VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Odstranění yessearches

https://forum.viry.cz:443/viewtopic.php?t=148046

Stránka 1 z 1

Odstranění yessearches

Napsal: 23 úno 2016 09:32
od Bobros
Dobrý den, při instalaci Daemon tools, se mi do počítače natáhl vyhledávač yessearches a nejde mi nijak odebrat. Mohli by jste mi prosím poradit, co s tím? Předem děkuji.


edit.

Tak se mi to povedlo odinstalovat, nicméně bych poprosil i tak o nějakou kontrolu, zda nenadělal v pc paseku. Děkuji

Re: Odstranění yessearches

Napsal: 23 úno 2016 18:00
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Odstranění yessearches

Napsal: 23 úno 2016 22:11
od Bobros
# AdwCleaner v5.036 - Logfile created 23/02/2016 at 22:07:54
# Updated 22/02/2016 by Xplode
# Database : 2016-02-22.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Bobros - BROZA
# Running from : C:\Users\Bobros\Desktop\adwcleaner_5.036.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : ggbugreport
[-] Service Deleted : Winsere

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Applian Technologies
[-] Folder Deleted : C:\Program Files (x86)\SearchesToYesbnd
[-] Folder Deleted : C:\Program Files (x86)\Winsere
[-] Folder Deleted : C:\Program Files (x86)\WinTaske
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
[#] Folder Deleted : C:\Users\Bobros\AppData\Roaming\filter
[-] Folder Deleted : C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\YourGSearchFinder_br
[#] Folder Deleted : C:\Windows\SysNative\Tasks\WinTaske

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : WinTaske
[-] Task Deleted : 1ffc6e51-5661-4a0e-b269-97ac253c3a80-1
[-] Task Deleted : 1ffc6e51-5661-4a0e-b269-97ac253c3a80-2
[-] Task Deleted : 1ffc6e51-5661-4a0e-b269-97ac253c3a80-4
[-] Task Deleted : 1ffc6e51-5661-4a0e-b269-97ac253c3a80-5
[-] Task Deleted : 1ffc6e51-5661-4a0e-b269-97ac253c3a80-5_user
[-] Task Deleted : 1ffc6e51-5661-4a0e-b269-97ac253c3a80-6
[-] Task Deleted : 1ffc6e51-5661-4a0e-b269-97ac253c3a80-7
[-] Task Deleted : temp_1ffc6e51-5661-4a0e-b269-97ac253c3a80-2
[-] Task Deleted : temp_1ffc6e51-5661-4a0e-b269-97ac253c3a80-6

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[!] Key Not Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\yessearchesSoftware

***** [ Web browsers ] *****

[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://www.yessearches.com/?ts=AHEpBX4qA38rAE. ... ode=ffseng");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename.US", "data:text/plain,browser.search.defaultenginename.US=yessearches");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.hp", "hxxp://www.yessearches.com/?ts=AHEpBX4qA38rAE. ... =ffsengext");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.sp", "hxxp://www.yessearches.com/chrome.php?mode=ffs ... v=20160202");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.yessearches.com/chrome.php?mode=ffs ... v=20160202");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "yessearches");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE", "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.browser.version.last", "44.0");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.firstKnownVersion", "7.38.8.45986");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.homepage", "/index.jhtml?n=782a0eca");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.hp.enabled", false);
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.hp.guardType", "HPR");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.initialized", true);
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.installation.installDate", "2016022218");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.installation.success", true);
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.lastActivePing", "1456209031272");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.lastKnownVersion", "7.38.8.45986");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.lssState", "{\"previousLocales\":[\"cs\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supp[...]
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.options.defaultSearch", false);
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.options.homePageEnabled", false);
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.options.keywordEnabled", true);
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.options.tabEnabled", false);
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language", "en");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type", "Toolbar");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.shownUninstall", true);
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.startupTasks", "{\"clearPrefs\":[\"extensions.toolbar.mindspark._brMembers_.shownUninstall\"],\"undoDisableHPGuard\":[\"true\"]}");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.successUrl", "hxxp://www.yessearches.com/chrome.php?uid=0D94 ... ttoolbar&q[...]
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.toolbarCollapsed", true);
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\Bobros\\\\AppData\\\[...]
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "yourGSearchfinder@GSearch.com");
[-] [C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://www.yessearches.com/chrome.php?uid=0D94 ... toolbar&q=");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [12416 bytes] - [23/02/2016 22:07:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [11988 bytes] - [23/02/2016 21:55:38]
C:\AdwCleaner\AdwCleaner[S2].txt - [12062 bytes] - [23/02/2016 22:06:00]
C:\AdwCleaner\AdwCleaner[S3].txt - [12136 bytes] - [23/02/2016 22:06:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12712 bytes] ##########

Re: Odstranění yessearches

Napsal: 23 úno 2016 22:17
od Rudy
Nyní dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Re: Odstranění yessearches

