3F06E1D23F5A}) (Version: 1.00.0000.01 - Pinnacle Systems)
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)
DS Clock (HKLM-x32\...\DS Clock_is1) (Version: 1.6 - Duality Software)
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Easy Photo Print (HKLM-x32\...\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}) (Version: 1.5.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuál (HKLM-x32\...\EPSON Stylus CX7300_CX8300_DX7400_DX8400 Uživatelská příručka) (Version: - )
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 43.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 cs)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller Driver 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 267.85 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.85 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.85 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OpenTTD 1.3.0 (HKLM-x32\...\OpenTTD) (Version: 1.3.0 - OpenTTD)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 353.62 (Version: 353.62 - NVIDIA Corporation) Hidden
PatchBeam (HKLM-x32\...\PatchBeam) (Version: 1.10 - ConeXware, Inc.)
Pinnacle Creative Pack Volume 2 (HKLM-x32\...\{0299DF57-FF2E-42C6-A4D7-9480E537D191}) (Version: 1.00.0000.16 - Pinnacle Systems)
Pinnacle Scorefitter Volume 3 - Travel (HKLM-x32\...\{C8242A93-DA0A-4DED-997B-CBA00E254E91}) (Version: 1.00.0000.05 - Pinnacle Systems)
Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.0.0.128 - Corel Corporation)
Pinnacle Winter Pack (HKLM-x32\...\{67330878-0617-41A9-A3B0-B5298E89E7BC}) (Version: 1.00.0000.20 - Pinnacle Systems)
Pinnale Systems Software Keys (HKLM-x32\...\{616CD10B-1EC7-41D2-8C14-3ECE93E7AEE9}_is1) (Version: - VPP TEAM)
PotPlayer CZ verze 2.5 (HKLM\...\PotPlayerCZ_is1) (Version: 2.5 - Robert Pösel (Robyer))
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
PowerArchiver 2011 (HKLM-x32\...\PowerArchiver 2011 12.00.59) (Version: 12.00.59 - ConeXware, Inc.)
PowerArchiver 2011 (x32 Version: 12.00.59 - ConeXware, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Software tiskárny EPSON (HKLM\...\EPSON Printer and Utilities) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.57 - Ghisler Software GmbH)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{C224EEBF-D40A-4056-9DD3-EE74666F74AB}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Utility (x32 Version: 1.00.0002 - ASUSTek) Hidden
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1584525098-450318526-2047645849-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Míla\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-12-18 20:54 - 00450881 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 15465 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F72FC0-50F4-4416-983A-26B3910DF34B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0970334C-05CB-44B6-9EC6-2EC0394CA7F7} - System32\Tasks\{B5BAB777-DC8B-4D75-8F0A-277663520260} => pcalua.exe -a "C:\Program Files (x86)\LifeScan\LDCF\USBDrivers\SilabsXPVistaWin7\CP210xVCPInstaller.exe" -d "C:\Program Files (x86)\LifeScan\LDCF\USBDrivers\SilabsXPVistaWin7"
Task: {115A8205-9DFA-4958-920F-64E1B887AED0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {1D85A9FC-8243-4B2A-BD5F-892FC13E5982} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {23755604-03FB-497F-83FC-CEB15FAED9EE} - System32\Tasks\ASUS\ASUS DigiVRM Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe [2011-04-13] (ASUSTeK Computer Inc.)
Task: {23AAF027-4C6B-478E-B2C1-FC3C7367B5D3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2DB8C17F-BC96-475B-83D0-0248F8752002} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {3C64E352-48DB-46A2-AA6F-9A4960AC9808} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {413A399C-2A9E-442D-BB70-F267E33F6B60} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {419DCCF0-4FE3-410F-B7F8-3DC8D4D77C52} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {450A0A84-7358-45D7-81ED-B00F56FE3C81} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4EFCC16A-5F29-4037-9E2E-E343F8797C9A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {4F5768DD-5B21-4819-823F-C38B5435EE7F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {508E12B6-7D1D-4B63-BCDE-8610DEA049CC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-10] (Microsoft Corporation)
Task: {5329D53B-38C6-4DCA-9FBB-7371CEE549D3} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {55FE49C9-1086-4C9C-A53E-92CC5A3A2133} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {664204B6-9D64-4232-9D97-C7824D20280E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {787E7E68-A601-4916-B27F-D52169E0E067} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {7DCA1E2C-2A3F-4B2E-B189-90F5906515C1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8E6070CD-9221-472D-AE6C-673E0514BD41} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {91EA3CBA-9675-47F1-B9F6-27E4DEDAADAE} - System32\Tasks\Bus Virtual => Rundll32.exe "C:\Users\Míla\AppData\Local\Bus Virtual\{B2419BCF-0F5C-E1B2-AAE0-97F7695675E1}\BusVirtual.dll",#1 <==== ATTENTION
Task: {981067D2-79CD-44E5-A5B8-1D10E95C3561} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {9813F9E9-C301-4A84-B061-CB01632921FD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {99932A60-657C-41EB-B7CB-1A079373434D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {9A7294D0-DB39-4EA4-9120-2EAB4D801907} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A86136FD-D4C5-4F47-823B-E8FF054CE3B9} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {AAF8F28E-C7C9-41E2-B988-EA5BE33CBEED} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AC232160-36E9-4B4D-A215-945BCF446499} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {AEC24BC7-7B82-401D-BD41-C15B2EE26070} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {B5586E10-E611-446F-9C74-49757DCBFB16} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {BE329E14-8F69-4DE9-8FEC-0F332417E15F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {C024933C-E6AE-4072-A65B-78D02933C73B} - System32\Tasks\Bus Virtual2 => Rundll32.exe "C:\Users\Míla\AppData\Local\Bus Virtual\{B2419BCF-0F5C-E1B2-AAE0-97F7695675E1}\eapnxzf.dll",#1 <==== ATTENTION
Task: {D4BC7A54-E623-4188-B32A-B397C3E3E34E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D75E0411-C06B-429D-97D0-0E57319EE383} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {E267EE65-ED15-4ABA-BDCC-D65C78004265} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {E33512F6-BD3F-45C0-A47C-8D90EF2EB378} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E481A35F-4440-406F-A5F4-5A40384B9B9D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {E5720F5E-6F6E-4EE8-9F6C-30420D6D11EB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E76058D8-F58F-4B9B-BF15-22C62F57BB71} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EA8BC3DD-0841-4215-848D-DC3BBFFDBF13} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F99BF0A1-C402-4B14-ABF7-9B3E25AEF07F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Míla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Míla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
==================== Loaded Modules (Whitelisted) ==============
2015-07-10 04:33 - 2015-07-10 04:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 06:08 - 2015-09-10 06:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2010-11-03 10:30 - 2010-11-03 10:30 - 00918144 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2015-10-16 21:00 - 2010-10-21 10:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2010-12-02 03:15 - 2010-12-02 03:15 - 00915584 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
2015-09-10 06:08 - 2015-09-10 06:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-12-17 14:29 - 2015-12-17 14:29 - 00045568 _____ () C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe
2015-10-17 09:12 - 2015-07-23 02:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 20:26 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 20:26 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 20:26 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-16 20:59 - 2015-12-20 05:07 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2015-10-16 20:59 - 2010-06-29 03:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2015-10-16 21:02 - 2011-03-04 09:33 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2015-10-16 21:02 - 2009-05-21 09:14 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2015-10-16 21:00 - 2011-02-24 09:19 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2015-10-16 21:00 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2015-10-16 21:00 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2015-10-16 21:01 - 2011-03-09 13:55 - 01036800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2015-10-16 21:00 - 2011-03-23 14:05 - 00964608 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2015-10-16 21:01 - 2011-03-11 18:53 - 01257472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2015-10-16 21:02 - 2011-01-06 09:38 - 01027072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2015-10-16 21:00 - 2011-04-28 17:01 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2015-10-16 21:00 - 2011-04-07 16:33 - 01607168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2015-10-16 21:00 - 2011-01-07 15:39 - 01246208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2015-10-16 21:00 - 2010-08-06 17:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2015-10-16 21:00 - 2010-08-06 17:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2015-10-16 20:59 - 2010-08-23 03:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
2015-10-16 21:00 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
2015-10-16 21:28 - 2014-09-28 16:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7866 more sites.
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123simsen.com -> www.123simsen.com
There are 7866 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => " QQPCTray"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7EBED049-F3DC-4FD7-8EA5-A3B48CD25C4F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0B75C985-7777-481D-A9FF-AFBCF3A73593}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E107B923-FBF8-41B4-AD42-0FC76F503759}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E12C763-3272-43E4-A4C8-56AD3BAE0079}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{575DB943-2F2D-4CF6-B9DE-3610CFF58CB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BB5680F-C82C-40CB-96A8-4B64C9D0EF2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E131B1DD-32BC-4AC4-BB47-FC293F843FA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB873B66-02CD-4B2E-8080-9AC267C02EBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{433502C8-0B05-4EA4-9178-781FE6BBAEB5}] => (Allow) C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{483F8203-D3FC-464E-9DE3-06B5E35337DE}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [{D39443B1-FA12-4D30-BFC9-414A342B02E2}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [{A3AC7DAC-D09C-4BA2-91DE-E7E9BAF1543C}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{48F234EC-41B3-45D8-BF74-A032EB6F11C0}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{447EFAFA-AFAD-4628-BB26-45C052B69AF9}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{124278FF-C074-41C5-ACE2-D0CCBC774C00}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{90F6A6B9-6678-45F0-8A6B-E814EB6E0F2A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9A11FDB3-C55C-4579-ADE5-B0419FA36A9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{286E4E75-CBCC-4FCA-A775-9DC8087E2125}D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe] => (Allow) D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe
FirewallRules: [UDP Query User{93412699-4851-4DCA-8B22-204A2750AAF6}D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe] => (Allow) D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe
FirewallRules: [{B3D313B0-003E-4C7A-B724-8F2721A93A79}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{53DA6273-68EA-4C14-99FD-79E745204461}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
==================== Faulty Device Manager Devices =============
Name: LifeScan USB Device Driver vSL3.0 (COM5)
Description: LifeScan USB Device Driver vSL3.0
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: LifeScan Inc
Service: silabser
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/20/2015 05:31:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MÍLA-PC)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (12/18/2015 08:19:10 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (12/18/2015 08:19:10 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
Error: (12/18/2015 08:19:10 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Outlook4
Error: (12/17/2015 10:37:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 42.0.0.5780, časové razítko: 0x5632d0a4
Název chybujícího modulu: mozglue.dll, verze: 42.0.0.5780, časové razítko: 0x5632ba58
Kód výjimky: 0x80000003
Posun chyby: 0x0000ed50
ID chybujícího procesu: 0x1f20
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3
Úplný název chybujícího balíčku: plugin-container.exe4
ID aplikace související s chybujícím balíčkem: plugin-container.exe5
Error: (12/17/2015 02:17:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1 se nezdařilo.
Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (12/17/2015 02:17:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1 se nezdařilo.
Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (12/17/2015 12:34:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MÍLA-PC)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (12/17/2015 09:28:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program OneTouch.exe verze 102.3310.0.2910 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.
ID procesu: 14ac
Čas spuštění: 01d138a26814f15e
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Program Files (x86)\LifeScan\OneTouch\Bin\OneTouch.exe
ID hlášení: 268774c5-a498-11e5-8d95-c8600002356f
Úplný název balíčku s chybou:
ID aplikace související s balíčkem s chybou:
Error: (12/16/2015 12:57:35 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7500) Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032
System errors:
=============
Error: (12/20/2015 05:31:16 AM) (Source: DCOM) (EventID: 10010) (User: MÍLA-PC)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:08:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici
Error: (12/20/2015 05:06:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (22:50:18, 19.12.2015) bylo neočekávané.