Napsal: 23 úno 2016 22:40
od Bobros
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by Bobros (2016-02-23 22:38:37)
Running from C:\Users\Bobros\Desktop
Windows 8.1 (X64) (2014-11-20 07:32:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2116813865-1665594829-4199684996-500 - Administrator - Disabled)
Bobros (S-1-5-21-2116813865-1665594829-4199684996-1001 - Administrator - Enabled) => C:\Users\Bobros
Guest (S-1-5-21-2116813865-1665594829-4199684996-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3G mobilní internet (HKLM-x32\...\InstallShield_{3EB25AD7-8DC9-4E79-8570-F54052ED4084}) (Version: 2.23.0000 - CELOT-Wireless)
3G mobilní internet (x32 Version: 2.23.0000 - CELOT-Wireless) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Aktualizace NVIDIA 2.5.15.54 (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
ArcaniA - Gothic 4 (HKLM-x32\...\{07872B03-E301-4AE2-AA87-261C8E617769}) (Version: 1.00.0000 - JoWooD Entertainment AG)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
CELOT-W USB Modem Driver (HKLM\...\{B277E30A-B7BC-4f34-9098-BF906D602F23}) (Version: 1.2.3.0 - CELOT-Wireless Co., Ltd )
Classic Menu for Office Enterprise 2010 v5.25 (HKLM\...\{9A7CEBDF-37E2-4B63-A384-2A9FD5CE0A80}_is1) (Version: 5.25 - Addintools)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Codec-TS SDK (HKLM-x32\...\{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}) (Version: - ArcSoft)
Czech Soccer Manager (HKLM-x32\...\Czech Soccer Manager) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0115 - Disc Soft Ltd)
De-interlace SDK (HKLM-x32\...\{9A0E0340-C3D7-42D1-96D4-64179FD456AE}) (Version: - ArcSoft)
DoubleCAD XT 3 (HKLM-x32\...\{A7F562AF-0637-4E78-885D-4CEBA66D011C}) (Version: 3.0.0 - IMSIDesign)
Draft IT (HKLM-x32\...\{160B155D-073A-4694-88DB-E5ACC8C0CEBA}) (Version: 4.0.9 - CADlogic Limited)
Draft IT (HKLM-x32\...\{A1D21CB6-61E3-4C80-A366-0E576338EF47}) (Version: 4.0.8 - CADlogic Limited)
eM Client (HKLM-x32\...\{66293340-18DC-45D7-B125-4AAA4E57B554}) (Version: 6.0.23181.0 - eM Client Inc.)
ESET Smart Security (HKLM\...\{4D8E383E-0AB7-482D-9327-BB92D53312B4}) (Version: 8.0.319.1 - ESET, spol s r. o.)
ETDWare PS/2-X64 11.13.6.2_WHQL (HKLM\...\Elantech) (Version: 11.13.6.2 - ELAN Microelectronic Corp.)
Farming Simulator 15 Gold Edition (HKLM\...\RmFybWluZ1NpbXVsYXRvcjE1_is1) (Version: 1 - )
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{4F4087C3-8667-4775-ADE2-EAFC2411CD39}) (Version: 1.00.0000 - Nordic Games)
Gothic 1+2 Windows 8 fixes (HKLM\...\{9084b1e7-83b4-406a-8705-374300ee2d84}.sdb) (Version: - )
Gothic 2 Gold (HKLM-x32\...\{1FDCBE13-B895-4E68-949A-975EA871BC34}) (Version: 2.7 - Nordic Games)
Gothic 3 (HKLM-x32\...\{3FE482D3-2EE5-4D21-AEC6-EE0F1B85F9A3}) (Version: 1.6 - Nordic Games)
HappyFoto-Designer 5.4 (HKLM-x32\...\HappyFoto-Designer_is1) (Version: - )
ICQ 8.2 (verze 7138) (HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\ICQ) (Version: 8.2.7138.0 - ICQ)
InfoMapa - HOME EDITION - mapa Prahy a ČR 2011 - Special (HKLM-x32\...\{B94C3B9D-9996-42DC-B58C-A73A91A8FAF8}) (Version: 1.0.0 - PJsoft s.r.o.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1405.3) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 CSY (HKLM\...\{0A8A841B-29C4-4947-BF59-241216B4D904}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MOBILedit! ver. 7.7.0.4997 (HKLM-x32\...\{47DA7D2E-408C-4050-B75F-95F6D2E6A332}_is1) (Version: 7.7.0.4997 - COMPELSON Labs)
Mozilla Firefox 44.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 cs)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MPEG Video Wizard DVD 5.0.1.110 (06/2014) (HKLM-x32\...\{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1) (Version: 5.0.1.110 - Womble Multimedia, Inc.)
MPEG Video Wizard DVD 5.0.1.110 (06/2014) (HKLM-x32\...\Mpeg Video Wizard DVD 5.0) (Version: 5.0.1.110 (06/2014) - Womble Multimedia, Inc.)
Nero 8 Ultra Edition HD (HKLM-x32\...\{6D45EF03-E8EE-4355-81C3-F918CBCF1029}) (Version: 8.3.309 - Nero AG)
NetTransport 2.96j.700 (HKLM-x32\...\{78D2B9D0-E680-4295-9830-6B23397B4746}_is1) (Version: - Xi)
NetWorx 5.4 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.2 - Nikon)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
O2 (HKLM-x32\...\O2CZ) (Version: - O2)
Ovládací panel NVIDIA 358.91 (Version: 358.91 - NVIDIA Corporation) Hidden
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.0.2 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.41.1283 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.41.1283 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.41.1283 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{68DD86DD-8E02-4921-926B-B358D51EAF3A}) (Version: 1.1.41.1283 - Qualcomm Atheros)
Quick Moto 2.9c (HKLM-x32\...\Quick Moto) (Version: 2.9c - Michal Adámek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7339 - Realtek Semiconductor Corp.)
Risen 2 CZ 1.00 (HKLM-x32\...\Risen 2 CZ 1.00) (Version: - )
Risen CZ 1.10 (HKLM-x32\...\Risen CZ 1.10) (Version: - )
SCM (HKLM\...\{6692DCAF-A445-4C6B-AF31-3DD85FC06FBA}) (Version: 13.014.01026 - Application)
Send Anywhere (HKLM-x32\...\{4C09F722-410A-481D-A488-D56FBE34334F}_is1) (Version: 1.9.22.1 - Estmob Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
TT-SB SDK (HKLM-x32\...\{AF9848E2-5F19-4E49-9E6E-044FBDC28404}) (Version: - ArcSoft)
UBitMenu UK (HKLM-x32\...\{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1) (Version: 01.04 - UBit Schweiz AG)
UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.10.3 - Nikon)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Webshare uploader (HKLM-x32\...\WebshareDLC) (Version: - Webshare)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFast Multimedia Driver Installation (HKLM-x32\...\{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}) (Version: 7.5.2.4 - Leadtek Research Inc.)
WinFast PVR2 (HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\{C92C584E-C781-475E-A8E2-C67D993A6B95}) (Version: 2.0.3.57 - Leadtek)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2116813865-1665594829-4199684996-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00691115-8B53-4A94-B25F-0B2D68231389} - System32\Tasks\temp_ada9695d-332d-4f2e-8a05-f38f505a9d29 => C:\Program Files (x86)\Internet Speed Checker\ada9695d-332d-4f2e-8a05-f38f505a9d29.exe <==== ATTENTION
Task: {03A8CAFC-6244-4F6C-9F8D-2591F5749DDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {05ABB3CE-725D-4FDC-B22E-D167950ED750} - System32\Tasks\GoogleUpdateTaskMachineCore1d0415321303be8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {13ADE7C1-2EE4-43FF-8622-AD623703B619} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {1833D0DB-17B4-441B-A4C6-1D48C63BB0B7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-02-11] (Microsoft Corporation)
Task: {30DC9DD8-BAF7-43D2-9E71-CE509BE67903} - System32\Tasks\{6E20CF46-D2B0-4DF7-B32B-E5D1F15E21AB} => pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Need For Speed III\Uninstall.exe"
Task: {36A88BDF-5B75-48D6-83AA-99C5F7FC036F} - System32\Tasks\f061c1e6-9d4f-40bd-8672-061ba59cce4b => C:\Program Files (x86)\Internet Speed Checker\f061c1e6-9d4f-40bd-8672-061ba59cce4b.exe <==== ATTENTION
Task: {49683B22-C3C6-458D-9BA6-37184B50CEFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4A241FBF-960A-466B-81DF-264A7448C947} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {7BB70E09-1460-43A2-96C1-9770FEDB8DA3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {82231EBF-0C59-4072-8A41-C0638E7D34AD} - System32\Tasks\{FC92E2EA-C1A2-4690-B215-710F6D9DB217} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {937E187A-054F-4B26-9C28-95963F01F01B} - System32\Tasks\{FC1C225D-AD81-4871-A56A-71815A704FB6} => pcalua.exe -a "C:\Users\Bobros\AppData\Roaming\Seznam Browser\uninstall.exe"
Task: {A3A898C4-3135-4DD1-B6E6-8199417785C5} - System32\Tasks\ada9695d-332d-4f2e-8a05-f38f505a9d29 => C:\Program Files (x86)\Internet Speed Checker\ada9695d-332d-4f2e-8a05-f38f505a9d29.exe <==== ATTENTION
Task: {D0C5DC67-5519-4751-8681-CF08F75D9429} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2014-11-21] (Microsoft)
Task: {DDA1C8C9-BC56-48CA-91D2-C6D4CF241E10} - System32\Tasks\temp_f061c1e6-9d4f-40bd-8672-061ba59cce4b => C:\Program Files (x86)\Internet Speed Checker\f061c1e6-9d4f-40bd-8672-061ba59cce4b.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0415321303be8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-11-20 09:03 - 2015-11-05 16:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-24 07:29 - 2015-04-20 10:12 - 00790016 _____ () C:\Program Files\NetWorx\sqlite.dll
2015-03-24 07:29 - 2015-05-19 13:52 - 00168936 _____ () C:\Program Files\NetWorx\nfapi.dll
2015-04-14 08:19 - 2015-10-12 04:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-03 21:18 - 2009-04-01 13:07 - 00303188 _____ () C:\Program Files\WinFast\WFDTV\RTL283XACCESS.dll
2015-04-03 21:18 - 2008-12-02 10:04 - 00007680 _____ () C:\Program Files\WinFast\WFDTV\WIZLANGCZE.dll
2015-04-03 21:18 - 2010-11-15 10:05 - 00073728 _____ () C:\Program Files\WinFast\WFDTV\RCConfig\RCKeysInfoIO.dll
2016-02-23 22:09 - 2016-02-23 22:09 - 00098816 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\win32api.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00110080 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\pywintypes27.dll
2016-02-23 22:09 - 2016-02-23 22:09 - 00364544 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\pythoncom27.dll
2016-02-23 22:09 - 2016-02-23 22:09 - 00046080 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\_socket.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 01208320 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\_ssl.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00320512 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\win32com.shell.shell.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00776704 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\_hashlib.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 01176576 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\wx._core_.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00806400 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\wx._gdi_.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00816128 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\wx._windows_.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 01067008 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\wx._controls_.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00733184 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\wx._misc_.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00682496 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\pysqlite2._sqlite.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00088064 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\_ctypes.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00119808 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\win32file.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00108544 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\win32security.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00007168 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\hashobjs_ext.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00017920 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\thumbnails_ext.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00079360 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\usb_ext.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00167936 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\win32gui.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00018432 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\win32event.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00128512 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\_elementtree.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00127488 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\pyexpat.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00013824 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\common.time34.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00036864 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\_psutil_windows.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00038912 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\win32inet.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00525640 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\windows._lib_cacheinvalidation.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00011264 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\win32crypt.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00077312 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\wx._html2.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00027136 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\_multiprocessing.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00020480 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\_yappi.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00035840 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\win32process.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00686080 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\unicodedata.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00123392 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\wx._wizard.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00024064 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\win32pipe.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00010240 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\select.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00025600 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\win32pdh.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00017408 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\win32profile.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00022528 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\win32ts.pyd
2016-02-23 22:09 - 2016-02-23 22:09 - 00078848 _____ () C:\Users\Bobros\AppData\Local\Temp\_MEI51842\wx._animate.pyd
2014-11-20 08:47 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:15D5AA51
AlternateDataStreams: C:\ProgramData\TEMP:728B799F
AlternateDataStreams: C:\ProgramData\TEMP:A29E7570
AlternateDataStreams: C:\ProgramData\TEMP:A5C00DEE
AlternateDataStreams: C:\ProgramData\TEMP:D2C8DFF8