Error: (12/20/2015 05:06:48 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212265134605854209825928
Error: (12/19/2015 08:09:32 PM) (Source: DCOM) (EventID: 10010) (User: MÍLA-PC)
Description: {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
Error: (12/19/2015 08:09:32 PM) (Source: DCOM) (EventID: 10010) (User: MÍLA-PC)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
CodeIntegrity:
===================================
Date: 2015-12-17 08:25:30.952
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-13 10:15:48.044
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-11 10:39:00.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.858
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.807
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.709
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.681
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:38:59.644
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:38:59.502
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: AMD FX(tm)-6100 Six-Core Processor
Percentage of memory in use: 19%
Total physical RAM: 8137.32 MB
Available physical RAM: 6514.05 MB
Total Virtual: 16329.32 MB
Available Virtual: 14684.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.35 GB) (Free:59.16 GB) NTFS
Drive d: (Data) (Fixed) (Total:581.46 GB) (Free:519.88 GB) NTFS
Drive e: (Film) (Fixed) (Total:232.88 GB) (Free:105.81 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:349.6 GB) (Free:70.89 GB) NTFS
Drive g: (EPSON) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6F87E4E2)
Partition 1: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 81D413B6)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2C0A6C3A)
Partition 1: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=349.6 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Míla (administrator) on MÍLA-PC (20-12-2015 20:31:50)
Running from C:\Users\Míla\Desktop
Loaded Profiles: Míla (Available Profiles: Míla)
Platform: Windows 10 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(Alcohol Soft Development Team) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Duality Software) D:\Program Files (x86)\DS Clock\dsclock.exe
(ConeXware, Inc.) D:\Program Files (x86)\PowerArchiver\PASTARTER.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [DS Clock] => D:\Program Files (x86)\DS Clock\dsclock.exe [331776 2005-02-14] (Duality Software)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [PowerArchiver Tray] => D:\Program Files (x86)\PowerArchiver\PASTARTER.EXE [210296 2011-02-14] (ConeXware, Inc.)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\MountPoints2: {1f7efbb2-7441-11e5-b1da-806e6f6e6963} - "G:\EPSETUP.EXE"
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-07-10] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{dc91f2d3-2e48-4bd2-a2bd-d0ab52029f07}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130948606860700325&GUID=AE93D8DD-E26A-4B27-916D-789AE03A87B2
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130949417588053210&GUID=AE93D8DD-E26A-4B27-916D-789AE03A87B2
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://windows.microsoft.com/cs-cz/hotmail/home?ocid=iehp
SearchScopes: HKU\S-1-5-21-1584525098-450318526-2047645849-1000 -> {D51E603A-264D-4EDE-BD2E-1523D1372AE8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1584525098-450318526-2047645849-1000 -> hxxp://atlas.cz/
FireFox:
========
FF ProfilePath: C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default
FF DefaultSearchEngine:
FF Homepage: hxxp://atlas.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-03-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-03-23] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default\extensions\artur.dubovoy@gmail.com [2015-12-06]
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default\Extensions\cs@dictionaries.addons.mozilla.org [2015-10-21] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!3451DB77BEF75AB45FE84082B4FEEE4E3451.js [2015-12-17] <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\3451DB77BEF75AB45FE84082B4FEEE4E3451 [2015-12-17] <==== ATTENTION
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
R2 AxVirtualAHCISrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe [97704 2015-04-11] (Alcohol Soft Development Team)
R2 FinwarmSvc; C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe [45568 2015-12-17] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-17] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek )
R0 sptd2; C:\Windows\System32\Drivers\sptd2.sys [162960 2015-10-21] (Duplex Secure Ltd)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S1 EIO64; \SystemRoot\System32\drivers\EIO64.sys [X]
U3 idsvc; no ImagePath
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
S1 xdansrpj; \??\C:\WINDOWS\system32\drivers\xdansrpj.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-20 20:31 - 2015-12-20 20:32 - 00012470 _____ C:\Users\Míla\Desktop\FRST.txt
2015-12-20 20:31 - 2015-12-20 20:31 - 00000000 ____D C:\FRST
2015-12-20 20:30 - 2015-12-20 20:30 - 02370560 _____ (Farbar) C:\Users\Míla\Desktop\FRST64.exe
2015-12-20 20:25 - 2015-12-20 20:25 - 00000000 ___HD C:\OneDriveTemp
2015-12-20 20:24 - 2015-12-20 20:24 - 00016148 _____ C:\WINDOWS\system32\MÍLA-PC_Míla_HistoryPrediction.bin
2015-12-19 20:08 - 2015-12-19 20:09 - 00000000 ____D C:\AdwCleaner
2015-12-19 20:07 - 2015-12-19 20:06 - 01740288 _____ C:\Users\Míla\Desktop\adwcleaner_5.025.exe
2015-12-18 22:25 - 2015-12-18 20:54 - 00450881 ____R C:\WINDOWS\system32\Drivers\etc\hosts.orig
2015-12-18 22:15 - 2015-12-18 22:25 - 00001165 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-18 22:15 - 2015-12-18 22:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-18 22:15 - 2015-12-18 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-18 22:15 - 2015-12-18 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-18 22:15 - 2015-12-18 22:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-18 22:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-18 22:15 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-18 22:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-18 21:46 - 2015-12-18 22:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\rsit
2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\Program Files\trend micro
2015-12-18 20:59 - 2015-12-18 20:59 - 00000017 _____ C:\WINDOWS\SysWOW64\history.dat
2015-12-18 20:54 - 2015-12-17 14:27 - 00000931 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151218-205429.backup
2015-12-18 20:25 - 2015-12-18 20:25 - 16409960 _____ (Safer Networking Limited ) C:\Users\Míla\Desktop\setup-spybotsd162.exe
2015-12-18 20:22 - 2015-12-18 22:25 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-12-18 20:22 - 2015-12-18 20:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-18 20:22 - 2015-12-18 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-12-17 22:42 - 2015-12-17 23:09 - 00000000 ____D C:\Users\Míla\AppData\Roaming\Enigma Software Group
2015-12-17 22:42 - 2015-12-17 22:42 - 00000000 _____ C:\autoexec.bat
2015-12-17 22:41 - 2015-12-17 22:41 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-12-17 22:06 - 2015-12-18 22:25 - 00000270 __RSH C:\Users\Míla\ntuser.pol
2015-12-17 14:29 - 2015-12-17 14:29 - 00003232 _____ C:\WINDOWS\System32\Tasks\Bus Virtual
2015-12-17 14:29 - 2015-12-17 14:29 - 00003228 _____ C:\WINDOWS\System32\Tasks\Bus Virtual2
2015-12-17 14:28 - 2015-12-18 22:11 - 00000000 ____D C:\Users\Míla\AppData\Roaming\Opera Software
2015-12-17 14:28 - 2015-12-18 22:11 - 00000000 ____D C:\Users\Míla\AppData\Local\Opera Software
2015-12-17 14:28 - 2015-12-18 22:11 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-17 14:28 - 2015-12-17 14:27 - 00000931 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-12-17 14:18 - 2015-12-17 14:18 - 00005120 _____ C:\Users\Míla\AppData\Roaming\GiftBag.db
2015-12-17 14:18 - 2015-12-17 14:18 - 00000000 ____D C:\Users\M韑a\AppData\Roaming\Tencent
2015-12-17 14:18 - 2015-12-17 14:18 - 00000000 ____D C:\Users\M韑a
2015-12-17 14:16 - 2015-12-18 22:25 - 00000270 __RSH C:\ProgramData\ntuser.pol
2015-12-17 13:53 - 2015-12-17 13:53 - 00000000 ____D C:\Users\Míla\AppData\Local\SiDiary
2015-12-17 09:53 - 2015-12-17 09:53 - 00191504 _____ (Prolific Technology Inc.) C:\WINDOWS\system32\Drivers\ser2pl64.sys
2015-12-17 09:53 - 2015-12-17 09:53 - 00000000 ____D C:\WINDOWS\LastGood
2015-12-17 09:52 - 2015-12-17 09:52 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2015-12-17 09:39 - 2015-12-17 13:18 - 00000000 ____D C:\WINDOWS\OTBackup
2015-12-17 09:35 - 2015-12-17 09:35 - 00003464 _____ C:\WINDOWS\System32\Tasks\{B5BAB777-DC8B-4D75-8F0A-277663520260}
2015-12-17 09:23 - 2015-12-17 09:23 - 00000000 ____D C:\Users\Míla\AppData\Local\{FD37D6C0-2049-4AE2-B903-AA87CA9EABB9}
2015-12-17 09:09 - 2015-12-17 09:09 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-12-17 09:00 - 2015-12-17 09:00 - 00000000 ____D C:\Users\Míla\AppData\Local\{95DD20F6-507D-4254-B0C6-D187C2769568}
2015-12-17 09:00 - 2015-12-17 09:00 - 00000000 ____D C:\Program Files (x86)\Silabs
2015-12-17 08:59 - 2006-06-02 16:40 - 01066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomctl.ocx
2015-12-17 08:59 - 2006-06-02 16:40 - 00647872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCT2.OCX
2015-12-17 08:59 - 2006-06-02 16:40 - 00438976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHFLXGD.OCX
2015-12-17 08:59 - 2006-06-02 16:40 - 00203976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Richtx32.ocx
2015-12-17 08:59 - 2006-06-02 16:40 - 00140488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COMDLG32.OCX
2015-12-17 08:59 - 2006-06-02 16:40 - 00067376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Sysinfo.ocx
2015-12-17 08:59 - 2001-08-06 17:28 - 00007952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBCCP32.CPL
2015-12-17 08:59 - 2001-08-06 17:13 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DS32GT.DLL
2015-12-17 08:59 - 2001-08-06 17:08 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBC32GT.DLL
2015-12-17 08:59 - 2000-08-02 15:44 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdocurs.dll
2015-12-17 08:59 - 1999-01-11 20:21 - 00026224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBC16GT.DLL
2015-12-17 08:59 - 1999-01-11 20:18 - 00004656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DS16GT.DLL
2015-12-17 08:59 - 1998-10-19 12:34 - 00037062 _____ C:\WINDOWS\SysWOW64\odbcinst.hlp
2015-12-17 08:59 - 1998-10-19 12:34 - 00000324 _____ C:\WINDOWS\SysWOW64\odbcinst.cnt
2015-12-17 08:59 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL
2015-12-17 08:58 - 2015-12-17 13:53 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-12-13 15:14 - 2015-12-13 15:14 - 00001133 ____N C:\Users\Míla\Desktop\recepty facebook – zástupce.lnk
2015-12-09 20:26 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 20:26 - 2015-12-01 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-09 20:26 - 2015-12-01 06:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-09 20:26 - 2015-12-01 06:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-09 20:26 - 2015-12-01 06:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 20:26 - 2015-12-01 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 20:26 - 2015-12-01 05:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-09 20:26 - 2015-11-25 06:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-09 20:26 - 2015-11-25 06:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-09 20:26 - 2015-11-25 06:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 20:26 - 2015-11-25 06:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 20:26 - 2015-11-25 06:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 20:26 - 2015-11-25 06:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-09 20:26 - 2015-11-25 06:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 20:26 - 2015-11-25 06:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-09 20:26 - 2015-11-25 06:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 20:26 - 2015-11-25 06:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 20:26 - 2015-11-25 06:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 20:26 - 2015-11-25 05:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 20:26 - 2015-11-25 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 20:26 - 2015-11-25 05:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 20:26 - 2015-11-25 05:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-09 20:26 - 2015-11-25 05:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-09 20:26 - 2015-11-25 05:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-09 20:26 - 2015-11-25 05:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-09 20:26 - 2015-11-25 05:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 20:26 - 2015-11-25 05:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-09 20:26 - 2015-11-25 05:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-09 20:26 - 2015-11-25 05:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 20:26 - 2015-11-25 05:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-09 20:26 - 2015-11-25 05:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 20:26 - 2015-11-25 05:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-09 20:26 - 2015-11-25 05:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 20:26 - 2015-11-25 05:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 20:26 - 2015-11-25 05:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-09 20:26 - 2015-11-25 05:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-09 20:26 - 2015-11-25 05:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 20:26 - 2015-11-25 05:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-09 20:26 - 2015-11-25 05:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-09 20:26 - 2015-11-25 05:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 20:26 - 2015-11-25 05:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 20:26 - 2015-11-25 05:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 20:26 - 2015-11-25 05:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 20:26 - 2015-11-25 05:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-09 20:26 - 2015-11-25 05:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-09 20:26 - 2015-11-25 05:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 20:26 - 2015-11-25 05:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-09 20:26 - 2015-11-25 05:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-09 20:26 - 2015-11-25 05:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-09 20:26 - 2015-11-25 05:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 20:26 - 2015-11-25 05:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 20:26 - 2015-11-25 05:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-09 20:26 - 2015-11-25 05:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-09 20:26 - 2015-11-25 05:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 20:26 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 20:26 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-11-28 21:31 - 2015-11-28 21:31 - 00000000 ____D C:\ProgramData\ConeXware
2015-11-28 21:30 - 2015-11-28 21:30 - 00000000 ____D C:\ProgramData\Caphyon
2015-11-28 21:30 - 2015-11-28 21:30 - 00000000 ____D C:\Program Files (x86)\PatchBeam
2015-11-28 21:29 - 2015-11-28 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-20 20:31 - 2015-07-10 10:47 - 00000000 ____D C:\Windows
2015-12-20 20:27 - 2015-10-19 21:38 - 00004192 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1E143A82-F3F7-46EF-8242-2747071AA966}
2015-12-20 20:25 - 2015-10-17 09:33 - 00000000 ___RD C:\Users\Míla\OneDrive
2015-12-20 05:11 - 2015-10-17 09:19 - 01762290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-20 05:11 - 2015-09-10 06:05 - 00745406 _____ C:\WINDOWS\system32\perfh005.dat
2015-12-20 05:11 - 2015-09-10 06:05 - 00149344 _____ C:\WINDOWS\system32\perfc005.dat
2015-12-20 05:11 - 2015-07-30 23:40 - 00000000 ____D C:\WINDOWS\INF
2015-12-20 05:06 - 2015-10-17 09:12 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-20 05:06 - 2015-07-30 22:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-19 22:37 - 2015-10-17 08:17 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-19 22:04 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-19 20:09 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-18 22:26 - 2015-11-06 22:10 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-18 22:26 - 2015-10-18 21:00 - 00001220 _____ C:\Users\Public\Desktop\WD My Cloud.lnk
2015-12-18 22:26 - 2015-10-17 09:14 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-18 22:26 - 2015-07-10 06:02 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk
2015-12-18 22:26 - 2015-07-10 06:02 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2015-12-18 22:26 - 2015-07-10 03:09 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2015-12-18 22:26 - 2015-07-10 03:01 - 00001578 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-12-18 22:26 - 2015-07-10 02:57 - 00002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2015-12-18 22:26 - 2015-07-10 02:57 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2015-12-18 22:25 - 2015-11-12 21:15 - 00000997 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-12-18 22:25 - 2015-11-06 22:10 - 00002118 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-18 22:25 - 2015-11-04 22:17 - 00001062 _____ C:\Users\Míla\Desktop\Daum Potplayer-64 Bits.lnk
2015-12-18 22:25 - 2015-10-21 15:32 - 00002042 _____ C:\Users\Public\Desktop\Pinnacle Studio 17.lnk
2015-12-18 22:25 - 2015-10-21 15:25 - 00001247 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2015-12-18 22:25 - 2015-10-21 15:15 - 00000719 _____ C:\Users\Public\Desktop\OpenTTD.lnk
2015-12-18 22:25 - 2015-10-19 05:43 - 00000722 _____ C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\PowerArchiver.lnk
2015-12-18 22:25 - 2015-10-18 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-18 22:25 - 2015-10-17 09:33 - 00002384 _____ C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-18 22:25 - 2015-10-17 09:33 - 00001047 _____ C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Volitelné funkce.lnk
2015-12-18 22:25 - 2015-10-17 09:13 - 00000000 ____D C:\Users\Míla
2015-12-18 22:25 - 2015-10-16 21:28 - 00001219 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2015-12-18 22:24 - 2015-07-30 22:49 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-18 22:04 - 2015-10-17 09:31 - 00000000 ____D C:\Users\Míla\AppData\Local\Packages
2015-12-18 20:55 - 2015-10-16 20:50 - 00000000 ____D C:\Users\Míla\AppData\Local\VirtualStore
2015-12-18 20:23 - 2015-07-30 23:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-17 22:06 - 2015-07-30 22:49 - 00405592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-17 14:30 - 2015-10-16 20:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-17 14:16 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-12-17 14:15 - 2015-10-18 20:34 - 00002028 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2015-12-11 10:46 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\rescache
2015-12-11 09:36 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-10 21:59 - 2015-10-18 17:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-10 21:59 - 2015-10-18 17:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 21:58 - 2009-07-14 03:34 - 00000478 _____ C:\WINDOWS\win.ini
2015-12-10 21:56 - 2015-10-17 00:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-10 21:56 - 2015-07-30 23:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-10 21:54 - 2015-10-17 00:45 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-01 01:32 - 2015-07-30 23:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 01:32 - 2015-07-30 23:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-12-17 14:18 - 2015-12-17 14:18 - 0005120 _____ () C:\Users\Míla\AppData\Roaming\GiftBag.db
2015-10-18 20:08 - 2015-10-18 20:08 - 0038503 _____ () C:\Users\Míla\AppData\Roaming\Hodnoty oddělené čárkami.ADR
2015-10-21 15:33 - 2015-10-21 15:33 - 0000209 _____ () C:\Users\Míla\AppData\Roaming\MÍLA-PC.MTBF.txt
2015-10-21 15:33 - 2015-10-21 15:41 - 0000904 _____ () C:\Users\Míla\AppData\Roaming\__AvidCloudManager.log
2015-10-21 15:34 - 2015-10-21 15:34 - 0003584 _____ () C:\Users\Míla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Users\Míla\AppData\Local\Temp\3588.tmp.exe
C:\Users\Míla\AppData\Local\Temp\B250.tmp.exe
C:\Users\Míla\AppData\Local\Temp\DPInstx64.exe
C:\Users\Míla\AppData\Local\Temp\DPInstx86.exe
C:\Users\Míla\AppData\Local\Temp\DPInst_Monx64.exe
C:\Users\Míla\AppData\Local\Temp\DPInst_Monx86.exe
C:\Users\Míla\AppData\Local\Temp\E2F5.tmp.exe
C:\Users\Míla\AppData\Local\Temp\OS_Detect.exe
C:\Users\Míla\AppData\Local\Temp\patchbeam.exe
C:\Users\Míla\AppData\Local\Temp\qqpcmgr_v11.1.16908.217_72809_Silence.exe
C:\Users\Míla\AppData\Local\Temp\setup.exe
C:\Users\Míla\AppData\Local\Temp\tcuni_crk.exe
C:\Users\Míla\AppData\Local\Temp\_is469F.exe
C:\Users\Míla\AppData\Local\Temp\_isCFD9.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-10 21:51
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Míla (2015-12-20 20:32:21)
Running from C:\Users\Míla\Desktop
Windows 10 Pro (X64) (2015-10-17 08:31:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1584525098-450318526-2047645849-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1584525098-450318526-2047645849-503 - Limited - Disabled)
Guest (S-1-5-21-1584525098-450318526-2047645849-501 - Limited - Disabled)
Míla (S-1-5-21-1584525098-450318526-2047645849-1000 - Administrator - Enabled) => C:\Users\Míla
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.30 - ASUSTeK Computer Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
ATI Catalyst Install Manager (HKLM\...\{AB7F4312-8037-4EBF-9D0F-5513CDFD534C}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Creative Pack Volume 3 - Kids (HKLM-x32\...\{7F2D1105-70ED-4379-8772-3F06E1D23F5A}) (Version: 1.00.0000.01 - Pinnacle Systems)
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)
DS Clock (HKLM-x32\...\DS Clock_is1) (Version: 1.6 - Duality Software)
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Easy Photo Print (HKLM-x32\...\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}) (Version: 1.5.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuál (HKLM-x32\...\EPSON Stylus CX7300_CX8300_DX7400_DX8400 Uživatelská příručka) (Version: - )
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 43.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 cs)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller Driver 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 267.85 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.85 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.85 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OpenTTD 1.3.0 (HKLM-x32\...\OpenTTD) (Version: 1.3.0 - OpenTTD)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 353.62 (Version: 353.62 - NVIDIA Corporation) Hidden
PatchBeam (HKLM-x32\...\PatchBeam) (Version: 1.10 - ConeXware, Inc.)