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Nvtmru"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Quick Moto Agent"
HKLM\...\StartupApproved\Run32: => "NBKeyScan"
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKLM\...\StartupApproved\Run32: => "netmon.exe"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\StartupApproved\Run: => "DU Meter"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\StartupApproved\Run: => "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\StartupApproved\Run: => "icq"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\StartupApproved\Run: => "AirDroid 3"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9D2CFCFC-57F5-4CA1-8373-DFF28AAAD407}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9AE96513-CF65-4D64-9D93-1AD5042E3D86}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4266CEB2-6562-45D6-B983-C9F86DF48A5E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3FB99F71-B5DE-4A35-BDE2-9D1F9E30135A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{068112C1-0244-4335-BA51-223DC392E0FF}] => (Allow) LPort=2869
FirewallRules: [{B281E487-46A8-4DB4-80E6-012C1415F50C}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{893A5F0F-654E-445F-BD9C-9FC5847E436B}C:\windows\keygen.exe] => (Allow) C:\windows\keygen.exe
FirewallRules: [UDP Query User{8E5E38B1-4B33-48F0-87BC-B4BDF5DD805C}C:\windows\keygen.exe] => (Allow) C:\windows\keygen.exe
FirewallRules: [{5ED4B898-EE2D-43D0-BF7F-D51F28F427E4}] => (Allow) C:\Program Files (x86)\Xi\NetXfer\NetTransport.exe
FirewallRules: [{435A5791-11C6-49BC-8AA1-CF8594E84A87}] => (Allow) C:\Program Files (x86)\Xi\NetXfer\NetTransport.exe
FirewallRules: [{7E60E847-CFC0-41BF-984C-73733D22C48A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C12E2DD8-0586-4FF4-BA66-71EF30CA49E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE2B02B9-D0E9-4B22-9683-A3CA98239B54}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{836DE99E-500E-4CFB-B3BA-B55A31536959}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{57837792-B8D4-4878-87E0-6D42168F74B4}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{7C74C13E-0B17-469D-B605-FE35C7C467F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B322FEE3-48D3-45DF-BC2A-6998A11BA6D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C7071EE0-25D7-4C7B-BA51-77FBC697F2CA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DBB65C02-7811-433A-8802-860D8B4D094A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8382AFB8-719E-4668-97A9-D31AE4BAA67B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8A9B7E1D-CBBA-4848-8D44-1F3401A00EC6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{717DF1F4-36D6-401E-BAC0-057781237DD5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D24B37AE-3F9D-4D58-B1D2-99158A5DCD13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{910F2E02-67B0-4BD6-A5BD-223A83BC7DEB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