Pinnacle Creative Pack Volume 2 (HKLM-x32\...\{0299DF57-FF2E-42C6-A4D7-9480E537D191}) (Version: 1.00.0000.16 - Pinnacle Systems)
Pinnacle Scorefitter Volume 3 - Travel (HKLM-x32\...\{C8242A93-DA0A-4DED-997B-CBA00E254E91}) (Version: 1.00.0000.05 - Pinnacle Systems)
Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.0.0.128 - Corel Corporation)
Pinnacle Winter Pack (HKLM-x32\...\{67330878-0617-41A9-A3B0-B5298E89E7BC}) (Version: 1.00.0000.20 - Pinnacle Systems)
Pinnale Systems Software Keys (HKLM-x32\...\{616CD10B-1EC7-41D2-8C14-3ECE93E7AEE9}_is1) (Version: - VPP TEAM)
PotPlayer CZ verze 2.5 (HKLM\...\PotPlayerCZ_is1) (Version: 2.5 - Robert Pösel (Robyer))
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
PowerArchiver 2011 (HKLM-x32\...\PowerArchiver 2011 12.00.59) (Version: 12.00.59 - ConeXware, Inc.)
PowerArchiver 2011 (x32 Version: 12.00.59 - ConeXware, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Software tiskárny EPSON (HKLM\...\EPSON Printer and Utilities) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.57 - Ghisler Software GmbH)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{C224EEBF-D40A-4056-9DD3-EE74666F74AB}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Utility (x32 Version: 1.00.0002 - ASUSTek) Hidden
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1584525098-450318526-2047645849-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Míla\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-12-18 20:54 - 00450881 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 15465 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F72FC0-50F4-4416-983A-26B3910DF34B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0970334C-05CB-44B6-9EC6-2EC0394CA7F7} - System32\Tasks\{B5BAB777-DC8B-4D75-8F0A-277663520260} => pcalua.exe -a "C:\Program Files (x86)\LifeScan\LDCF\USBDrivers\SilabsXPVistaWin7\CP210xVCPInstaller.exe" -d "C:\Program Files (x86)\LifeScan\LDCF\USBDrivers\SilabsXPVistaWin7"
Task: {115A8205-9DFA-4958-920F-64E1B887AED0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {1D85A9FC-8243-4B2A-BD5F-892FC13E5982} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {23755604-03FB-497F-83FC-CEB15FAED9EE} - System32\Tasks\ASUS\ASUS DigiVRM Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe [2011-04-13] (ASUSTeK Computer Inc.)
Task: {23AAF027-4C6B-478E-B2C1-FC3C7367B5D3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2DB8C17F-BC96-475B-83D0-0248F8752002} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {3C64E352-48DB-46A2-AA6F-9A4960AC9808} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {413A399C-2A9E-442D-BB70-F267E33F6B60} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {419DCCF0-4FE3-410F-B7F8-3DC8D4D77C52} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {450A0A84-7358-45D7-81ED-B00F56FE3C81} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4EFCC16A-5F29-4037-9E2E-E343F8797C9A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {4F5768DD-5B21-4819-823F-C38B5435EE7F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {508E12B6-7D1D-4B63-BCDE-8610DEA049CC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-10] (Microsoft Corporation)
Task: {5329D53B-38C6-4DCA-9FBB-7371CEE549D3} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {55FE49C9-1086-4C9C-A53E-92CC5A3A2133} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {664204B6-9D64-4232-9D97-C7824D20280E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {787E7E68-A601-4916-B27F-D52169E0E067} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {7DCA1E2C-2A3F-4B2E-B189-90F5906515C1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8E6070CD-9221-472D-AE6C-673E0514BD41} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {91EA3CBA-9675-47F1-B9F6-27E4DEDAADAE} - System32\Tasks\Bus Virtual => Rundll32.exe "C:\Users\Míla\AppData\Local\Bus Virtual\{B2419BCF-0F5C-E1B2-AAE0-97F7695675E1}\BusVirtual.dll",#1 <==== ATTENTION
Task: {981067D2-79CD-44E5-A5B8-1D10E95C3561} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {9813F9E9-C301-4A84-B061-CB01632921FD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {99932A60-657C-41EB-B7CB-1A079373434D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {9A7294D0-DB39-4EA4-9120-2EAB4D801907} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A86136FD-D4C5-4F47-823B-E8FF054CE3B9} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {AAF8F28E-C7C9-41E2-B988-EA5BE33CBEED} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AC232160-36E9-4B4D-A215-945BCF446499} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {AEC24BC7-7B82-401D-BD41-C15B2EE26070} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {B5586E10-E611-446F-9C74-49757DCBFB16} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {BE329E14-8F69-4DE9-8FEC-0F332417E15F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {C024933C-E6AE-4072-A65B-78D02933C73B} - System32\Tasks\Bus Virtual2 => Rundll32.exe "C:\Users\Míla\AppData\Local\Bus Virtual\{B2419BCF-0F5C-E1B2-AAE0-97F7695675E1}\eapnxzf.dll",#1 <==== ATTENTION
Task: {D4BC7A54-E623-4188-B32A-B397C3E3E34E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D75E0411-C06B-429D-97D0-0E57319EE383} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {E267EE65-ED15-4ABA-BDCC-D65C78004265} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {E33512F6-BD3F-45C0-A47C-8D90EF2EB378} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E481A35F-4440-406F-A5F4-5A40384B9B9D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {E5720F5E-6F6E-4EE8-9F6C-30420D6D11EB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E76058D8-F58F-4B9B-BF15-22C62F57BB71} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EA8BC3DD-0841-4215-848D-DC3BBFFDBF13} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F99BF0A1-C402-4B14-ABF7-9B3E25AEF07F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Míla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Míla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
==================== Loaded Modules (Whitelisted) ==============
2015-07-10 04:33 - 2015-07-10 04:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 06:08 - 2015-09-10 06:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2010-11-03 10:30 - 2010-11-03 10:30 - 00918144 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2015-10-16 21:00 - 2010-10-21 10:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2010-12-02 03:15 - 2010-12-02 03:15 - 00915584 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
2015-09-10 06:08 - 2015-09-10 06:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-12-17 14:29 - 2015-12-17 14:29 - 00045568 _____ () C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe
2015-10-17 09:12 - 2015-07-23 02:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 20:26 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 20:26 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 20:26 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-16 20:59 - 2015-12-20 05:07 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2015-10-16 20:59 - 2010-06-29 03:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2015-10-16 21:02 - 2011-03-04 09:33 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2015-10-16 21:02 - 2009-05-21 09:14 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2015-10-16 21:00 - 2011-02-24 09:19 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2015-10-16 21:00 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2015-10-16 21:00 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2015-10-16 21:01 - 2011-03-09 13:55 - 01036800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2015-10-16 21:00 - 2011-03-23 14:05 - 00964608 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2015-10-16 21:01 - 2011-03-11 18:53 - 01257472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2015-10-16 21:02 - 2011-01-06 09:38 - 01027072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2015-10-16 21:00 - 2011-04-28 17:01 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2015-10-16 21:00 - 2011-04-07 16:33 - 01607168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2015-10-16 21:00 - 2011-01-07 15:39 - 01246208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2015-10-16 21:00 - 2010-08-06 17:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2015-10-16 21:00 - 2010-08-06 17:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2015-10-16 20:59 - 2010-08-23 03:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
2015-10-16 21:00 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
2015-10-16 21:28 - 2014-09-28 16:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7866 more sites.
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123simsen.com -> www.123simsen.com
There are 7866 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => " QQPCTray"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7EBED049-F3DC-4FD7-8EA5-A3B48CD25C4F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0B75C985-7777-481D-A9FF-AFBCF3A73593}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E107B923-FBF8-41B4-AD42-0FC76F503759}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E12C763-3272-43E4-A4C8-56AD3BAE0079}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{575DB943-2F2D-4CF6-B9DE-3610CFF58CB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BB5680F-C82C-40CB-96A8-4B64C9D0EF2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E131B1DD-32BC-4AC4-BB47-FC293F843FA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB873B66-02CD-4B2E-8080-9AC267C02EBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{433502C8-0B05-4EA4-9178-781FE6BBAEB5}] => (Allow) C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{483F8203-D3FC-464E-9DE3-06B5E35337DE}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [{D39443B1-FA12-4D30-BFC9-414A342B02E2}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [{A3AC7DAC-D09C-4BA2-91DE-E7E9BAF1543C}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{48F234EC-41B3-45D8-BF74-A032EB6F11C0}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{447EFAFA-AFAD-4628-BB26-45C052B69AF9}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{124278FF-C074-41C5-ACE2-D0CCBC774C00}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{90F6A6B9-6678-45F0-8A6B-E814EB6E0F2A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9A11FDB3-C55C-4579-ADE5-B0419FA36A9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{286E4E75-CBCC-4FCA-A775-9DC8087E2125}D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe] => (Allow) D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe
FirewallRules: [UDP Query User{93412699-4851-4DCA-8B22-204A2750AAF6}D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe] => (Allow) D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe
FirewallRules: [{B3D313B0-003E-4C7A-B724-8F2721A93A79}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{53DA6273-68EA-4C14-99FD-79E745204461}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
==================== Faulty Device Manager Devices =============
Name: LifeScan USB Device Driver vSL3.0 (COM5)
Description: LifeScan USB Device Driver vSL3.0
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: LifeScan Inc
Service: silabser
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/20/2015 05:31:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MÍLA-PC)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (12/18/2015 08:19:10 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (12/18/2015 08:19:10 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
Error: (12/18/2015 08:19:10 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Outlook4
Error: (12/17/2015 10:37:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 42.0.0.5780, časové razítko: 0x5632d0a4
Název chybujícího modulu: mozglue.dll, verze: 42.0.0.5780, časové razítko: 0x5632ba58
Kód výjimky: 0x80000003
Posun chyby: 0x0000ed50
ID chybujícího procesu: 0x1f20
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3
Úplný název chybujícího balíčku: plugin-container.exe4
ID aplikace související s chybujícím balíčkem: plugin-container.exe5
Error: (12/17/2015 02:17:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1 se nezdařilo.
Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (12/17/2015 02:17:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1 se nezdařilo.
Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (12/17/2015 12:34:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MÍLA-PC)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (12/17/2015 09:28:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program OneTouch.exe verze 102.3310.0.2910 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.
ID procesu: 14ac
Čas spuštění: 01d138a26814f15e
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Program Files (x86)\LifeScan\OneTouch\Bin\OneTouch.exe
ID hlášení: 268774c5-a498-11e5-8d95-c8600002356f
Úplný název balíčku s chybou:
ID aplikace související s balíčkem s chybou:
Error: (12/16/2015 12:57:35 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7500) Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032
System errors:
=============
Error: (12/20/2015 05:31:16 AM) (Source: DCOM) (EventID: 10010) (User: MÍLA-PC)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:08:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici
Error: (12/20/2015 05:06:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (22:50:18, 19.12.2015) bylo neočekávané.
Error: (12/20/2015 05:06:48 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212265134605854209825928
Error: (12/19/2015 08:09:32 PM) (Source: DCOM) (EventID: 10010) (User: MÍLA-PC)
Description: {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
Error: (12/19/2015 08:09:32 PM) (Source: DCOM) (EventID: 10010) (User: MÍLA-PC)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
CodeIntegrity:
===================================
Date: 2015-12-17 08:25:30.952
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-13 10:15:48.044
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-11 10:39:00.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.858
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.807
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.709
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.681
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:38:59.644
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:38:59.502
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: AMD FX(tm)-6100 Six-Core Processor
Percentage of memory in use: 19%
Total physical RAM: 8137.32 MB
Available physical RAM: 6514.05 MB
Total Virtual: 16329.32 MB
Available Virtual: 14684.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.35 GB) (Free:59.16 GB) NTFS
Drive d: (Data) (Fixed) (Total:581.46 GB) (Free:519.88 GB) NTFS
Drive e: (Film) (Fixed) (Total:232.88 GB) (Free:105.81 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:349.6 GB) (Free:70.89 GB) NTFS
Drive g: (EPSON) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6F87E4E2)
Partition 1: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 81D413B6)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2C0A6C3A)
Partition 1: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=349.6 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
Re: Prosím pomoc zavirované PC
Mate vypnutou funkci bodu obnoveni - velice doporucuji tuto funkci zapnout.