==================== Restore Points =========================

06-02-2016 10:13:36 Naplánovaný kontrolní bod
11-02-2016 14:20:15 Windows Update
19-02-2016 18:00:55 Naplánovaný kontrolní bod
22-02-2016 17:52:55 SPTD setup V1.87

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2016 10:14:11 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : HTTPConnectionPool(host='127.0.0.1', port=35600): Max retries exceeded with url: /run_scheduled_task (Caused by <class 'socket.error'>: [Errno 10013] Došlo k pokusu o přístup k soketu způsobem zakázaným jeho přístupovými oprávněními)

Error: (02/23/2016 09:59:42 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : HTTPConnectionPool(host='127.0.0.1', port=35600): Max retries exceeded with url: /run_scheduled_task (Caused by <class 'socket.error'>: [Errno 10013] Došlo k pokusu o přístup k soketu způsobem zakázaným jeho přístupovými oprávněními)

Error: (02/23/2016 09:44:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: egui.exe, verze: 8.0.319.0, časové razítko: 0x559d2313
Název chybujícího modulu: ToastNotify.dll, verze: 8.0.319.0, časové razítko: 0x559d2398
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000002f3e
ID chybujícího procesu: 0x1518
Čas spuštění chybující aplikace: 0xegui.exe0
Cesta k chybující aplikaci: egui.exe1
Cesta k chybujícímu modulu: egui.exe2
ID zprávy: egui.exe3
Úplný název chybujícího balíčku: egui.exe4
ID aplikace související s chybujícím balíčkem: egui.exe5

Error: (02/23/2016 09:12:55 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : HTTPConnectionPool(host='127.0.0.1', port=35600): Max retries exceeded with url: /run_scheduled_task (Caused by <class 'socket.error'>: [Errno 10013] Došlo k pokusu o přístup k soketu způsobem zakázaným jeho přístupovými oprávněními)

Error: (02/22/2016 07:59:21 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : HTTPConnectionPool(host='127.0.0.1', port=35600): Max retries exceeded with url: /run_scheduled_task (Caused by <class 'socket.error'>: [Errno 10013] Došlo k pokusu o přístup k soketu způsobem zakázaným jeho přístupovými oprávněními)

Error: (02/22/2016 06:10:55 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : HTTPConnectionPool(host='127.0.0.1', port=35600): Max retries exceeded with url: /run_scheduled_task (Caused by <class 'socket.error'>: [Errno 10013] Došlo k pokusu o přístup k soketu způsobem zakázaným jeho přístupovými oprávněními)

Error: (02/22/2016 05:58:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 44.0.2.5884, časové razítko: 0x56bbf417
Název chybujícího modulu: mozglue.dll, verze: 44.0.2.5884, časové razítko: 0x56bbe58e
Kód výjimky: 0x80000003
Posun chyby: 0x0000ed3b
ID chybujícího procesu: 0x1574
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3
Úplný název chybujícího balíčku: plugin-container.exe4
ID aplikace související s chybujícím balíčkem: plugin-container.exe5

Error: (02/22/2016 05:52:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {1178adb8-f62f-43c2-8fa2-08ed3ea9edbe}

Error: (02/21/2016 07:59:21 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : HTTPConnectionPool(host='127.0.0.1', port=35600): Max retries exceeded with url: /run_scheduled_task (Caused by <class 'socket.error'>: [Errno 10013] Došlo k pokusu o přístup k soketu způsobem zakázaným jeho přístupovými oprávněními)

Error: (02/19/2016 07:59:22 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : HTTPConnectionPool(host='127.0.0.1', port=35600): Max retries exceeded with url: /run_scheduled_task (Caused by <class 'socket.error'>: [Errno 10013] Došlo k pokusu o přístup k soketu způsobem zakázaným jeho přístupovými oprávněními)


System errors:
=============
Error: (02/23/2016 10:08:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (02/23/2016 10:08:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (02/23/2016 10:08:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (02/23/2016 10:07:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2016 10:07:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (02/23/2016 10:07:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (02/23/2016 10:07:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2016 10:07:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) ME Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2016 10:07:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Rapid Storage Technology byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2016 10:07:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Bluetooth OBEX Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210H CPU @ 2.90GHz
Percentage of memory in use: 27%
Total physical RAM: 8112.13 MB
Available physical RAM: 5895.04 MB
Total Virtual: 16304.13 MB
Available Virtual: 14041.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.14 GB) (Free:26.08 GB) NTFS
Drive d: () (Fixed) (Total:775.03 GB) (Free:192.23 GB) NTFS
Drive e: (DriverCD) (Fixed) (Total:10 GB) (Free:4.91 GB) NTFS
Drive g: (Farming Simulator 15) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D8560A13)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=775 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Odstranění yessearches

Napsal: 23 úno 2016 22:41
od Bobros
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Bobros (administrator) on BROZA (23-02-2016 22:37:50)
Running from C:\Users\Bobros\Desktop
Loaded Profiles: Bobros (Available Profiles: Bobros)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\WFWIZ.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891568 2013-10-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-02] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407720 2014-01-02] (MSI)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6734528 2015-06-05] (SoftPerfect Research)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-06-08] (Nero AG)
HKLM-x32\...\Run: [Quick Moto Agent] => C:\Program Files (x86)\Quick Moto\Agent.exe [459776 2004-03-21] (Michal Adámek)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [netmon.exe] => C:\Program Files (x86)\netmon\netmon.exe
HKLM-x32\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [103936 2014-03-04] (Leadtek Research Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [170496 2009-02-06] (ArcSoft Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG)
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\Run: [DU Meter] => "C:\Program Files (x86)\DU Meter\DUMeter.exe" /autostart
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\Run: [icq] => C:\Users\Bobros\AppData\Roaming\ICQM\icq.exe [35239432 2014-12-21] (ICQ)
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\Run: [WinFast Schedule] => C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2916352 2013-01-09] (Leadtek Research Inc.)
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\Run: [Viber] => "C:\Users\Bobros\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\Viber.exe" StartMinimized <===== ATTENTION
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd)
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {14a685de-b281-11e4-8280-303a64e2102a} - "H:\AutoRun.exe"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {1b6178ae-6b64-11e5-82c8-303a64e2102a} - "H:\Launcher.exe"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {1b6178db-6b64-11e5-82c8-303a64e2102a} - "H:\Launcher.exe"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {6ac6fd68-d986-11e5-82f4-303a64e2102a} - "G:\setup.exe"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {fc37d891-a8f0-11e5-82dc-303a64e2102a} - "H:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A6C55EB9-87B1-49FC-ABF1-9466B95BB7AF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A92EBEDF-AF4E-460A-A4A1-5FF8898919D9}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{CD7A07DC-24CF-4EA8-9121-E41A3CB565BF}: [DhcpNameServer] 217.195.165.131 217.195.160.10

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: NXIECatcher Class -> {83B80A9C-D91A-4F22-8DCF-EA7204039F79} -> C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll [2013-11-15] (Xi)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - NetTransport - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll [2013-11-14] (Xi)

FireFox:
========
FF ProfilePath: C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\w5reio7j.default
FF Homepage: google.cz
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: Screengrab (fix version) - C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\w5reio7j.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2016-01-19]
FF Extension: Greasemonkey - C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\w5reio7j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-02-23]
FF Extension: Facebook Messenger - C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\w5reio7j.default\Extensions\{249b4e45-4fb9-4f6b-9754-7c0c1e605d44}.xpi [2016-02-19]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-11-26] [not signed]