- Kliknete pravym na Tento pocitac -> Vlastnosti -> Upresnit nastaveni systemu -> nahore zalozka Ochrana systemu -> Konfigurovat -> vyberte Obnovit nastaveni systemu a predchozi verze souboru a ulozte klikem na Pouzit.
- Pokud si chcete hrat s velikosti mista na disku, ktere je vyuzito body obnoveni, nedoporucuji tuto hranici snizovat pod 1 GB. Pokud mate mista na disku dost, ponechte defaultni 3-5% vyuziti disku.
Az body obnoveni zapnete, vytvorte nove logy FRST.txt a Addition.txtPokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím pomoc zavirované PC
Děkuji za upozornění. ve Win7 bylo zapnuto, po instalaci Win10 mě nenapadlo to zkontrolovat.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Míla (administrator) on MÍLA-PC (21-12-2015 09:40:52)
Running from C:\Users\Míla\Desktop
Loaded Profiles: Míla (Available Profiles: Míla)
Platform: Windows 10 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(Alcohol Soft Development Team) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Duality Software) D:\Program Files (x86)\DS Clock\dsclock.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ConeXware, Inc.) D:\Program Files (x86)\PowerArchiver\PASTARTER.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [DS Clock] => D:\Program Files (x86)\DS Clock\dsclock.exe [331776 2005-02-14] (Duality Software)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [PowerArchiver Tray] => D:\Program Files (x86)\PowerArchiver\PASTARTER.EXE [210296 2011-02-14] (ConeXware, Inc.)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-07-10] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{dc91f2d3-2e48-4bd2-a2bd-d0ab52029f07}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130948606860700325&GUID=AE93D8DD-E26A-4B27-916D-789AE03A87B2
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130949417588053210&GUID=AE93D8DD-E26A-4B27-916D-789AE03A87B2
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://windows.microsoft.com/cs-cz/hotmail/home?ocid=iehp
SearchScopes: HKU\S-1-5-21-1584525098-450318526-2047645849-1000 -> {D51E603A-264D-4EDE-BD2E-1523D1372AE8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1584525098-450318526-2047645849-1000 -> hxxp://atlas.cz/
FireFox:
========
FF ProfilePath: C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default
FF DefaultSearchEngine:
FF Homepage: hxxp://atlas.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-03-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-03-23] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default\extensions\artur.dubovoy@gmail.com [2015-12-06]
FF Extension: SearchPreview - C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2015-12-21]
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default\Extensions\cs@dictionaries.addons.mozilla.org [2015-10-21] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!3451DB77BEF75AB45FE84082B4FEEE4E3451.js [2015-12-17] <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\3451DB77BEF75AB45FE84082B4FEEE4E3451 [2015-12-17] <==== ATTENTION
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
R2 AxVirtualAHCISrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe [97704 2015-04-11] (Alcohol Soft Development Team)
R2 FinwarmSvc; C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe [45568 2015-12-17] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-17] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek )
R0 sptd2; C:\Windows\System32\Drivers\sptd2.sys [162960 2015-10-21] (Duplex Secure Ltd)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S1 EIO64; \SystemRoot\System32\drivers\EIO64.sys [X]
U3 idsvc; no ImagePath
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
S1 xdansrpj; \??\C:\WINDOWS\system32\drivers\xdansrpj.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-21 09:35 - 2015-12-21 09:35 - 00000000 ___HD C:\OneDriveTemp
2015-12-21 09:34 - 2015-12-21 09:34 - 00016148 _____ C:\WINDOWS\system32\MÍLA-PC_Míla_HistoryPrediction.bin
2015-12-20 20:32 - 2015-12-20 20:33 - 00041899 _____ C:\Users\Míla\Desktop\Addition.txt
2015-12-20 20:31 - 2015-12-21 09:41 - 00012437 _____ C:\Users\Míla\Desktop\FRST.txt
2015-12-20 20:31 - 2015-12-21 09:40 - 00000000 ____D C:\FRST
2015-12-20 20:30 - 2015-12-20 20:30 - 02370560 _____ (Farbar) C:\Users\Míla\Desktop\FRST64.exe
2015-12-19 20:08 - 2015-12-19 20:09 - 00000000 ____D C:\AdwCleaner
2015-12-19 20:07 - 2015-12-19 20:06 - 01740288 _____ C:\Users\Míla\Desktop\adwcleaner_5.025.exe
2015-12-18 22:25 - 2015-12-18 20:54 - 00450881 ____R C:\WINDOWS\system32\Drivers\etc\hosts.orig
2015-12-18 22:15 - 2015-12-18 22:25 - 00001165 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-18 22:15 - 2015-12-18 22:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-18 22:15 - 2015-12-18 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-18 22:15 - 2015-12-18 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-18 22:15 - 2015-12-18 22:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-18 22:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-18 22:15 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-18 22:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-18 21:46 - 2015-12-18 22:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\rsit
2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\Program Files\trend micro
2015-12-18 20:59 - 2015-12-18 20:59 - 00000017 _____ C:\WINDOWS\SysWOW64\history.dat
2015-12-18 20:54 - 2015-12-17 14:27 - 00000931 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151218-205429.backup
2015-12-18 20:25 - 2015-12-18 20:25 - 16409960 _____ (Safer Networking Limited ) C:\Users\Míla\Desktop\setup-spybotsd162.exe
2015-12-18 20:22 - 2015-12-18 22:25 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-12-18 20:22 - 2015-12-18 20:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-18 20:22 - 2015-12-18 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-12-17 22:42 - 2015-12-17 23:09 - 00000000 ____D C:\Users\Míla\AppData\Roaming\Enigma Software Group
2015-12-17 22:42 - 2015-12-17 22:42 - 00000000 _____ C:\autoexec.bat
2015-12-17 22:41 - 2015-12-17 22:41 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-12-17 22:06 - 2015-12-18 22:25 - 00000270 __RSH C:\Users\Míla\ntuser.pol
2015-12-17 14:29 - 2015-12-17 14:29 - 00003232 _____ C:\WINDOWS\System32\Tasks\Bus Virtual
2015-12-17 14:29 - 2015-12-17 14:29 - 00003228 _____ C:\WINDOWS\System32\Tasks\Bus Virtual2
2015-12-17 14:28 - 2015-12-18 22:11 - 00000000 ____D C:\Users\Míla\AppData\Roaming\Opera Software
2015-12-17 14:28 - 2015-12-18 22:11 - 00000000 ____D C:\Users\Míla\AppData\Local\Opera Software
2015-12-17 14:28 - 2015-12-18 22:11 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-17 14:28 - 2015-12-17 14:27 - 00000931 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-12-17 14:18 - 2015-12-17 14:18 - 00005120 _____ C:\Users\Míla\AppData\Roaming\GiftBag.db
2015-12-17 14:18 - 2015-12-17 14:18 - 00000000 ____D C:\Users\M韑a\AppData\Roaming\Tencent
2015-12-17 14:18 - 2015-12-17 14:18 - 00000000 ____D C:\Users\M韑a
2015-12-17 14:16 - 2015-12-18 22:25 - 00000270 __RSH C:\ProgramData\ntuser.pol
2015-12-17 13:53 - 2015-12-17 13:53 - 00000000 ____D C:\Users\Míla\AppData\Local\SiDiary
2015-12-17 09:53 - 2015-12-17 09:53 - 00191504 _____ (Prolific Technology Inc.) C:\WINDOWS\system32\Drivers\ser2pl64.sys
2015-12-17 09:53 - 2015-12-17 09:53 - 00000000 ____D C:\WINDOWS\LastGood
2015-12-17 09:52 - 2015-12-17 09:52 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2015-12-17 09:39 - 2015-12-17 13:18 - 00000000 ____D C:\WINDOWS\OTBackup
2015-12-17 09:35 - 2015-12-17 09:35 - 00003464 _____ C:\WINDOWS\System32\Tasks\{B5BAB777-DC8B-4D75-8F0A-277663520260}
2015-12-17 09:23 - 2015-12-17 09:23 - 00000000 ____D C:\Users\Míla\AppData\Local\{FD37D6C0-2049-4AE2-B903-AA87CA9EABB9}
2015-12-17 09:09 - 2015-12-17 09:09 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-12-17 09:00 - 2015-12-17 09:00 - 00000000 ____D C:\Users\Míla\AppData\Local\{95DD20F6-507D-4254-B0C6-D187C2769568}
2015-12-17 09:00 - 2015-12-17 09:00 - 00000000 ____D C:\Program Files (x86)\Silabs
2015-12-17 08:59 - 2006-06-02 16:40 - 01066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomctl.ocx
2015-12-17 08:59 - 2006-06-02 16:40 - 00647872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCT2.OCX
2015-12-17 08:59 - 2006-06-02 16:40 - 00438976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHFLXGD.OCX
2015-12-17 08:59 - 2006-06-02 16:40 - 00203976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Richtx32.ocx
2015-12-17 08:59 - 2006-06-02 16:40 - 00140488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COMDLG32.OCX
2015-12-17 08:59 - 2006-06-02 16:40 - 00067376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Sysinfo.ocx
2015-12-17 08:59 - 2001-08-06 17:28 - 00007952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBCCP32.CPL
2015-12-17 08:59 - 2001-08-06 17:13 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DS32GT.DLL
2015-12-17 08:59 - 2001-08-06 17:08 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBC32GT.DLL
2015-12-17 08:59 - 2000-08-02 15:44 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdocurs.dll
2015-12-17 08:59 - 1999-01-11 20:21 - 00026224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBC16GT.DLL
2015-12-17 08:59 - 1999-01-11 20:18 - 00004656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DS16GT.DLL
2015-12-17 08:59 - 1998-10-19 12:34 - 00037062 _____ C:\WINDOWS\SysWOW64\odbcinst.hlp
2015-12-17 08:59 - 1998-10-19 12:34 - 00000324 _____ C:\WINDOWS\SysWOW64\odbcinst.cnt
2015-12-17 08:59 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL
2015-12-17 08:58 - 2015-12-17 13:53 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-12-13 15:14 - 2015-12-13 15:14 - 00001133 ____N C:\Users\Míla\Desktop\recepty facebook – zástupce.lnk
2015-12-09 20:26 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 20:26 - 2015-12-01 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-09 20:26 - 2015-12-01 06:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-09 20:26 - 2015-12-01 06:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-09 20:26 - 2015-12-01 06:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 20:26 - 2015-12-01 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 20:26 - 2015-12-01 05:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-09 20:26 - 2015-11-25 06:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-09 20:26 - 2015-11-25 06:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-09 20:26 - 2015-11-25 06:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 20:26 - 2015-11-25 06:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 20:26 - 2015-11-25 06:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 20:26 - 2015-11-25 06:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-09 20:26 - 2015-11-25 06:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 20:26 - 2015-11-25 06:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-09 20:26 - 2015-11-25 06:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 20:26 - 2015-11-25 06:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 20:26 - 2015-11-25 06:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 20:26 - 2015-11-25 05:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 20:26 - 2015-11-25 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 20:26 - 2015-11-25 05:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 20:26 - 2015-11-25 05:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-09 20:26 - 2015-11-25 05:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-09 20:26 - 2015-11-25 05:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-09 20:26 - 2015-11-25 05:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-09 20:26 - 2015-11-25 05:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 20:26 - 2015-11-25 05:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-09 20:26 - 2015-11-25 05:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-09 20:26 - 2015-11-25 05:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 20:26 - 2015-11-25 05:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-09 20:26 - 2015-11-25 05:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 20:26 - 2015-11-25 05:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-09 20:26 - 2015-11-25 05:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 20:26 - 2015-11-25 05:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 20:26 - 2015-11-25 05:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-09 20:26 - 2015-11-25 05:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-09 20:26 - 2015-11-25 05:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 20:26 - 2015-11-25 05:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-09 20:26 - 2015-11-25 05:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-09 20:26 - 2015-11-25 05:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 20:26 - 2015-11-25 05:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 20:26 - 2015-11-25 05:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 20:26 - 2015-11-25 05:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 20:26 - 2015-11-25 05:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-09 20:26 - 2015-11-25 05:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-09 20:26 - 2015-11-25 05:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 20:26 - 2015-11-25 05:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-09 20:26 - 2015-11-25 05:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-09 20:26 - 2015-11-25 05:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-09 20:26 - 2015-11-25 05:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 20:26 - 2015-11-25 05:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 20:26 - 2015-11-25 05:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-09 20:26 - 2015-11-25 05:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-09 20:26 - 2015-11-25 05:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 20:26 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 20:26 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-11-28 21:31 - 2015-11-28 21:31 - 00000000 ____D C:\ProgramData\ConeXware
2015-11-28 21:30 - 2015-11-28 21:30 - 00000000 ____D C:\ProgramData\Caphyon
2015-11-28 21:30 - 2015-11-28 21:30 - 00000000 ____D C:\Program Files (x86)\PatchBeam
2015-11-28 21:29 - 2015-11-28 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-21 09:38 - 2015-10-19 21:38 - 00004192 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1E143A82-F3F7-46EF-8242-2747071AA966}
2015-12-21 09:37 - 2015-10-17 08:17 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-21 09:35 - 2015-10-17 09:33 - 00000000 ___RD C:\Users\Míla\OneDrive
2015-12-20 20:32 - 2015-07-10 10:47 - 00000000 ____D C:\Windows
2015-12-20 05:11 - 2015-10-17 09:19 - 01762290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-20 05:11 - 2015-09-10 06:05 - 00745406 _____ C:\WINDOWS\system32\perfh005.dat
2015-12-20 05:11 - 2015-09-10 06:05 - 00149344 _____ C:\WINDOWS\system32\perfc005.dat
2015-12-20 05:11 - 2015-07-30 23:40 - 00000000 ____D C:\WINDOWS\INF
2015-12-20 05:06 - 2015-10-17 09:12 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-20 05:06 - 2015-07-30 22:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-19 22:04 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-19 20:09 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-18 22:26 - 2015-11-06 22:10 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-18 22:26 - 2015-10-18 21:00 - 00001220 _____ C:\Users\Public\Desktop\WD My Cloud.lnk
2015-12-18 22:26 - 2015-10-17 09:14 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-18 22:26 - 2015-07-10 06:02 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk
2015-12-18 22:26 - 2015-07-10 06:02 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2015-12-18 22:26 - 2015-07-10 03:09 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2015-12-18 22:26 - 2015-07-10 03:01 - 00001578 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-12-18 22:26 - 2015-07-10 02:57 - 00002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2015-12-18 22:26 - 2015-07-10 02:57 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2015-12-18 22:25 - 2015-11-12 21:15 - 00000997 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-12-18 22:25 - 2015-11-06 22:10 - 00002118 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-18 22:25 - 2015-11-04 22:17 - 00001062 _____ C:\Users\Míla\Desktop\Daum Potplayer-64 Bits.lnk
2015-12-18 22:25 - 2015-10-21 15:32 - 00002042 _____ C:\Users\Public\Desktop\Pinnacle Studio 17.lnk
2015-12-18 22:25 - 2015-10-21 15:25 - 00001247 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2015-12-18 22:25 - 2015-10-21 15:15 - 00000719 _____ C:\Users\Public\Desktop\OpenTTD.lnk
2015-12-18 22:25 - 2015-10-19 05:43 - 00000722 _____ C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\PowerArchiver.lnk
2015-12-18 22:25 - 2015-10-18 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-18 22:25 - 2015-10-17 09:33 - 00002384 _____ C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-18 22:25 - 2015-10-17 09:33 - 00001047 _____ C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Volitelné funkce.lnk
2015-12-18 22:25 - 2015-10-17 09:13 - 00000000 ____D C:\Users\Míla
2015-12-18 22:25 - 2015-10-16 21:28 - 00001219 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2015-12-18 22:24 - 2015-07-30 22:49 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-18 22:04 - 2015-10-17 09:31 - 00000000 ____D C:\Users\Míla\AppData\Local\Packages
2015-12-18 20:55 - 2015-10-16 20:50 - 00000000 ____D C:\Users\Míla\AppData\Local\VirtualStore
2015-12-18 20:23 - 2015-07-30 23:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-17 22:06 - 2015-07-30 22:49 - 00405592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-17 14:30 - 2015-10-16 20:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-17 14:16 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-12-17 14:15 - 2015-10-18 20:34 - 00002028 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2015-12-11 10:46 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\rescache
2015-12-11 09:36 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-10 21:59 - 2015-10-18 17:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-10 21:59 - 2015-10-18 17:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 21:58 - 2009-07-14 03:34 - 00000478 _____ C:\WINDOWS\win.ini
2015-12-10 21:56 - 2015-10-17 00:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-10 21:56 - 2015-07-30 23:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-10 21:54 - 2015-10-17 00:45 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-01 01:32 - 2015-07-30 23:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 01:32 - 2015-07-30 23:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-12-17 14:18 - 2015-12-17 14:18 - 0005120 _____ () C:\Users\Míla\AppData\Roaming\GiftBag.db
2015-10-18 20:08 - 2015-10-18 20:08 - 0038503 _____ () C:\Users\Míla\AppData\Roaming\Hodnoty oddělené čárkami.ADR
2015-10-21 15:33 - 2015-10-21 15:33 - 0000209 _____ () C:\Users\Míla\AppData\Roaming\MÍLA-PC.MTBF.txt
2015-10-21 15:33 - 2015-10-21 15:41 - 0000904 _____ () C:\Users\Míla\AppData\Roaming\__AvidCloudManager.log
2015-10-21 15:34 - 2015-10-21 15:34 - 0003584 _____ () C:\Users\Míla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Users\Míla\AppData\Local\Temp\3588.tmp.exe
C:\Users\Míla\AppData\Local\Temp\B250.tmp.exe
C:\Users\Míla\AppData\Local\Temp\DPInstx64.exe
C:\Users\Míla\AppData\Local\Temp\DPInstx86.exe
C:\Users\Míla\AppData\Local\Temp\DPInst_Monx64.exe
C:\Users\Míla\AppData\Local\Temp\DPInst_Monx86.exe
C:\Users\Míla\AppData\Local\Temp\E2F5.tmp.exe
C:\Users\Míla\AppData\Local\Temp\OS_Detect.exe
C:\Users\Míla\AppData\Local\Temp\patchbeam.exe
C:\Users\Míla\AppData\Local\Temp\qqpcmgr_v11.1.16908.217_72809_Silence.exe
C:\Users\Míla\AppData\Local\Temp\setup.exe
C:\Users\Míla\AppData\Local\Temp\tcuni_crk.exe
C:\Users\Míla\AppData\Local\Temp\_is469F.exe
C:\Users\Míla\AppData\Local\Temp\_isCFD9.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-20 21:27
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Míla (2015-12-21 09:41:23)
Running from C:\Users\Míla\Desktop
Windows 10 Pro (X64) (2015-10-17 08:31:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1584525098-450318526-2047645849-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1584525098-450318526-2047645849-503 - Limited - Disabled)
Guest (S-1-5-21-1584525098-450318526-2047645849-501 - Limited - Disabled)
Míla (S-1-5-21-1584525098-450318526-2047645849-1000 - Administrator - Enabled) => C:\Users\Míla
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.30 - ASUSTeK Computer Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
ATI Catalyst Install Manager (HKLM\...\{AB7F4312-8037-4EBF-9D0F-5513CDFD534C}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Creative Pack Volume 3 - Kids (HKLM-x32\...\{7F2D1105-70ED-4379-8772-3F06E1D23F5A}) (Version: 1.00.0000.01 - Pinnacle Systems)
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)
DS Clock (HKLM-x32\...\DS Clock_is1) (Version: 1.6 - Duality Software)
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Easy Photo Print (HKLM-x32\...\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}) (Version: 1.5.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuál (HKLM-x32\...\EPSON Stylus CX7300_CX8300_DX7400_DX8400 Uživatelská příručka) (Version: - )
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 43.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 cs)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller Driver 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 267.85 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.85 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.85 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OpenTTD 1.3.0 (HKLM-x32\...\OpenTTD) (Version: 1.3.0 - OpenTTD)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 353.62 (Version: 353.62 - NVIDIA Corporation) Hidden
PatchBeam (HKLM-x32\...\PatchBeam) (Version: 1.10 - ConeXware, Inc.)
Pinnacle Creative Pack Volume 2 (HKLM-x32\...\{0299DF57-FF2E-42C6-A4D7-9480E537D191}) (Version: 1.00.0000.16 - Pinnacle Systems)
Pinnacle Scorefitter Volume 3 - Travel (HKLM-x32\...\{C8242A93-DA0A-4DED-997B-CBA00E254E91}) (Version: 1.00.0000.05 - Pinnacle Systems)
Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.0.0.128 - Corel Corporation)
Pinnacle Winter Pack (HKLM-x32\...\{67330878-0617-41A9-A3B0-B5298E89E7BC}) (Version: 1.00.0000.20 - Pinnacle Systems)
Pinnale Systems Software Keys (HKLM-x32\...\{616CD10B-1EC7-41D2-8C14-3ECE93E7AEE9}_is1) (Version: - VPP TEAM)
PotPlayer CZ verze 2.5 (HKLM\...\PotPlayerCZ_is1) (Version: 2.5 - Robert Pösel (Robyer))
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
PowerArchiver 2011 (HKLM-x32\...\PowerArchiver 2011 12.00.59) (Version: 12.00.59 - ConeXware, Inc.)
PowerArchiver 2011 (x32 Version: 12.00.59 - ConeXware, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Software tiskárny EPSON (HKLM\...\EPSON Printer and Utilities) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.57 - Ghisler Software GmbH)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{C224EEBF-D40A-4056-9DD3-EE74666F74AB}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Utility (x32 Version: 1.00.0002 - ASUSTek) Hidden
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1584525098-450318526-2047645849-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Míla\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-12-18 20:54 - 00450881 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 15465 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F72FC0-50F4-4416-983A-26B3910DF34B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0970334C-05CB-44B6-9EC6-2EC0394CA7F7} - System32\Tasks\{B5BAB777-DC8B-4D75-8F0A-277663520260} => pcalua.exe -a "C:\Program Files (x86)\LifeScan\LDCF\USBDrivers\SilabsXPVistaWin7\CP210xVCPInstaller.exe" -d "C:\Program Files (x86)\LifeScan\LDCF\USBDrivers\SilabsXPVistaWin7"
Task: {115A8205-9DFA-4958-920F-64E1B887AED0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {1B38F601-17A8-4713-9DB1-AC3347D271DD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-10] (Microsoft Corporation)
Task: {1D85A9FC-8243-4B2A-BD5F-892FC13E5982} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {23755604-03FB-497F-83FC-CEB15FAED9EE} - System32\Tasks\ASUS\ASUS DigiVRM Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe [2011-04-13] (ASUSTeK Computer Inc.)
Task: {23AAF027-4C6B-478E-B2C1-FC3C7367B5D3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2DB8C17F-BC96-475B-83D0-0248F8752002} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {3C64E352-48DB-46A2-AA6F-9A4960AC9808} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {413A399C-2A9E-442D-BB70-F267E33F6B60} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {419DCCF0-4FE3-410F-B7F8-3DC8D4D77C52} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {450A0A84-7358-45D7-81ED-B00F56FE3C81} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4EFCC16A-5F29-4037-9E2E-E343F8797C9A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {4F5768DD-5B21-4819-823F-C38B5435EE7F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5329D53B-38C6-4DCA-9FBB-7371CEE549D3} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {55FE49C9-1086-4C9C-A53E-92CC5A3A2133} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {664204B6-9D64-4232-9D97-C7824D20280E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {787E7E68-A601-4916-B27F-D52169E0E067} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {7DCA1E2C-2A3F-4B2E-B189-90F5906515C1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8E6070CD-9221-472D-AE6C-673E0514BD41} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {91EA3CBA-9675-47F1-B9F6-27E4DEDAADAE} - System32\Tasks\Bus Virtual => Rundll32.exe "C:\Users\Míla\AppData\Local\Bus Virtual\{B2419BCF-0F5C-E1B2-AAE0-97F7695675E1}\BusVirtual.dll",#1 <==== ATTENTION
Task: {981067D2-79CD-44E5-A5B8-1D10E95C3561} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {9813F9E9-C301-4A84-B061-CB01632921FD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {99932A60-657C-41EB-B7CB-1A079373434D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {9A7294D0-DB39-4EA4-9120-2EAB4D801907} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A86136FD-D4C5-4F47-823B-E8FF054CE3B9} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {AAF8F28E-C7C9-41E2-B988-EA5BE33CBEED} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AC232160-36E9-4B4D-A215-945BCF446499} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {AEC24BC7-7B82-401D-BD41-C15B2EE26070} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {B5586E10-E611-446F-9C74-49757DCBFB16} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {BE329E14-8F69-4DE9-8FEC-0F332417E15F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {C024933C-E6AE-4072-A65B-78D02933C73B} - System32\Tasks\Bus Virtual2 => Rundll32.exe "C:\Users\Míla\AppData\Local\Bus Virtual\{B2419BCF-0F5C-E1B2-AAE0-97F7695675E1}\eapnxzf.dll",#1 <==== ATTENTION
Task: {D4BC7A54-E623-4188-B32A-B397C3E3E34E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D75E0411-C06B-429D-97D0-0E57319EE383} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {E267EE65-ED15-4ABA-BDCC-D65C78004265} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {E33512F6-BD3F-45C0-A47C-8D90EF2EB378} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E481A35F-4440-406F-A5F4-5A40384B9B9D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {E5720F5E-6F6E-4EE8-9F6C-30420D6D11EB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E76058D8-F58F-4B9B-BF15-22C62F57BB71} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EA8BC3DD-0841-4215-848D-DC3BBFFDBF13} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F99BF0A1-C402-4B14-ABF7-9B3E25AEF07F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Míla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Míla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
==================== Loaded Modules (Whitelisted) ==============
2015-07-10 04:33 - 2015-07-10 04:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 06:08 - 2015-09-10 06:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2010-11-03 10:30 - 2010-11-03 10:30 - 00918144 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2015-10-16 21:00 - 2010-10-21 10:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2010-12-02 03:15 - 2010-12-02 03:15 - 00915584 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
2015-09-10 06:08 - 2015-09-10 06:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-12-17 14:29 - 2015-12-17 14:29 - 00045568 _____ () C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe
2015-10-17 09:12 - 2015-07-23 02:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 20:26 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 20:26 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 20:26 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-16 20:59 - 2015-12-20 05:07 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2015-10-16 20:59 - 2010-06-29 03:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2015-10-16 21:02 - 2011-03-04 09:33 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2015-10-16 21:02 - 2009-05-21 09:14 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2015-10-16 21:00 - 2011-02-24 09:19 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2015-10-16 21:00 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2015-10-16 21:00 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2015-10-16 21:01 - 2011-03-09 13:55 - 01036800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2015-10-16 21:00 - 2011-03-23 14:05 - 00964608 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2015-10-16 21:01 - 2011-03-11 18:53 - 01257472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2015-10-16 21:02 - 2011-01-06 09:38 - 01027072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2015-10-16 21:00 - 2011-04-28 17:01 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2015-10-16 21:00 - 2011-04-07 16:33 - 01607168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2015-10-16 21:00 - 2011-01-07 15:39 - 01246208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2015-10-16 21:00 - 2010-08-06 17:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2015-10-16 21:00 - 2010-08-06 17:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2015-10-16 20:59 - 2010-08-23 03:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
2015-10-16 21:00 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
2015-10-16 21:28 - 2014-09-28 16:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7866 more sites.
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123simsen.com -> www.123simsen.com
There are 7866 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => " QQPCTray"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7EBED049-F3DC-4FD7-8EA5-A3B48CD25C4F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0B75C985-7777-481D-A9FF-AFBCF3A73593}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E107B923-FBF8-41B4-AD42-0FC76F503759}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E12C763-3272-43E4-A4C8-56AD3BAE0079}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{575DB943-2F2D-4CF6-B9DE-3610CFF58CB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BB5680F-C82C-40CB-96A8-4B64C9D0EF2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E131B1DD-32BC-4AC4-BB47-FC293F843FA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB873B66-02CD-4B2E-8080-9AC267C02EBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{433502C8-0B05-4EA4-9178-781FE6BBAEB5}] => (Allow) C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{483F8203-D3FC-464E-9DE3-06B5E35337DE}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [{D39443B1-FA12-4D30-BFC9-414A342B02E2}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [{A3AC7DAC-D09C-4BA2-91DE-E7E9BAF1543C}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{48F234EC-41B3-45D8-BF74-A032EB6F11C0}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{447EFAFA-AFAD-4628-BB26-45C052B69AF9}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{124278FF-C074-41C5-ACE2-D0CCBC774C00}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{90F6A6B9-6678-45F0-8A6B-E814EB6E0F2A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9A11FDB3-C55C-4579-ADE5-B0419FA36A9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{286E4E75-CBCC-4FCA-A775-9DC8087E2125}D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe] => (Allow) D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe
FirewallRules: [UDP Query User{93412699-4851-4DCA-8B22-204A2750AAF6}D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe] => (Allow) D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe
FirewallRules: [{B3D313B0-003E-4C7A-B724-8F2721A93A79}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{53DA6273-68EA-4C14-99FD-79E745204461}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
==================== Faulty Device Manager Devices =============
Name: LifeScan USB Device Driver vSL3.0 (COM5)
Description: LifeScan USB Device Driver vSL3.0
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: LifeScan Inc
Service: silabser
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/20/2015 05:31:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MÍLA-PC)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (12/18/2015 08:19:10 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (12/18/2015 08:19:10 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
Error: (12/18/2015 08:19:10 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Outlook4
Error: (12/17/2015 10:37:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 42.0.0.5780, časové razítko: 0x5632d0a4
Název chybujícího modulu: mozglue.dll, verze: 42.0.0.5780, časové razítko: 0x5632ba58
Kód výjimky: 0x80000003
Posun chyby: 0x0000ed50
ID chybujícího procesu: 0x1f20
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3
Úplný název chybujícího balíčku: plugin-container.exe4
ID aplikace související s chybujícím balíčkem: plugin-container.exe5
Error: (12/17/2015 02:17:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1 se nezdařilo.
Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (12/17/2015 02:17:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1 se nezdařilo.
Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (12/17/2015 12:34:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MÍLA-PC)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (12/17/2015 09:28:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program OneTouch.exe verze 102.3310.0.2910 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.
ID procesu: 14ac
Čas spuštění: 01d138a26814f15e
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Program Files (x86)\LifeScan\OneTouch\Bin\OneTouch.exe
ID hlášení: 268774c5-a498-11e5-8d95-c8600002356f
Úplný název balíčku s chybou:
ID aplikace související s balíčkem s chybou:
Error: (12/16/2015 12:57:35 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7500) Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032
System errors:
=============
Error: (12/20/2015 10:50:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_Session2 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 10:50:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_Session2 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 10:50:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_Session2 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 10:50:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_Session2 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:16 AM) (Source: DCOM) (EventID: 10010) (User: MÍLA-PC)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:08:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici
CodeIntegrity:
===================================
Date: 2015-12-20 21:28:00.270
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-17 08:25:30.952
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-13 10:15:48.044
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-11 10:39:00.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.858
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.807
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.709
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.681
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:38:59.644
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: AMD FX(tm)-6100 Six-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 8137.32 MB
Available physical RAM: 6212.65 MB
Total Virtual: 16329.32 MB
Available Virtual: 14325.75 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.35 GB) (Free:59.1 GB) NTFS
Drive d: (Data) (Fixed) (Total:581.46 GB) (Free:519.88 GB) NTFS
Drive e: (Film) (Fixed) (Total:232.88 GB) (Free:105.81 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:349.6 GB) (Free:70.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6F87E4E2)
Partition 1: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 81D413B6)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2C0A6C3A)
Partition 1: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=349.6 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Míla (administrator) on MÍLA-PC (21-12-2015 09:40:52)
Running from C:\Users\Míla\Desktop
Loaded Profiles: Míla (Available Profiles: Míla)
Platform: Windows 10 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(Alcohol Soft Development Team) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Duality Software) D:\Program Files (x86)\DS Clock\dsclock.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ConeXware, Inc.) D:\Program Files (x86)\PowerArchiver\PASTARTER.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [DS Clock] => D:\Program Files (x86)\DS Clock\dsclock.exe [331776 2005-02-14] (Duality Software)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [PowerArchiver Tray] => D:\Program Files (x86)\PowerArchiver\PASTARTER.EXE [210296 2011-02-14] (ConeXware, Inc.)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-07-10] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{dc91f2d3-2e48-4bd2-a2bd-d0ab52029f07}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130948606860700325&GUID=AE93D8DD-E26A-4B27-916D-789AE03A87B2
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130949417588053210&GUID=AE93D8DD-E26A-4B27-916D-789AE03A87B2
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://windows.microsoft.com/cs-cz/hotmail/home?ocid=iehp
SearchScopes: HKU\S-1-5-21-1584525098-450318526-2047645849-1000 -> {D51E603A-264D-4EDE-BD2E-1523D1372AE8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1584525098-450318526-2047645849-1000 -> hxxp://atlas.cz/
FireFox:
========
FF ProfilePath: C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default
FF DefaultSearchEngine:
FF Homepage: hxxp://atlas.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-03-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-03-23] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default\extensions\artur.dubovoy@gmail.com [2015-12-06]
FF Extension: SearchPreview - C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2015-12-21]
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\Míla\AppData\Roaming\Mozilla\Firefox\Profiles\tivrhaa7.default\Extensions\cs@dictionaries.addons.mozilla.org [2015-10-21] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!3451DB77BEF75AB45FE84082B4FEEE4E3451.js [2015-12-17] <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\3451DB77BEF75AB45FE84082B4FEEE4E3451 [2015-12-17] <==== ATTENTION
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
R2 AxVirtualAHCISrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe [97704 2015-04-11] (Alcohol Soft Development Team)
R2 FinwarmSvc; C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe [45568 2015-12-17] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-17] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek )
R0 sptd2; C:\Windows\System32\Drivers\sptd2.sys [162960 2015-10-21] (Duplex Secure Ltd)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S1 EIO64; \SystemRoot\System32\drivers\EIO64.sys [X]
U3 idsvc; no ImagePath
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
S1 xdansrpj; \??\C:\WINDOWS\system32\drivers\xdansrpj.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-21 09:35 - 2015-12-21 09:35 - 00000000 ___HD C:\OneDriveTemp
2015-12-21 09:34 - 2015-12-21 09:34 - 00016148 _____ C:\WINDOWS\system32\MÍLA-PC_Míla_HistoryPrediction.bin
2015-12-20 20:32 - 2015-12-20 20:33 - 00041899 _____ C:\Users\Míla\Desktop\Addition.txt
2015-12-20 20:31 - 2015-12-21 09:41 - 00012437 _____ C:\Users\Míla\Desktop\FRST.txt
2015-12-20 20:31 - 2015-12-21 09:40 - 00000000 ____D C:\FRST
2015-12-20 20:30 - 2015-12-20 20:30 - 02370560 _____ (Farbar) C:\Users\Míla\Desktop\FRST64.exe
2015-12-19 20:08 - 2015-12-19 20:09 - 00000000 ____D C:\AdwCleaner
2015-12-19 20:07 - 2015-12-19 20:06 - 01740288 _____ C:\Users\Míla\Desktop\adwcleaner_5.025.exe
2015-12-18 22:25 - 2015-12-18 20:54 - 00450881 ____R C:\WINDOWS\system32\Drivers\etc\hosts.orig
2015-12-18 22:15 - 2015-12-18 22:25 - 00001165 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-18 22:15 - 2015-12-18 22:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-18 22:15 - 2015-12-18 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-18 22:15 - 2015-12-18 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-18 22:15 - 2015-12-18 22:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-18 22:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-18 22:15 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-18 22:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-18 21:46 - 2015-12-18 22:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\rsit
2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\Program Files\trend micro
2015-12-18 20:59 - 2015-12-18 20:59 - 00000017 _____ C:\WINDOWS\SysWOW64\history.dat
2015-12-18 20:54 - 2015-12-17 14:27 - 00000931 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151218-205429.backup
2015-12-18 20:25 - 2015-12-18 20:25 - 16409960 _____ (Safer Networking Limited ) C:\Users\Míla\Desktop\setup-spybotsd162.exe
2015-12-18 20:22 - 2015-12-18 22:25 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-12-18 20:22 - 2015-12-18 20:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-18 20:22 - 2015-12-18 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-12-17 22:42 - 2015-12-17 23:09 - 00000000 ____D C:\Users\Míla\AppData\Roaming\Enigma Software Group
2015-12-17 22:42 - 2015-12-17 22:42 - 00000000 _____ C:\autoexec.bat
2015-12-17 22:41 - 2015-12-17 22:41 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-12-17 22:06 - 2015-12-18 22:25 - 00000270 __RSH C:\Users\Míla\ntuser.pol
2015-12-17 14:29 - 2015-12-17 14:29 - 00003232 _____ C:\WINDOWS\System32\Tasks\Bus Virtual
2015-12-17 14:29 - 2015-12-17 14:29 - 00003228 _____ C:\WINDOWS\System32\Tasks\Bus Virtual2
2015-12-17 14:28 - 2015-12-18 22:11 - 00000000 ____D C:\Users\Míla\AppData\Roaming\Opera Software
2015-12-17 14:28 - 2015-12-18 22:11 - 00000000 ____D C:\Users\Míla\AppData\Local\Opera Software
2015-12-17 14:28 - 2015-12-18 22:11 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-17 14:28 - 2015-12-17 14:27 - 00000931 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-12-17 14:18 - 2015-12-17 14:18 - 00005120 _____ C:\Users\Míla\AppData\Roaming\GiftBag.db
2015-12-17 14:18 - 2015-12-17 14:18 - 00000000 ____D C:\Users\M韑a\AppData\Roaming\Tencent
2015-12-17 14:18 - 2015-12-17 14:18 - 00000000 ____D C:\Users\M韑a
2015-12-17 14:16 - 2015-12-18 22:25 - 00000270 __RSH C:\ProgramData\ntuser.pol
2015-12-17 13:53 - 2015-12-17 13:53 - 00000000 ____D C:\Users\Míla\AppData\Local\SiDiary
2015-12-17 09:53 - 2015-12-17 09:53 - 00191504 _____ (Prolific Technology Inc.) C:\WINDOWS\system32\Drivers\ser2pl64.sys
2015-12-17 09:53 - 2015-12-17 09:53 - 00000000 ____D C:\WINDOWS\LastGood
2015-12-17 09:52 - 2015-12-17 09:52 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2015-12-17 09:39 - 2015-12-17 13:18 - 00000000 ____D C:\WINDOWS\OTBackup
2015-12-17 09:35 - 2015-12-17 09:35 - 00003464 _____ C:\WINDOWS\System32\Tasks\{B5BAB777-DC8B-4D75-8F0A-277663520260}
2015-12-17 09:23 - 2015-12-17 09:23 - 00000000 ____D C:\Users\Míla\AppData\Local\{FD37D6C0-2049-4AE2-B903-AA87CA9EABB9}
2015-12-17 09:09 - 2015-12-17 09:09 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-12-17 09:00 - 2015-12-17 09:00 - 00000000 ____D C:\Users\Míla\AppData\Local\{95DD20F6-507D-4254-B0C6-D187C2769568}
2015-12-17 09:00 - 2015-12-17 09:00 - 00000000 ____D C:\Program Files (x86)\Silabs
2015-12-17 08:59 - 2006-06-02 16:40 - 01066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomctl.ocx
2015-12-17 08:59 - 2006-06-02 16:40 - 00647872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCT2.OCX
2015-12-17 08:59 - 2006-06-02 16:40 - 00438976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHFLXGD.OCX
2015-12-17 08:59 - 2006-06-02 16:40 - 00203976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Richtx32.ocx
2015-12-17 08:59 - 2006-06-02 16:40 - 00140488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COMDLG32.OCX
2015-12-17 08:59 - 2006-06-02 16:40 - 00067376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Sysinfo.ocx
2015-12-17 08:59 - 2001-08-06 17:28 - 00007952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBCCP32.CPL
2015-12-17 08:59 - 2001-08-06 17:13 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DS32GT.DLL
2015-12-17 08:59 - 2001-08-06 17:08 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBC32GT.DLL
2015-12-17 08:59 - 2000-08-02 15:44 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdocurs.dll
2015-12-17 08:59 - 1999-01-11 20:21 - 00026224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBC16GT.DLL
2015-12-17 08:59 - 1999-01-11 20:18 - 00004656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DS16GT.DLL
2015-12-17 08:59 - 1998-10-19 12:34 - 00037062 _____ C:\WINDOWS\SysWOW64\odbcinst.hlp
2015-12-17 08:59 - 1998-10-19 12:34 - 00000324 _____ C:\WINDOWS\SysWOW64\odbcinst.cnt
2015-12-17 08:59 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL
2015-12-17 08:58 - 2015-12-17 13:53 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-12-13 15:14 - 2015-12-13 15:14 - 00001133 ____N C:\Users\Míla\Desktop\recepty facebook – zástupce.lnk
2015-12-09 20:26 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 20:26 - 2015-12-01 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-09 20:26 - 2015-12-01 06:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-09 20:26 - 2015-12-01 06:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-09 20:26 - 2015-12-01 06:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 20:26 - 2015-12-01 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 20:26 - 2015-12-01 05:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-09 20:26 - 2015-11-25 06:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-09 20:26 - 2015-11-25 06:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-09 20:26 - 2015-11-25 06:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 20:26 - 2015-11-25 06:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 20:26 - 2015-11-25 06:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 20:26 - 2015-11-25 06:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-09 20:26 - 2015-11-25 06:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 20:26 - 2015-11-25 06:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-09 20:26 - 2015-11-25 06:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 20:26 - 2015-11-25 06:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 20:26 - 2015-11-25 06:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 20:26 - 2015-11-25 05:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-09 20:26 - 2015-11-25 05:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 20:26 - 2015-11-25 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 20:26 - 2015-11-25 05:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 20:26 - 2015-11-25 05:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-09 20:26 - 2015-11-25 05:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-09 20:26 - 2015-11-25 05:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-09 20:26 - 2015-11-25 05:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-09 20:26 - 2015-11-25 05:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 20:26 - 2015-11-25 05:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-09 20:26 - 2015-11-25 05:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-09 20:26 - 2015-11-25 05:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 20:26 - 2015-11-25 05:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-09 20:26 - 2015-11-25 05:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 20:26 - 2015-11-25 05:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-09 20:26 - 2015-11-25 05:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 20:26 - 2015-11-25 05:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 20:26 - 2015-11-25 05:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-09 20:26 - 2015-11-25 05:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-09 20:26 - 2015-11-25 05:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 20:26 - 2015-11-25 05:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-09 20:26 - 2015-11-25 05:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-09 20:26 - 2015-11-25 05:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 20:26 - 2015-11-25 05:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 20:26 - 2015-11-25 05:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 20:26 - 2015-11-25 05:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 20:26 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 20:26 - 2015-11-25 05:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-09 20:26 - 2015-11-25 05:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-09 20:26 - 2015-11-25 05:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 20:26 - 2015-11-25 05:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-09 20:26 - 2015-11-25 05:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-09 20:26 - 2015-11-25 05:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-09 20:26 - 2015-11-25 05:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 20:26 - 2015-11-25 05:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 20:26 - 2015-11-25 05:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 20:26 - 2015-11-25 05:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-09 20:26 - 2015-11-25 05:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-09 20:26 - 2015-11-25 05:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 20:26 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 20:26 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 20:26 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-11-28 21:31 - 2015-11-28 21:31 - 00000000 ____D C:\ProgramData\ConeXware
2015-11-28 21:30 - 2015-11-28 21:30 - 00000000 ____D C:\ProgramData\Caphyon
2015-11-28 21:30 - 2015-11-28 21:30 - 00000000 ____D C:\Program Files (x86)\PatchBeam
2015-11-28 21:29 - 2015-11-28 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-21 09:38 - 2015-10-19 21:38 - 00004192 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1E143A82-F3F7-46EF-8242-2747071AA966}
2015-12-21 09:37 - 2015-10-17 08:17 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-21 09:35 - 2015-10-17 09:33 - 00000000 ___RD C:\Users\Míla\OneDrive
2015-12-20 20:32 - 2015-07-10 10:47 - 00000000 ____D C:\Windows
2015-12-20 05:11 - 2015-10-17 09:19 - 01762290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-20 05:11 - 2015-09-10 06:05 - 00745406 _____ C:\WINDOWS\system32\perfh005.dat
2015-12-20 05:11 - 2015-09-10 06:05 - 00149344 _____ C:\WINDOWS\system32\perfc005.dat
2015-12-20 05:11 - 2015-07-30 23:40 - 00000000 ____D C:\WINDOWS\INF
2015-12-20 05:06 - 2015-10-17 09:12 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-20 05:06 - 2015-07-30 22:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-19 22:04 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-19 20:09 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-18 22:26 - 2015-11-06 22:10 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-18 22:26 - 2015-10-18 21:00 - 00001220 _____ C:\Users\Public\Desktop\WD My Cloud.lnk
2015-12-18 22:26 - 2015-10-17 09:14 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-18 22:26 - 2015-07-10 06:02 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk
2015-12-18 22:26 - 2015-07-10 06:02 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2015-12-18 22:26 - 2015-07-10 03:09 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2015-12-18 22:26 - 2015-07-10 03:01 - 00001578 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-12-18 22:26 - 2015-07-10 02:57 - 00002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2015-12-18 22:26 - 2015-07-10 02:57 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2015-12-18 22:25 - 2015-11-12 21:15 - 00000997 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-12-18 22:25 - 2015-11-06 22:10 - 00002118 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-18 22:25 - 2015-11-04 22:17 - 00001062 _____ C:\Users\Míla\Desktop\Daum Potplayer-64 Bits.lnk
2015-12-18 22:25 - 2015-10-21 15:32 - 00002042 _____ C:\Users\Public\Desktop\Pinnacle Studio 17.lnk
2015-12-18 22:25 - 2015-10-21 15:25 - 00001247 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2015-12-18 22:25 - 2015-10-21 15:15 - 00000719 _____ C:\Users\Public\Desktop\OpenTTD.lnk
2015-12-18 22:25 - 2015-10-19 05:43 - 00000722 _____ C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\PowerArchiver.lnk
2015-12-18 22:25 - 2015-10-18 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-18 22:25 - 2015-10-17 09:33 - 00002384 _____ C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-18 22:25 - 2015-10-17 09:33 - 00001047 _____ C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Volitelné funkce.lnk
2015-12-18 22:25 - 2015-10-17 09:13 - 00000000 ____D C:\Users\Míla
2015-12-18 22:25 - 2015-10-16 21:28 - 00001219 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2015-12-18 22:24 - 2015-07-30 22:49 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-18 22:04 - 2015-10-17 09:31 - 00000000 ____D C:\Users\Míla\AppData\Local\Packages
2015-12-18 20:55 - 2015-10-16 20:50 - 00000000 ____D C:\Users\Míla\AppData\Local\VirtualStore
2015-12-18 20:23 - 2015-07-30 23:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-17 22:06 - 2015-07-30 22:49 - 00405592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-17 14:30 - 2015-10-16 20:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-17 14:16 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-12-17 14:15 - 2015-10-18 20:34 - 00002028 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2015-12-11 10:46 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\rescache
2015-12-11 09:36 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-10 21:59 - 2015-10-18 17:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-10 21:59 - 2015-10-18 17:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 21:58 - 2009-07-14 03:34 - 00000478 _____ C:\WINDOWS\win.ini
2015-12-10 21:56 - 2015-10-17 00:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-10 21:56 - 2015-07-30 23:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-10 21:54 - 2015-10-17 00:45 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-01 01:32 - 2015-07-30 23:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 01:32 - 2015-07-30 23:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-12-17 14:18 - 2015-12-17 14:18 - 0005120 _____ () C:\Users\Míla\AppData\Roaming\GiftBag.db
2015-10-18 20:08 - 2015-10-18 20:08 - 0038503 _____ () C:\Users\Míla\AppData\Roaming\Hodnoty oddělené čárkami.ADR
2015-10-21 15:33 - 2015-10-21 15:33 - 0000209 _____ () C:\Users\Míla\AppData\Roaming\MÍLA-PC.MTBF.txt
2015-10-21 15:33 - 2015-10-21 15:41 - 0000904 _____ () C:\Users\Míla\AppData\Roaming\__AvidCloudManager.log
2015-10-21 15:34 - 2015-10-21 15:34 - 0003584 _____ () C:\Users\Míla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Users\Míla\AppData\Local\Temp\3588.tmp.exe
C:\Users\Míla\AppData\Local\Temp\B250.tmp.exe
C:\Users\Míla\AppData\Local\Temp\DPInstx64.exe
C:\Users\Míla\AppData\Local\Temp\DPInstx86.exe
C:\Users\Míla\AppData\Local\Temp\DPInst_Monx64.exe
C:\Users\Míla\AppData\Local\Temp\DPInst_Monx86.exe
C:\Users\Míla\AppData\Local\Temp\E2F5.tmp.exe
C:\Users\Míla\AppData\Local\Temp\OS_Detect.exe
C:\Users\Míla\AppData\Local\Temp\patchbeam.exe
C:\Users\Míla\AppData\Local\Temp\qqpcmgr_v11.1.16908.217_72809_Silence.exe
C:\Users\Míla\AppData\Local\Temp\setup.exe
C:\Users\Míla\AppData\Local\Temp\tcuni_crk.exe
C:\Users\Míla\AppData\Local\Temp\_is469F.exe
C:\Users\Míla\AppData\Local\Temp\_isCFD9.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-20 21:27
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Míla (2015-12-21 09:41:23)
Running from C:\Users\Míla\Desktop
Windows 10 Pro (X64) (2015-10-17 08:31:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1584525098-450318526-2047645849-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1584525098-450318526-2047645849-503 - Limited - Disabled)
Guest (S-1-5-21-1584525098-450318526-2047645849-501 - Limited - Disabled)
Míla (S-1-5-21-1584525098-450318526-2047645849-1000 - Administrator - Enabled) => C:\Users\Míla
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.30 - ASUSTeK Computer Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
ATI Catalyst Install Manager (HKLM\...\{AB7F4312-8037-4EBF-9D0F-5513CDFD534C}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Creative Pack Volume 3 - Kids (HKLM-x32\...\{7F2D1105-70ED-4379-8772-3F06E1D23F5A}) (Version: 1.00.0000.01 - Pinnacle Systems)
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)
DS Clock (HKLM-x32\...\DS Clock_is1) (Version: 1.6 - Duality Software)
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Easy Photo Print (HKLM-x32\...\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}) (Version: 1.5.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuál (HKLM-x32\...\EPSON Stylus CX7300_CX8300_DX7400_DX8400 Uživatelská příručka) (Version: - )
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 43.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 cs)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller Driver 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 267.85 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.85 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.85 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OpenTTD 1.3.0 (HKLM-x32\...\OpenTTD) (Version: 1.3.0 - OpenTTD)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 353.62 (Version: 353.62 - NVIDIA Corporation) Hidden
PatchBeam (HKLM-x32\...\PatchBeam) (Version: 1.10 - ConeXware, Inc.)
Pinnacle Creative Pack Volume 2 (HKLM-x32\...\{0299DF57-FF2E-42C6-A4D7-9480E537D191}) (Version: 1.00.0000.16 - Pinnacle Systems)
Pinnacle Scorefitter Volume 3 - Travel (HKLM-x32\...\{C8242A93-DA0A-4DED-997B-CBA00E254E91}) (Version: 1.00.0000.05 - Pinnacle Systems)
Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.0.0.128 - Corel Corporation)
Pinnacle Winter Pack (HKLM-x32\...\{67330878-0617-41A9-A3B0-B5298E89E7BC}) (Version: 1.00.0000.20 - Pinnacle Systems)
Pinnale Systems Software Keys (HKLM-x32\...\{616CD10B-1EC7-41D2-8C14-3ECE93E7AEE9}_is1) (Version: - VPP TEAM)
PotPlayer CZ verze 2.5 (HKLM\...\PotPlayerCZ_is1) (Version: 2.5 - Robert Pösel (Robyer))
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
PowerArchiver 2011 (HKLM-x32\...\PowerArchiver 2011 12.00.59) (Version: 12.00.59 - ConeXware, Inc.)
PowerArchiver 2011 (x32 Version: 12.00.59 - ConeXware, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Software tiskárny EPSON (HKLM\...\EPSON Printer and Utilities) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.57 - Ghisler Software GmbH)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{C224EEBF-D40A-4056-9DD3-EE74666F74AB}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Utility (x32 Version: 1.00.0002 - ASUSTek) Hidden
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1584525098-450318526-2047645849-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Míla\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-12-18 20:54 - 00450881 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 15465 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F72FC0-50F4-4416-983A-26B3910DF34B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0970334C-05CB-44B6-9EC6-2EC0394CA7F7} - System32\Tasks\{B5BAB777-DC8B-4D75-8F0A-277663520260} => pcalua.exe -a "C:\Program Files (x86)\LifeScan\LDCF\USBDrivers\SilabsXPVistaWin7\CP210xVCPInstaller.exe" -d "C:\Program Files (x86)\LifeScan\LDCF\USBDrivers\SilabsXPVistaWin7"
Task: {115A8205-9DFA-4958-920F-64E1B887AED0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {1B38F601-17A8-4713-9DB1-AC3347D271DD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-10] (Microsoft Corporation)
Task: {1D85A9FC-8243-4B2A-BD5F-892FC13E5982} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {23755604-03FB-497F-83FC-CEB15FAED9EE} - System32\Tasks\ASUS\ASUS DigiVRM Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe [2011-04-13] (ASUSTeK Computer Inc.)
Task: {23AAF027-4C6B-478E-B2C1-FC3C7367B5D3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2DB8C17F-BC96-475B-83D0-0248F8752002} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {3C64E352-48DB-46A2-AA6F-9A4960AC9808} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {413A399C-2A9E-442D-BB70-F267E33F6B60} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {419DCCF0-4FE3-410F-B7F8-3DC8D4D77C52} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {450A0A84-7358-45D7-81ED-B00F56FE3C81} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4EFCC16A-5F29-4037-9E2E-E343F8797C9A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {4F5768DD-5B21-4819-823F-C38B5435EE7F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5329D53B-38C6-4DCA-9FBB-7371CEE549D3} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {55FE49C9-1086-4C9C-A53E-92CC5A3A2133} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {664204B6-9D64-4232-9D97-C7824D20280E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {787E7E68-A601-4916-B27F-D52169E0E067} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {7DCA1E2C-2A3F-4B2E-B189-90F5906515C1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8E6070CD-9221-472D-AE6C-673E0514BD41} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {91EA3CBA-9675-47F1-B9F6-27E4DEDAADAE} - System32\Tasks\Bus Virtual => Rundll32.exe "C:\Users\Míla\AppData\Local\Bus Virtual\{B2419BCF-0F5C-E1B2-AAE0-97F7695675E1}\BusVirtual.dll",#1 <==== ATTENTION
Task: {981067D2-79CD-44E5-A5B8-1D10E95C3561} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {9813F9E9-C301-4A84-B061-CB01632921FD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {99932A60-657C-41EB-B7CB-1A079373434D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {9A7294D0-DB39-4EA4-9120-2EAB4D801907} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A86136FD-D4C5-4F47-823B-E8FF054CE3B9} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {AAF8F28E-C7C9-41E2-B988-EA5BE33CBEED} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AC232160-36E9-4B4D-A215-945BCF446499} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {AEC24BC7-7B82-401D-BD41-C15B2EE26070} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {B5586E10-E611-446F-9C74-49757DCBFB16} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {BE329E14-8F69-4DE9-8FEC-0F332417E15F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {C024933C-E6AE-4072-A65B-78D02933C73B} - System32\Tasks\Bus Virtual2 => Rundll32.exe "C:\Users\Míla\AppData\Local\Bus Virtual\{B2419BCF-0F5C-E1B2-AAE0-97F7695675E1}\eapnxzf.dll",#1 <==== ATTENTION
Task: {D4BC7A54-E623-4188-B32A-B397C3E3E34E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D75E0411-C06B-429D-97D0-0E57319EE383} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {E267EE65-ED15-4ABA-BDCC-D65C78004265} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {E33512F6-BD3F-45C0-A47C-8D90EF2EB378} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E481A35F-4440-406F-A5F4-5A40384B9B9D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {E5720F5E-6F6E-4EE8-9F6C-30420D6D11EB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E76058D8-F58F-4B9B-BF15-22C62F57BB71} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EA8BC3DD-0841-4215-848D-DC3BBFFDBF13} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F99BF0A1-C402-4B14-ABF7-9B3E25AEF07F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Míla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Míla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Míla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
==================== Loaded Modules (Whitelisted) ==============
2015-07-10 04:33 - 2015-07-10 04:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 06:08 - 2015-09-10 06:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2010-11-03 10:30 - 2010-11-03 10:30 - 00918144 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2015-10-16 21:00 - 2010-10-21 10:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2010-12-02 03:15 - 2010-12-02 03:15 - 00915584 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
2015-09-10 06:08 - 2015-09-10 06:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-12-17 14:29 - 2015-12-17 14:29 - 00045568 _____ () C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe
2015-10-17 09:12 - 2015-07-23 02:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 20:26 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 20:26 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 20:26 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-17 10:08 - 2015-10-17 10:08 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-16 20:59 - 2015-12-20 05:07 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2015-10-16 20:59 - 2010-06-29 03:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2015-10-16 21:02 - 2011-03-04 09:33 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2015-10-16 21:02 - 2009-05-21 09:14 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2015-10-16 21:00 - 2011-02-24 09:19 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2015-10-16 21:00 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2015-10-16 21:00 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2015-10-16 21:01 - 2011-03-09 13:55 - 01036800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2015-10-16 21:00 - 2011-03-23 14:05 - 00964608 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2015-10-16 21:01 - 2011-03-11 18:53 - 01257472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2015-10-16 21:02 - 2011-01-06 09:38 - 01027072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2015-10-16 21:00 - 2011-04-28 17:01 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2015-10-16 21:00 - 2011-04-07 16:33 - 01607168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2015-10-16 21:00 - 2011-01-07 15:39 - 01246208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2015-10-16 21:00 - 2010-08-06 17:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2015-10-16 21:00 - 2010-08-06 17:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2015-10-16 20:59 - 2010-08-23 03:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
2015-10-16 21:00 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
2015-10-16 21:28 - 2014-09-28 16:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7866 more sites.
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\123simsen.com -> www.123simsen.com
There are 7866 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => " QQPCTray"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7EBED049-F3DC-4FD7-8EA5-A3B48CD25C4F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0B75C985-7777-481D-A9FF-AFBCF3A73593}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E107B923-FBF8-41B4-AD42-0FC76F503759}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E12C763-3272-43E4-A4C8-56AD3BAE0079}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{575DB943-2F2D-4CF6-B9DE-3610CFF58CB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BB5680F-C82C-40CB-96A8-4B64C9D0EF2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E131B1DD-32BC-4AC4-BB47-FC293F843FA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB873B66-02CD-4B2E-8080-9AC267C02EBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{433502C8-0B05-4EA4-9178-781FE6BBAEB5}] => (Allow) C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{483F8203-D3FC-464E-9DE3-06B5E35337DE}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [{D39443B1-FA12-4D30-BFC9-414A342B02E2}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [{A3AC7DAC-D09C-4BA2-91DE-E7E9BAF1543C}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{48F234EC-41B3-45D8-BF74-A032EB6F11C0}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{447EFAFA-AFAD-4628-BB26-45C052B69AF9}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{124278FF-C074-41C5-ACE2-D0CCBC774C00}] => (Allow) D:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{90F6A6B9-6678-45F0-8A6B-E814EB6E0F2A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9A11FDB3-C55C-4579-ADE5-B0419FA36A9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{286E4E75-CBCC-4FCA-A775-9DC8087E2125}D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe] => (Allow) D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe
FirewallRules: [UDP Query User{93412699-4851-4DCA-8B22-204A2750AAF6}D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe] => (Allow) D:\program files (x86)\totalcommanderportable\app\totalcommander\totalcmd.exe
FirewallRules: [{B3D313B0-003E-4C7A-B724-8F2721A93A79}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{53DA6273-68EA-4C14-99FD-79E745204461}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
==================== Faulty Device Manager Devices =============
Name: LifeScan USB Device Driver vSL3.0 (COM5)
Description: LifeScan USB Device Driver vSL3.0
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: LifeScan Inc
Service: silabser
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/20/2015 05:31:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MÍLA-PC)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (12/18/2015 08:19:10 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (12/18/2015 08:19:10 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
Error: (12/18/2015 08:19:10 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Outlook4
Error: (12/17/2015 10:37:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 42.0.0.5780, časové razítko: 0x5632d0a4
Název chybujícího modulu: mozglue.dll, verze: 42.0.0.5780, časové razítko: 0x5632ba58
Kód výjimky: 0x80000003
Posun chyby: 0x0000ed50
ID chybujícího procesu: 0x1f20
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3
Úplný název chybujícího balíčku: plugin-container.exe4
ID aplikace související s chybujícím balíčkem: plugin-container.exe5
Error: (12/17/2015 02:17:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1 se nezdařilo.
Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (12/17/2015 02:17:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1 se nezdařilo.
Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (12/17/2015 12:34:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MÍLA-PC)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (12/17/2015 09:28:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program OneTouch.exe verze 102.3310.0.2910 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.
ID procesu: 14ac
Čas spuštění: 01d138a26814f15e
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Program Files (x86)\LifeScan\OneTouch\Bin\OneTouch.exe
ID hlášení: 268774c5-a498-11e5-8d95-c8600002356f
Úplný název balíčku s chybou:
ID aplikace související s balíčkem s chybou:
Error: (12/16/2015 12:57:35 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7500) Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032
System errors:
=============
Error: (12/20/2015 10:50:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_Session2 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 10:50:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_Session2 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 10:50:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_Session2 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 10:50:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_Session2 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:16 AM) (Source: DCOM) (EventID: 10010) (User: MÍLA-PC)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:31:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (12/20/2015 05:08:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici
CodeIntegrity:
===================================
Date: 2015-12-20 21:28:00.270
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-17 08:25:30.952
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-13 10:15:48.044
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-11 10:39:00.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.858
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.807
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.709
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:39:00.681
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.
Date: 2015-12-11 10:38:59.644
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: AMD FX(tm)-6100 Six-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 8137.32 MB
Available physical RAM: 6212.65 MB
Total Virtual: 16329.32 MB
Available Virtual: 14325.75 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.35 GB) (Free:59.1 GB) NTFS
Drive d: (Data) (Fixed) (Total:581.46 GB) (Free:519.88 GB) NTFS
Drive e: (Film) (Fixed) (Total:232.88 GB) (Free:105.81 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:349.6 GB) (Free:70.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6F87E4E2)
Partition 1: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 81D413B6)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2C0A6C3A)
Partition 1: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=349.6 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
Re: Prosím pomoc zavirované PC
Otestujte na virustotal.com C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe a C:\Users\Míla\AppData\Local\Bus Virtual\{B2419BCF-0F5C-E1B2-AAE0-97F7695675E1}\BusVirtual.dll - pokud uz byly soubory otestovany, zvolte Reanalyse. Do pristiho prispevku dejte linky (odkaz) s vysledky analyz.Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím pomoc zavirované PC
Link na runner.exe:
https://www.virustotal.com/cs/file/8366 ... 450716577/
Složku BusVirtual ani knihovna BusVirtual.DLL jsem v PC nenalezl a to ani mezi skrytými soubory.
https://www.virustotal.com/cs/file/8366 ... 450716577/
Složku BusVirtual ani knihovna BusVirtual.DLL jsem v PC nenalezl a to ani mezi skrytými soubory.
Re: Prosím pomoc zavirované PC
- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi
Kód: Vybrat vše
Start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\MountPoints2: {1f7efbb2-7441-11e5-b1da-806e6f6e6963} - "G:\EPSETUP.EXE" CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION Folder: C:\Program Files (x86)\mozilla firefox\3451DB77BEF75AB45FE84082B4FEEE4E3451 R2 FinwarmSvc; C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe [45568 2015-12-17] () [File not signed] U3 idsvc; no ImagePath S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys [X] C:\Program Files (x86)\Tencent S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; no ImagePath S1 xdansrpj; \??\C:\WINDOWS\system32\drivers\xdansrpj.sys [X] 2015-12-19 20:08 - 2015-12-19 20:09 - 00000000 ____D C:\AdwCleaner 2015-12-19 20:07 - 2015-12-19 20:06 - 01740288 _____ C:\Users\Míla\Desktop\adwcleaner_5.025.exe 2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\rsit 2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\Program Files\trend micro 2015-12-17 14:18 - 2015-12-17 14:18 - 00000000 ____D C:\Users\Míla\AppData\Roaming\Tencent 2015-12-17 14:18 - 2015-12-17 14:18 - 00005120 _____ C:\Users\Míla\AppData\Roaming\GiftBag.db FirewallRules: [{B3D313B0-003E-4C7A-B724-8F2721A93A79}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{53DA6273-68EA-4C14-99FD-79E745204461}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe C:\program files (x86)\common files\tencent Task: {91EA3CBA-9675-47F1-B9F6-27E4DEDAADAE} - System32\Tasks\Bus Virtual => Rundll32.exe "C:\Users\Míla\AppData\Local\Bus Virtual\{B2419BCF-0F5C-E1B2-AAE0-97F7695675E1}\BusVirtual.dll",#1 <==== ATTENTION C:\Users\Míla\AppData\Local\Bus Virtual EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím pomoc zavirované PC
Vámi požadovaný log:
Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Míla (2015-12-21 20:16:42) Run:1
Running from C:\Users\Míla\Desktop
Loaded Profiles: Míla (Available Profiles: Míla)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\MountPoints2: {1f7efbb2-7441-11e5-b1da-806e6f6e6963} - "G:\EPSETUP.EXE"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Folder: C:\Program Files (x86)\mozilla firefox\3451DB77BEF75AB45FE84082B4FEEE4E3451
R2 FinwarmSvc; C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe [45568 2015-12-17] () [File not signed]
U3 idsvc; no ImagePath
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys [X]
C:\Program Files (x86)\Tencent
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
S1 xdansrpj; \??\C:\WINDOWS\system32\drivers\xdansrpj.sys [X]
2015-12-19 20:08 - 2015-12-19 20:09 - 00000000 ____D C:\AdwCleaner
2015-12-19 20:07 - 2015-12-19 20:06 - 01740288 _____ C:\Users\Míla\Desktop\adwcleaner_5.025.exe
2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\rsit
2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\Program Files\trend micro
2015-12-17 14:18 - 2015-12-17 14:18 - 00000000 ____D C:\Users\Míla\AppData\Roaming\Tencent
2015-12-17 14:18 - 2015-12-17 14:18 - 00005120 _____ C:\Users\Míla\AppData\Roaming\GiftBag.db
FirewallRules: [{B3D313B0-003E-4C7A-B724-8F2721A93A79}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{53DA6273-68EA-4C14-99FD-79E745204461}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
C:\program files (x86)\common files\tencent
Task: {91EA3CBA-9675-47F1-B9F6-27E4DEDAADAE} - System32\Tasks\Bus Virtual => Rundll32.exe "C:\Users\Míla\AppData\Local\Bus Virtual\{B2419BCF-0F5C-E1B2-AAE0-97F7695675E1}\BusVirtual.dll",#1 <==== ATTENTION
C:\Users\Míla\AppData\Local\Bus Virtual
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1584525098-450318526-2047645849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f7efbb2-7441-11e5-b1da-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{1f7efbb2-7441-11e5-b1da-806e6f6e6963} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
========================= Folder: C:\Program Files (x86)\mozilla firefox\3451DB77BEF75AB45FE84082B4FEEE4E3451 ========================
C:\Program Files (x86)\mozilla firefox\3451DB77BEF75AB45FE84082B4FEEE4E3451 => File
====== End of Folder: ======
FinwarmSvc => service removed successfully
idsvc => service removed successfully
softaal => service removed successfully
"C:\Program Files (x86)\Tencent" => not found.
wfpcapture => service removed successfully
wpcsvc => service removed successfully
xdansrpj => service removed successfully
C:\AdwCleaner => moved successfully
C:\Users\Míla\Desktop\adwcleaner_5.025.exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
"C:\Users\Míla\AppData\Roaming\Tencent" => not found.
C:\Users\Míla\AppData\Roaming\GiftBag.db => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3D313B0-003E-4C7A-B724-8F2721A93A79} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53DA6273-68EA-4C14-99FD-79E745204461} => value removed successfully
"C:\program files (x86)\common files\tencent" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91EA3CBA-9675-47F1-B9F6-27E4DEDAADAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91EA3CBA-9675-47F1-B9F6-27E4DEDAADAE}" => key removed successfully
C:\WINDOWS\System32\Tasks\Bus Virtual => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bus Virtual" => key removed successfully
"C:\Users\Míla\AppData\Local\Bus Virtual" => not found.
EmptyTemp: => 4.4 GB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 20:20:50 ====
Opět děkuji za pomoc a čas, který tomu věnujete.
Kadlec
Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Míla (2015-12-21 20:16:42) Run:1
Running from C:\Users\Míla\Desktop
Loaded Profiles: Míla (Available Profiles: Míla)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1584525098-450318526-2047645849-1000\...\MountPoints2: {1f7efbb2-7441-11e5-b1da-806e6f6e6963} - "G:\EPSETUP.EXE"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Folder: C:\Program Files (x86)\mozilla firefox\3451DB77BEF75AB45FE84082B4FEEE4E3451
R2 FinwarmSvc; C:\Users\MLA~1\AppData\Local\Temp\KH6vvx\runner.exe [45568 2015-12-17] () [File not signed]
U3 idsvc; no ImagePath
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys [X]
C:\Program Files (x86)\Tencent
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
S1 xdansrpj; \??\C:\WINDOWS\system32\drivers\xdansrpj.sys [X]
2015-12-19 20:08 - 2015-12-19 20:09 - 00000000 ____D C:\AdwCleaner
2015-12-19 20:07 - 2015-12-19 20:06 - 01740288 _____ C:\Users\Míla\Desktop\adwcleaner_5.025.exe
2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\rsit
2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\Program Files\trend micro
2015-12-17 14:18 - 2015-12-17 14:18 - 00000000 ____D C:\Users\Míla\AppData\Roaming\Tencent
2015-12-17 14:18 - 2015-12-17 14:18 - 00005120 _____ C:\Users\Míla\AppData\Roaming\GiftBag.db
FirewallRules: [{B3D313B0-003E-4C7A-B724-8F2721A93A79}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{53DA6273-68EA-4C14-99FD-79E745204461}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
C:\program files (x86)\common files\tencent
Task: {91EA3CBA-9675-47F1-B9F6-27E4DEDAADAE} - System32\Tasks\Bus Virtual => Rundll32.exe "C:\Users\Míla\AppData\Local\Bus Virtual\{B2419BCF-0F5C-E1B2-AAE0-97F7695675E1}\BusVirtual.dll",#1 <==== ATTENTION
C:\Users\Míla\AppData\Local\Bus Virtual
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1584525098-450318526-2047645849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f7efbb2-7441-11e5-b1da-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{1f7efbb2-7441-11e5-b1da-806e6f6e6963} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
========================= Folder: C:\Program Files (x86)\mozilla firefox\3451DB77BEF75AB45FE84082B4FEEE4E3451 ========================
C:\Program Files (x86)\mozilla firefox\3451DB77BEF75AB45FE84082B4FEEE4E3451 => File
====== End of Folder: ======
FinwarmSvc => service removed successfully
idsvc => service removed successfully
softaal => service removed successfully
"C:\Program Files (x86)\Tencent" => not found.
wfpcapture => service removed successfully
wpcsvc => service removed successfully
xdansrpj => service removed successfully
C:\AdwCleaner => moved successfully
C:\Users\Míla\Desktop\adwcleaner_5.025.exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
"C:\Users\Míla\AppData\Roaming\Tencent" => not found.
C:\Users\Míla\AppData\Roaming\GiftBag.db => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3D313B0-003E-4C7A-B724-8F2721A93A79} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53DA6273-68EA-4C14-99FD-79E745204461} => value removed successfully
"C:\program files (x86)\common files\tencent" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91EA3CBA-9675-47F1-B9F6-27E4DEDAADAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91EA3CBA-9675-47F1-B9F6-27E4DEDAADAE}" => key removed successfully
C:\WINDOWS\System32\Tasks\Bus Virtual => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bus Virtual" => key removed successfully
"C:\Users\Míla\AppData\Local\Bus Virtual" => not found.
EmptyTemp: => 4.4 GB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 20:20:50 ====
Opět děkuji za pomoc a čas, který tomu věnujete.
Kadlec
Re: Prosím pomoc zavirované PC
Pravdepodobne je stale infikovana Mozilla. Zazalohujte zalozky a hesla Mozilly napr. pomoci http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ , nasledne Mozillu odinstanstalujte vcetne jejiho profilu a pote provedte cistou instalaci. Jak se jinak chova pocitac? Nejake problemy?Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?