Chrome:
=======
CHR HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-02] (Micro-Star International Co., Ltd.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-03-04] (Qualcomm Atheros) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [81072 2014-02-20] (Qualcomm Atheros, Inc.)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-02-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-02-22] (Disc Soft Ltd)
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-11-27] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [231520 2015-07-14] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53360 2015-07-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-12-15] (Huawei Technologies Co., Ltd.)
S3 Huawei; C:\Windows\system32\DRIVERS\ewdcsc.sys [29696 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-12-15] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [160464 2014-03-05] (Intel Corporation)
S3 jakstaVA; C:\Windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (e2eSoft)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [69608 2015-05-19] (NetFilterSDK.com)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466648 2014-02-21] (Realsil Semiconductor Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2016-02-22] (Duplex Secure Ltd.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 XICTAMDM; C:\Windows\system32\DRIVERS\XICTAMDM.sys [185176 2010-07-17] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 XICTANmea; C:\Windows\system32\DRIVERS\XICTANmea.sys [185176 2010-07-17] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 XICTAVSP; C:\Windows\system32\DRIVERS\XICTAVSP.sys [185176 2010-07-17] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 22:37 - 2016-02-23 22:38 - 00025665 _____ C:\Users\Bobros\Desktop\FRST.txt
2016-02-23 22:36 - 2016-02-23 22:37 - 00000000 ____D C:\FRST
2016-02-23 22:33 - 2016-02-23 22:33 - 02371072 _____ (Farbar) C:\Users\Bobros\Desktop\FRST64.exe
2016-02-23 21:43 - 2016-02-23 22:17 - 00000000 ____D C:\AdwCleaner
2016-02-23 21:41 - 2016-02-23 21:41 - 01511936 _____ C:\Users\Bobros\Desktop\adwcleaner_5.036.exe
2016-02-23 09:37 - 2016-02-23 09:37 - 00000000 ____D C:\Users\Bobros\AppData\Local\F727A298-4DB4-456A-AC54-A93EA5F8554D
2016-02-23 09:37 - 2016-02-23 09:37 - 00000000 ____D C:\Users\Bobros\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-02-22 18:37 - 2016-02-22 18:37 - 00001766 _____ C:\Users\Bobros\Desktop\FarmingSimulator2015Game – zástupce.lnk
2016-02-22 18:37 - 2016-02-22 18:37 - 00000000 ____D C:\Users\Bobros\Documents\My Games
2016-02-22 18:37 - 2016-02-22 18:37 - 00000000 ____D C:\ProgramData\Steam
2016-02-22 18:22 - 2016-02-22 18:25 - 00000000 ____D C:\Program Files\Farming Simulator 15
2016-02-22 18:22 - 2016-02-22 18:22 - 00000873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 15.lnk
2016-02-22 18:22 - 2016-02-22 18:22 - 00000873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 15 (x64).lnk
2016-02-22 18:18 - 2016-02-22 18:18 - 14326263 _____ C:\Users\Bobros\Desktop\DAEMON-Tools-Lite.zip
2016-02-22 18:01 - 2016-02-22 18:01 - 00000000 ____D C:\Users\Bobros\AppData\Local\Disc_Soft_Ltd
2016-02-22 17:59 - 2016-02-22 17:59 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-02-22 17:56 - 2016-02-22 17:58 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-02-22 17:53 - 2016-02-22 17:53 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-02-22 17:53 - 2016-02-22 17:53 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-02-22 17:53 - 2016-02-22 17:53 - 00001996 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-02-22 17:53 - 2016-02-22 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-02-22 17:52 - 2016-02-22 17:58 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2016-02-21 21:36 - 2016-02-21 21:36 - 00040988 _____ C:\Users\Bobros\Desktop\klaudianka.pdf
2016-02-21 21:20 - 2016-02-21 21:35 - 00007319 _____ C:\Users\Bobros\Desktop\klaudianka.dft
2016-02-21 21:20 - 2016-02-21 21:35 - 00007313 _____ C:\Users\Bobros\Desktop\klaudianka.bak
2016-02-17 16:09 - 2016-02-22 20:20 - 00103936 _____ C:\Users\Bobros\Desktop\final_order_fotbal.xls
2016-02-14 12:19 - 2016-02-14 12:19 - 00149590 _____ C:\Users\Bobros\Desktop\faktura leden 2016.pdf
2016-02-14 12:18 - 2016-02-14 12:18 - 00112575 _____ C:\Users\Bobros\Desktop\2016 Superposter.pdf
2016-02-14 12:18 - 2016-02-14 12:18 - 00061379 _____ C:\Users\Bobros\Desktop\Rok 2016.pdf
2016-02-11 23:28 - 2016-02-22 18:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-11 14:23 - 2016-02-06 11:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-11 14:23 - 2016-02-06 11:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-11 14:23 - 2016-02-06 11:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-11 14:23 - 2016-02-06 10:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-11 14:23 - 2016-02-06 10:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-11 14:23 - 2016-02-06 10:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-11 14:23 - 2016-02-06 10:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-11 14:23 - 2016-02-06 09:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 16:11 - 2016-02-10 16:11 - 00000000 ____D C:\Users\Bobros\Desktop\sokoban
2016-02-10 14:48 - 2016-01-22 09:01 - 22365992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 14:48 - 2016-01-22 08:11 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 14:48 - 2016-01-22 06:25 - 14467072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-02-10 14:48 - 2016-01-22 06:14 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-02-10 14:48 - 2016-01-22 06:07 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 14:48 - 2016-01-22 05:58 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 14:48 - 2016-01-10 18:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-02-10 14:48 - 2016-01-10 18:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 14:48 - 2016-01-10 18:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 14:48 - 2016-01-10 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-02-10 14:48 - 2016-01-10 18:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 14:48 - 2016-01-10 17:58 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 14:48 - 2016-01-10 17:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 14:48 - 2016-01-10 17:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 14:48 - 2016-01-10 17:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 14:48 - 2015-12-29 16:45 - 07783936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-10 14:48 - 2015-12-29 16:45 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-02-10 14:48 - 2015-12-29 16:43 - 05267968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-02-10 14:48 - 2015-12-29 16:42 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 14:47 - 2016-01-19 20:14 - 07453024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 14:47 - 2016-01-19 20:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-02-10 14:47 - 2016-01-19 20:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-02-10 14:47 - 2016-01-19 20:12 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 14:47 - 2016-01-19 20:12 - 01133744 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 14:47 - 2016-01-19 19:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-02-10 14:47 - 2016-01-19 19:23 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 14:47 - 2016-01-19 19:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-02-10 14:47 - 2016-01-19 19:15 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-10 14:47 - 2016-01-19 18:30 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 14:47 - 2016-01-19 17:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2016-02-10 14:47 - 2016-01-15 02:42 - 00033472 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 14:47 - 2016-01-14 21:44 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 14:47 - 2016-01-14 21:44 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 14:47 - 2016-01-14 21:44 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 14:47 - 2016-01-14 21:44 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 14:47 - 2016-01-14 21:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 14:47 - 2016-01-14 21:44 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 14:47 - 2016-01-10 20:37 - 00442720 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 14:47 - 2016-01-10 19:39 - 00332640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 14:47 - 2016-01-10 19:15 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 14:47 - 2016-01-10 19:15 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 14:47 - 2016-01-10 18:43 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-02-10 14:47 - 2016-01-10 18:09 - 01442304 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 14:47 - 2016-01-10 18:09 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-02-10 14:47 - 2016-01-10 18:02 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 14:47 - 2016-01-10 17:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-02-10 14:47 - 2016-01-10 17:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 14:47 - 2016-01-07 19:34 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 14:46 - 2016-01-22 07:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 14:46 - 2016-01-22 07:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 14:46 - 2016-01-22 07:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-02-10 14:46 - 2016-01-22 07:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 14:46 - 2016-01-22 07:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 14:46 - 2016-01-22 06:55 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-02-10 14:46 - 2016-01-22 06:52 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-02-10 14:46 - 2016-01-22 06:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 14:46 - 2016-01-22 06:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 14:46 - 2016-01-22 06:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 14:46 - 2016-01-22 06:48 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 14:46 - 2016-01-22 06:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 14:46 - 2016-01-22 06:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 14:46 - 2016-01-22 06:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 14:46 - 2016-01-22 06:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 14:46 - 2016-01-22 06:31 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-02-10 14:46 - 2016-01-22 06:28 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-02-10 14:46 - 2016-01-22 06:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 14:46 - 2016-01-22 06:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 14:46 - 2016-01-22 06:25 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 14:46 - 2016-01-22 06:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 14:46 - 2016-01-22 06:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 14:46 - 2016-01-22 06:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 14:46 - 2016-01-22 06:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 14:46 - 2016-01-06 19:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 14:46 - 2015-12-28 22:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll
2016-02-10 14:46 - 2015-12-28 21:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll
2016-02-10 14:45 - 2016-01-10 20:37 - 00136912 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-10 14:45 - 2016-01-10 17:51 - 03707392 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 14:45 - 2016-01-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-10 14:45 - 2016-01-10 17:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-10 14:45 - 2016-01-10 17:36 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-02-10 14:45 - 2016-01-10 17:36 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-10 14:45 - 2016-01-10 17:35 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-10 14:45 - 2016-01-10 17:35 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 14:45 - 2016-01-10 17:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-10 14:45 - 2016-01-10 17:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-10 14:45 - 2016-01-10 17:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-10 14:45 - 2016-01-10 17:26 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 14:45 - 2015-12-17 19:29 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 14:45 - 2015-12-17 17:17 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-09 09:02 - 2016-02-09 17:46 - 00010878 _____ C:\Users\Bobros\Desktop\Rozpočet Na Klaudiánce.xlsx
2016-02-08 22:58 - 2016-02-08 22:58 - 00293199 _____ C:\Users\Bobros\Desktop\HomeTicket(1).pdf
2016-02-08 22:13 - 2016-02-08 22:27 - 00124198 _____ C:\Users\Bobros\Desktop\BROŽ-PLNÁ MOC.pdf
2016-02-08 21:48 - 2016-02-08 21:48 - 00120438 _____ C:\Users\Bobros\Desktop\Podpis Jirka.bmp
2016-02-01 22:35 - 2016-02-12 01:16 - 00024493 _____ C:\Program.RPT
2016-01-30 22:01 - 2016-01-30 22:10 - 593877482 _____ C:\Users\Bobros\Desktop\Dva.a.půl.chlapa.12x15-16.Jasně.že.je.mrtvý.DVB-T.CZ.avi
2016-01-25 17:32 - 2016-01-25 17:36 - 00009754 _____ C:\Users\Bobros\Desktop\nám hrdinů.xlsx
2016-01-25 17:29 - 2016-01-25 17:29 - 00009715 _____ C:\Users\Bobros\Desktop\Husitská.xlsx
2016-01-25 17:18 - 2016-01-25 17:19 - 00009925 _____ C:\Users\Bobros\Desktop\Kongresová.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 22:28 - 2014-11-22 01:30 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-23 22:22 - 2014-11-20 08:37 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2116813865-1665594829-4199684996-1001
2016-02-23 22:13 - 2014-11-21 16:45 - 00000972 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-23 22:12 - 2015-02-05 15:50 - 00000968 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0415321303be8.job
2016-02-23 22:09 - 2014-11-21 17:40 - 00000000 ___RD C:\Users\Bobros\Disk Google
2016-02-23 22:09 - 2014-11-21 16:45 - 00000968 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-23 22:08 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-23 21:44 - 2014-11-21 19:46 - 00000000 ____D C:\Users\Bobros\AppData\Roaming\ClassicShell
2016-02-23 21:44 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-02-23 09:37 - 2014-11-25 17:37 - 00001889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-23 09:14 - 2014-03-18 16:33 - 01749406 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-23 09:14 - 2014-03-18 15:54 - 00740962 _____ C:\Windows\system32\perfh005.dat
2016-02-23 09:14 - 2014-03-18 15:54 - 00152146 _____ C:\Windows\system32\perfc005.dat
2016-02-23 09:14 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-02-23 08:45 - 2014-11-21 20:59 - 00000000 ____D C:\ProgramData\TEMP
2016-02-22 18:37 - 2014-12-24 00:27 - 00000000 ____D C:\Users\Bobros\AppData\Roaming\NVIDIA
2016-02-22 18:05 - 2014-11-25 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-22 18:04 - 2014-11-20 08:32 - 00000000 ____D C:\Users\Bobros
2016-02-22 18:02 - 2014-11-27 00:56 - 00000000 ____D C:\Users\Bobros\AppData\Roaming\DAEMON Tools Lite
2016-02-22 17:53 - 2014-11-27 00:56 - 00381608 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2016-02-21 12:23 - 2015-08-05 22:11 - 00000000 ____D C:\Users\Bobros\AppData\Local\ElevatedDiagnostics
2016-02-18 08:22 - 2014-11-22 21:42 - 00000000 ___RD C:\Users\Bobros\Desktop\Přílohy emailu
2016-02-16 15:52 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2016-02-13 18:01 - 2013-08-22 15:44 - 00482256 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-13 17:58 - 2015-11-16 00:35 - 775181363 _____ C:\Windows\MEMORY.DMP
2016-02-13 17:58 - 2015-04-15 23:08 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-13 17:58 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2016-02-11 14:31 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-02-11 14:31 - 2013-08-22 14:25 - 00000167 _____ C:\Windows\win.ini
2016-02-11 14:27 - 2014-11-22 19:45 - 00000000 ____D C:\Windows\system32\MRT
2016-02-11 14:27 - 2014-03-18 16:10 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 14:24 - 2014-11-22 19:45 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-11 00:14 - 2014-11-23 17:49 - 00000000 ____D C:\Users\Bobros\AppData\Roaming\vlc
2016-02-10 15:28 - 2014-11-22 01:30 - 00003802 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 14:45 - 2015-11-11 10:20 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-02-10 14:45 - 2015-11-11 10:20 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 13:54 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-10 13:54 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-09 08:56 - 2015-11-30 14:19 - 00000000 ____D C:\Users\Bobros\Desktop\SendAnywhere
2016-02-08 21:57 - 2014-11-21 20:26 - 00000000 ____D C:\Users\Bobros\AppData\Local\Microsoft Help
2016-02-04 22:34 - 2015-08-09 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2016-02-04 16:48 - 2015-01-09 16:54 - 00000000 ____D C:\Users\Bobros\Desktop\x86
2016-02-02 03:37 - 2013-08-22 16:38 - 00828920 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-02 03:37 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-25 17:54 - 2015-03-13 09:40 - 00020186 _____ C:\Users\Bobros\Desktop\města duchů.xlsx

==================== Files in the root of some directories =======

2015-07-29 15:05 - 2015-07-29 15:05 - 0000268 ___RH () C:\Users\Bobros\AppData\Roaming\Filter
2015-07-29 15:06 - 2015-07-29 15:06 - 0000268 ___RH () C:\Users\Bobros\AppData\Roaming\Filters
2015-07-29 15:05 - 2015-07-29 15:05 - 0000268 ___RH () C:\Users\Bobros\AppData\Roaming\Flags
2015-07-29 15:04 - 2015-07-29 15:04 - 0000268 ___RH () C:\Users\Bobros\AppData\Roaming\Funk Animals
2015-01-05 18:02 - 2015-11-14 00:24 - 0004608 _____ () C:\Users\Bobros\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-23 17:22 - 2014-11-20 23:30 - 0000205 _____ () C:\Users\Bobros\AppData\Local\MRDownloader.err
2014-11-23 17:22 - 2015-04-21 16:41 - 0001080 _____ () C:\Users\Bobros\AppData\Local\MRDownloader.nast
2015-02-27 18:06 - 2015-02-27 18:18 - 0007631 _____ () C:\Users\Bobros\AppData\Local\Resmon.ResmonCfg
2015-07-29 15:05 - 2015-07-29 15:05 - 0000268 ___RH () C:\ProgramData\Flanger
2015-07-29 15:06 - 2015-07-29 15:06 - 0000268 ___RH () C:\ProgramData\Flowers
2015-07-29 15:05 - 2015-07-29 15:05 - 0000268 ___RH () C:\ProgramData\Folder Actions
2015-07-29 15:04 - 2015-07-29 15:05 - 0000012 ___RH () C:\ProgramData\Generic
2015-07-29 15:06 - 2015-07-29 15:06 - 0000012 ___RH () C:\ProgramData\Grapher
2015-07-29 15:05 - 2015-07-29 15:05 - 0000012 ___RH () C:\ProgramData\Guides
2015-07-29 15:04 - 2015-07-29 15:04 - 0000012 ___RH () C:\ProgramData\InkjetPrinter
2015-07-29 15:04 - 2015-07-29 15:04 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2015-07-29 15:06 - 2015-07-29 15:06 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2015-07-29 15:05 - 2015-08-02 22:41 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-07-29 15:05 - 2015-09-30 08:41 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Some files in TEMP:
====================
C:\Users\Bobros\AppData\Local\Temp\cmunst_.exe
C:\Users\Bobros\AppData\Local\Temp\DAEMON Tools Lite.exe
C:\Users\Bobros\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Bobros\AppData\Local\Temp\InstHelper.exe
C:\Users\Bobros\AppData\Local\Temp\ResetDevice.exe
C:\Users\Bobros\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Bobros\AppData\Local\Temp\sfareca00001.dll
C:\Users\Bobros\AppData\Local\Temp\sfextra.dll
C:\Users\Bobros\AppData\Local\Temp\Uninstall.exe
C:\Users\Bobros\AppData\Local\Temp\_is8184.exe
C:\Users\Bobros\AppData\Local\Temp\_is87E4.exe
C:\Users\Bobros\AppData\Local\Temp\_isAE9D.exe
C:\Users\Bobros\AppData\Local\Temp\_isC185.exe
C:\Users\Bobros\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-15 09:37

==================== End of FRST.txt ============================

Re: Odstranění yessearches

Napsal: 24 úno 2016 12:39
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {14a685de-b281-11e4-8280-303a64e2102a} - "H:\AutoRun.exe"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {1b6178ae-6b64-11e5-82c8-303a64e2102a} - "H:\Launcher.exe"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {1b6178db-6b64-11e5-82c8-303a64e2102a} - "H:\Launcher.exe"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {6ac6fd68-d986-11e5-82f4-303a64e2102a} - "G:\setup.exe"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {fc37d891-a8f0-11e5-82dc-303a64e2102a} - "H:\LaunchU3.exe" -a
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
FF Extension: Facebook Messenger - C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\w5reio7j.default\Extensions\{249b4e45-4fb9-4f6b-9754-7c0c1e605d44}.xpi [2016-02-19]
C:\Users\Bobros\AppData\Local\F727A298-4DB4-456A-AC54-A93EA5F8554D
C:\Users\Bobros\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0415321303be8.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Bobros\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Bobros\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Odstranění yessearches

Napsal: 24 úno 2016 14:48
od Bobros
Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by Bobros (2016-02-24 14:42:21) Run:1
Running from C:\Users\Bobros\Desktop
Loaded Profiles: Bobros (Available Profiles: Bobros)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {14a685de-b281-11e4-8280-303a64e2102a} - "H:\AutoRun.exe"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {1b6178ae-6b64-11e5-82c8-303a64e2102a} - "H:\Launcher.exe"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {1b6178db-6b64-11e5-82c8-303a64e2102a} - "H:\Launcher.exe"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {6ac6fd68-d986-11e5-82f4-303a64e2102a} - "G:\setup.exe"
HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\...\MountPoints2: {fc37d891-a8f0-11e5-82dc-303a64e2102a} - "H:\LaunchU3.exe" -a
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
FF Extension: Facebook Messenger - C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\w5reio7j.default\Extensions\{249b4e45-4fb9-4f6b-9754-7c0c1e605d44}.xpi [2016-02-19]
C:\Users\Bobros\AppData\Local\F727A298-4DB4-456A-AC54-A93EA5F8554D
C:\Users\Bobros\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0415321303be8.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Bobros\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Bobros\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14a685de-b281-11e4-8280-303a64e2102a}" => key removed successfully
HKCR\CLSID\{14a685de-b281-11e4-8280-303a64e2102a} => key not found.
"HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b6178ae-6b64-11e5-82c8-303a64e2102a}" => key removed successfully
HKCR\CLSID\{1b6178ae-6b64-11e5-82c8-303a64e2102a} => key not found.
"HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b6178db-6b64-11e5-82c8-303a64e2102a}" => key removed successfully
HKCR\CLSID\{1b6178db-6b64-11e5-82c8-303a64e2102a} => key not found.
"HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac6fd68-d986-11e5-82f4-303a64e2102a}" => key removed successfully
HKCR\CLSID\{6ac6fd68-d986-11e5-82f4-303a64e2102a} => key not found.
"HKU\S-1-5-21-2116813865-1665594829-4199684996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc37d891-a8f0-11e5-82dc-303a64e2102a}" => key removed successfully
HKCR\CLSID\{fc37d891-a8f0-11e5-82dc-303a64e2102a} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Users\Bobros\AppData\Roaming\Mozilla\Firefox\Profiles\w5reio7j.default\Extensions\{249b4e45-4fb9-4f6b-9754-7c0c1e605d44}.xpi => moved successfully
C:\Users\Bobros\AppData\Local\F727A298-4DB4-456A-AC54-A93EA5F8554D => moved successfully
C:\Users\Bobros\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0415321303be8.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Users\Bobros\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\Bobros\AppData\Local\Temp" folder move:

Could not move "C:\Users\Bobros\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-24 14:46:38)

C:\Users\Bobros\AppData\Local\Temp => moved successfully

==== End of Fixlog 14:46:38 ====

Re: Odstranění yessearches

Napsal: 24 úno 2016 16:46
od Rudy
Smazáno. Nastala nějaká změna?

Re: Odstranění yessearches

Napsal: 24 úno 2016 17:02
od Bobros
Vypadá, že vše je v pořádku, akorát byl problém trochu nastartovat google disc, ale už to šlape. Děkuji moc

Re: Odstranění yessearches

Napsal: 24 úno 2016 17:59
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz