Pomalý notebook + otvorené okienko po spustení

Zpráva

hydroplan · #1 Příspěvek od **hydroplan** » 19 srp 2016 10:39

Pekný deň. Od určitej doby sa mi výrazne spomalil notebook. Reinštalácia W7 nepomohla. Teraz sa mi naviac po štarte objavilo v rohu malé okienko, kde je len krížik na vypnutie. Zatiaľ sa mi ho nepodarilo identifikovať. Prosím o kontrolu logu.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:05:17, on 19. 8. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
C:\Program Files (x86)\Opera\39.0.2256.48\opera_crashreporter.exe
C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
C:\Users\hawk\AppData\Local\Temp\scoped_dir1416_4693\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C5CAF15-C6D4-40B8-B422-EFF73EB705A6}: NameServer = 213.151.222.34 85.237.225.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6A27B38-2592-4F93-9F16-18BBC9292ED1}: NameServer = 213.151.222.34 85.237.225.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAAAC4F2-9BF3-4229-96E4-73FA4AA5A99D}: NameServer = 213.151.222.34 85.237.225.250
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\nlssrv32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13010 bytes

#2 Příspěvek od **Rudy** » 19 srp 2016 17:04

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . HijackThis už je za zenitem.

hydroplan · #3 Příspěvek od **hydroplan** » 20 srp 2016 20:57

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2016
Ran by hawk (administrator) on HAWK-HP (20-08-2016 21:36:39)
Running from C:\Users\hawk\Desktop
Loaded Profiles: hawk (Available Profiles: hawk & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera_crashreporter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(forum.viry.cz) C:\Users\hawk\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files\Motorola\Bluetooth\btmshell.dll [24783624 2010-06-10] (Motorola, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2010-01-12] (PDF Complete Inc)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {2c402cc2-25e0-11e6-86c6-1cc1deaeb109} - G:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {7f8ee952-33ee-11e6-8626-1cc1deaeb109} - G:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {84a2240c-24f6-11e6-8468-1cc1deaeb109} - I:\Startme.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {b1552506-2037-11e6-a349-1cc1deaeb109} - D:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {b1552514-2037-11e6-a349-1cc1deaeb109} - G:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {c7482b30-226a-11e6-9ee4-1cc1deaeb109} - D:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2016-05-24] (Microsoft Corporation)
Startup: C:\Users\hawk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-06-07]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{00598277-BF62-49D0-A714-4051A5BB6587}: [DhcpNameServer] 10.1.100.49 94.229.39.166 192.168.1.1
Tcpip\..\Interfaces\{9C5CAF15-C6D4-40B8-B422-EFF73EB705A6}: [NameServer] 213.151.222.34 85.237.225.250
Tcpip\..\Interfaces\{C6A27B38-2592-4F93-9F16-18BBC9292ED1}: [NameServer] 213.151.222.34 85.237.225.250
Tcpip\..\Interfaces\{EAAAC4F2-9BF3-4229-96E4-73FA4AA5A99D}: [NameServer] 213.151.222.34 85.237.225.250

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
SearchScopes: HKLM -> DefaultScope {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001 -> DefaultScope {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-06-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\hawk\AppData\Roaming\Mozilla\Firefox\Profiles\c3692hjo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-31] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Extension: Screengrab (fix version) - C:\Users\hawk\AppData\Roaming\Mozilla\Firefox\Profiles\c3692hjo.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2016-07-26]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-22]
CHR Extension: (Duolingo on the Web) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-06-21]
CHR Extension: (Tlmočník pre všetky jazyky) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdeidgbmcliegnpcbbkhlflkbdpomhk [2016-05-22]
CHR Extension: (Dokumenty Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-22]
CHR Extension: (Disk Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-22]
CHR Extension: (MEGA) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-08-11]
CHR Extension: (YouTube) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-22]
CHR Extension: (Adblock Plus) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-09]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2016-05-22]
CHR Extension: (Black Hole Sun) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjflaldchiphekckakjglcfjiomhjobc [2016-05-22]
CHR Extension: (Timer) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2016-05-22]
CHR Extension: (Kalendár Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-05-22]
CHR Extension: (Tabuľky Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-22]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-23]
CHR Extension: (Customizable startpage by Domostra homepage) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\iijggnjpdajkbhmnmofglkmoimfbjnjo [2016-05-22]
CHR Extension: (Mapy Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-05-22]
CHR Extension: (Kontrola pošty Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-05-22]
CHR Extension: (Lomo+) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihmjgdafbdggpgjfaeinppnlnpgelnj [2016-05-22]
CHR Extension: (Pocket) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-05-22]
CHR Extension: (Save to Pocket) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-08-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-22]
CHR Extension: (piZap Photo Editor) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2016-05-22]
CHR Extension: (Evernote Web Clipper) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-07-09]
CHR Extension: (Gmail) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-22]
CHR Extension: (Chrome Media Router) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-11]

Opera:
=======
OPR Extension: (Evernote Web Clipper) - C:\Users\hawk\AppData\Roaming\Opera Software\Opera Stable\Extensions\afgbccjghcnbcdjgogpckamibfkceahd [2016-07-06]
OPR Extension: (Preložiť) - C:\Users\hawk\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2016-05-31]
OPR Extension: (Adblock Plus) - C:\Users\hawk\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-07-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-06-09] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2016-05-22] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-07-01] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [651856 2013-10-26] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 nlsX86cc; C:\windows\SysWOW64\nlssrv32.exe [66560 2011-11-15] (Nalpeiron Ltd.) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-01-12] (PDF Complete Inc)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-29] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2016-05-25] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.)
R3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [380672 2014-09-30] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-04-27] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-20 21:36 - 2016-08-20 21:39 - 00021654 _____ C:\Users\hawk\Desktop\FRST.txt
2016-08-20 21:34 - 2016-08-20 21:36 - 00000000 ____D C:\FRST
2016-08-20 21:30 - 2016-08-20 21:30 - 00112640 _____ (forum.viry.cz) C:\Users\hawk\Desktop\FRSTLauncher.exe
2016-08-20 21:29 - 2016-08-20 21:29 - 02396160 _____ (Farbar) C:\Users\hawk\Desktop\FRST64.exe
2016-08-20 18:28 - 2016-08-20 18:38 - 00000000 ____D C:\Users\hawk\AppData\Local\Microsoft Games
2016-08-19 10:24 - 2016-08-19 10:25 - 00046080 _____ C:\Users\hawk\Documents\cc_20160819_102413.reg
2016-08-19 10:08 - 2016-08-19 12:31 - 00000000 ____D C:\Program Files\trend micro
2016-08-19 10:08 - 2016-08-19 10:08 - 01222144 _____ C:\Users\hawk\Downloads\RSITx64.exe
2016-08-19 10:08 - 2016-08-19 10:08 - 00000000 ____D C:\rsit
2016-08-19 10:02 - 2016-08-19 10:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\hawk\Downloads\hijackthis.exe
2016-08-19 09:59 - 2016-08-19 09:59 - 00371282 _____ C:\Users\hawk\Downloads\gmer.zip
2016-08-19 09:39 - 2016-08-19 09:39 - 00000000 ____D C:\Users\hawk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-19 09:39 - 2016-08-19 09:39 - 00000000 ____D C:\Program Files (x86)\CCleaner
2016-08-19 09:37 - 2016-08-19 09:37 - 03310608 _____ (Piriform Ltd) C:\Users\hawk\Desktop\ccsetup225.exe
2016-08-17 23:28 - 2016-08-17 23:28 - 00000000 ____D C:\Users\hawk\AppData\Local\CrashDumps
2016-08-14 22:35 - 2016-08-14 22:35 - 00001523 _____ C:\Users\hawk\Documents\malware.txt
2016-08-14 20:59 - 2016-08-14 21:01 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-14 20:59 - 2016-08-14 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-14 20:59 - 2016-08-14 20:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-14 20:59 - 2016-08-14 20:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-14 20:59 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-08-14 20:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-08-14 20:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-08-11 12:23 - 2016-08-11 13:29 - 00000000 ____D C:\Users\hawk\Downloads\DUCHOVNÍ MOLEKULA - dokument o DMT a převratném vědeckém výzkumu
2016-08-11 09:25 - 2011-07-09 14:05 - 131810988 _____ C:\Users\hawk\Desktop\Kniha - Dobrodružné hry a cvičení v přírodě.pdf
2016-08-10 17:54 - 2016-08-10 18:01 - 125381931 _____ C:\Users\hawk\Desktop\Kniha---Dobrodružné-hry-a-cvičení-v-přírodě.zip
2016-08-10 09:41 - 2016-08-10 09:41 - 00019456 _____ C:\Users\hawk\Desktop\kalkulacka-krmiva-sliepky.xls
2016-08-09 15:43 - 2016-08-09 15:43 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2016-08-09 15:42 - 2016-08-09 15:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe
2016-08-09 15:42 - 2016-08-09 15:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe
2016-08-09 15:41 - 2016-08-17 23:26 - 00000000 ____D C:\Users\hawk\AppData\Roaming\onOne Software
2016-08-09 15:40 - 2016-08-09 15:40 - 00000000 ____D C:\Users\Guest\AppData\Roaming\onOne Software
2016-08-09 15:39 - 2016-08-09 15:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\onOne Software
2016-08-09 15:39 - 2016-08-09 15:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\onOne Software
2016-08-09 15:27 - 2016-08-09 15:43 - 00000000 ____D C:\Program Files (x86)\onOne Software
2016-08-09 15:27 - 2016-08-09 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
2016-08-09 15:27 - 2016-08-09 15:37 - 00000000 ____D C:\Program Files\onOne Software
2016-08-09 15:27 - 2016-08-09 15:27 - 00000000 ____D C:\windows\SysWOW64\spool
2016-08-09 15:27 - 2011-11-15 03:15 - 00066560 _____ (Nalpeiron Ltd.) C:\windows\SysWOW64\nlssrv32.exe
2016-08-09 15:27 - 2011-11-15 03:15 - 00066560 _____ (Nalpeiron Ltd.) C:\windows\system32\nlssrv32.exe
2016-08-09 15:26 - 2016-08-09 15:37 - 00000000 ____D C:\ProgramData\onOne Software
2016-08-09 15:23 - 2016-08-09 15:23 - 00000000 ____D C:\Users\hawk\AppData\Roaming\Zoner
2016-08-09 15:23 - 2016-08-09 15:23 - 00000000 ____D C:\Users\hawk\AppData\Local\Zoner
2016-08-09 12:44 - 2016-08-09 12:44 - 00000000 ____D C:\Users\hawk\Downloads\Perfect Suite.6.0.1.x86x64
2016-08-09 12:32 - 2016-08-09 12:33 - 00000000 ____D C:\ProgramData\Zoner
2016-08-09 12:32 - 2016-08-09 12:32 - 00001982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Zoner Photo Studio 17.lnk
2016-08-09 12:32 - 2016-08-09 12:32 - 00001976 _____ C:\Users\Public\Desktop\Zoner Photo Studio 17.lnk
2016-08-09 12:30 - 2016-08-09 12:30 - 00000000 ____D C:\Program Files\Zoner
2016-08-09 12:26 - 2016-08-09 12:27 - 80591960 _____ (ZONER software ) C:\Users\hawk\Downloads\zps17_en_pro_bdj2-August2016.exe
2016-08-09 11:53 - 2016-08-09 12:32 - 2171384272 _____ C:\Users\hawk\Downloads\Perfect Suite.6.0.1.x86x64.zip
2016-08-08 23:15 - 2016-08-08 23:15 - 00000000 ____D C:\Program Files (x86)\GUM117F.tmp
2016-08-08 11:52 - 2016-08-08 11:52 - 00000000 ____D C:\Users\hawk\AppData\Local\ElevatedDiagnostics
2016-08-06 10:10 - 2016-08-06 10:10 - 03164340 _____ C:\Users\hawk\Desktop\Priloha_6_6_17_Management_plan_201604.pdf
2016-08-02 16:32 - 2016-08-02 16:32 - 00586212 _____ C:\Users\hawk\Desktop\Install_VX_ENG.pdf
2016-07-31 20:24 - 2016-07-31 20:24 - 00000000 ____D C:\Users\hawk\AppData\Local\Macromedia
2016-07-23 00:28 - 2016-07-23 00:28 - 00000000 ____D C:\Users\hawk\AppData\Local\Kosata6

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-20 21:23 - 2009-07-14 06:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-20 21:23 - 2009-07-14 06:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-20 21:04 - 2016-05-22 18:40 - 00000932 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-20 21:04 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-20 18:57 - 2016-05-22 18:40 - 00000936 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-20 18:26 - 2016-06-04 10:03 - 00000000 ____D C:\Users\hawk\AppData\Roaming\Skype
2016-08-19 09:10 - 2016-05-26 20:12 - 00000000 ____D C:\Users\hawk\AppData\Local\Adobe
2016-08-18 08:33 - 2009-07-14 07:08 - 00032568 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-08-17 23:13 - 2016-05-29 06:53 - 00000020 ____H C:\ProgramData\PKP_DLbx.DAT
2016-08-17 11:22 - 2016-06-28 12:41 - 00000000 ____D C:\Users\hawk\Documents\Transylwahnja
2016-08-15 15:08 - 2009-07-14 05:20 - 00000000 ____D C:\windows\Vss
2016-08-14 15:42 - 2010-09-09 23:23 - 00000000 ____D C:\ProgramData\PDFC
2016-08-11 13:46 - 2016-05-24 20:51 - 00000000 ____D C:\Users\hawk\AppData\Local\JDownloader v2.0
2016-08-11 12:37 - 2016-06-02 11:21 - 00000000 ____D C:\Users\hawk\Documents\DRUŽIVA
2016-08-11 11:40 - 2009-07-14 07:13 - 00781298 _____ C:\windows\system32\PerfStringBackup.INI
2016-08-11 11:40 - 2009-07-14 05:20 - 00000000 ____D C:\windows\inf
2016-08-10 18:49 - 2016-05-22 17:54 - 00000000 ____D C:\ProgramData\Skype
2016-08-10 18:48 - 2016-06-04 10:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-09 22:32 - 2016-06-04 16:46 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-08-09 22:32 - 2016-06-04 16:46 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-09 15:27 - 2010-09-09 23:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-09 00:00 - 2016-05-22 18:43 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-06 00:18 - 2016-05-22 18:38 - 00000000 ____D C:\Users\hawk\AppData\Roaming\Adobe
2016-08-05 11:12 - 2016-05-27 15:24 - 00003856 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1464355441
2016-08-05 11:12 - 2016-05-27 15:24 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-31 20:23 - 2016-05-26 20:22 - 00000000 ____D C:\windows\system32\Macromed
2016-07-31 20:23 - 2010-09-09 23:25 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-07-30 11:34 - 2016-05-25 12:43 - 00000000 ____D C:\Users\hawk\Desktop\nanet
2016-07-29 11:52 - 2016-05-22 18:40 - 00003932 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 11:52 - 2016-05-22 18:40 - 00003680 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2016-05-29 07:03 - 2016-05-29 07:03 - 0000268 ___RH () C:\Users\hawk\AppData\Roaming\Commands
2016-06-20 16:26 - 2016-06-20 21:16 - 0001480 _____ () C:\Users\hawk\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2016-05-26 08:33 - 2016-05-30 12:45 - 0007594 _____ () C:\Users\hawk\AppData\Local\Resmon.ResmonCfg
2016-05-29 07:03 - 2016-05-29 07:03 - 0000268 ___RH () C:\ProgramData\Conditionals
2010-09-09 23:58 - 2010-09-09 23:58 - 0000193 _____ () C:\ProgramData\HPWALog.txt
2016-05-29 07:03 - 2016-05-29 07:03 - 0000012 ___RH () C:\ProgramData\InkjetPrinter
2016-05-29 06:53 - 2016-08-17 23:13 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Out of date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Out of date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\hawk\Desktop" je 446 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#4 Příspěvek od **Rudy** » 20 srp 2016 21:15

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

hydroplan · #5 Příspěvek od **hydroplan** » 20 srp 2016 22:22

# AdwCleaner v6.000 - *Logfile created 20/08/2016 *at 23:07:11
# *Updated on 12/08/2016 by ToolsLib
# *Database : 2016-08-20.1 [*Server]
# *Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# *Username : hawk - HAWK-HP
# *Running from : C:\Users\hawk\AppData\Local\Temp\scoped_dir3268_4013\adwcleaner_6.000.exe
# *Mode: Clean
# *Support : https://toolslib.net/forum

***** [ *Services ] *****

***** [ *Folders ] *****

[-] *Folder deleted: C:\Program Files (x86)\DAEMON Tools Toolbar

***** [ *Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ *Shortcuts ] *****

***** [ *Scheduled Tasks ] *****

***** [ *Registry ] *****

[-] *Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] *Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] *Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] *Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
[-] *Key deleted: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\APN PIP
[-] *Key deleted: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\dt soft\daemon tools toolbar
[-] *Key deleted: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\PIP
[#] *Key deleted on reboot: HKCU\Software\APN PIP
[#] *Key deleted on reboot: HKCU\Software\dt soft\daemon tools toolbar
[#] *Key deleted on reboot: HKCU\Software\PIP
[-] *Key deleted: HKLM\SOFTWARE\PIP

***** [ *Browsers ] *****

[-] [facemoods.com] [Search Provider] *Deleted: facemoods.com
[-] [jdownloader-portable.en.softonic.com] [Search Provider] *Deleted: jdownloader-portable.en.softonic.com

*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2251 *Bytes] - [20/08/2016 23:07:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [2492 *Bytes] - [20/08/2016 23:05:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2399 *Bytes] ##########

#6 Příspěvek od **Rudy** » 21 srp 2016 10:25

Dejte nový log FRST.

hydroplan · #7 Příspěvek od **hydroplan** » 21 srp 2016 11:03

to okienko sa mi zakaždým zapnutím neobjaví. ale asi som ho už identifikoval. mal by to byť data card monitor. len nechápem prečo okienko.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016
Ran by hawk (administrator) on HAWK-HP (21-08-2016 11:43:16)
Running from C:\Users\hawk\Desktop
Loaded Profiles: hawk (Available Profiles: hawk & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe
(forum.viry.cz) C:\Users\hawk\Desktop\FRST-OlderVersion\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files\Motorola\Bluetooth\btmshell.dll [24783624 2010-06-10] (Motorola, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2010-01-12] (PDF Complete Inc)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {2c402cc2-25e0-11e6-86c6-1cc1deaeb109} - G:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {7f8ee952-33ee-11e6-8626-1cc1deaeb109} - G:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {84a2240c-24f6-11e6-8468-1cc1deaeb109} - I:\Startme.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {b1552506-2037-11e6-a349-1cc1deaeb109} - D:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {b1552514-2037-11e6-a349-1cc1deaeb109} - G:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {c7482b30-226a-11e6-9ee4-1cc1deaeb109} - D:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2016-05-24] (Microsoft Corporation)
Startup: C:\Users\hawk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-06-07]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{00598277-BF62-49D0-A714-4051A5BB6587}: [DhcpNameServer] 10.1.100.49 94.229.39.166 192.168.1.1
Tcpip\..\Interfaces\{9C5CAF15-C6D4-40B8-B422-EFF73EB705A6}: [NameServer] 213.151.222.34 85.237.225.250
Tcpip\..\Interfaces\{C6A27B38-2592-4F93-9F16-18BBC9292ED1}: [NameServer] 213.151.222.34 85.237.225.250
Tcpip\..\Interfaces\{EAAAC4F2-9BF3-4229-96E4-73FA4AA5A99D}: [NameServer] 213.151.222.34 85.237.225.250

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
SearchScopes: HKLM -> DefaultScope {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001 -> DefaultScope {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-06-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\hawk\AppData\Roaming\Mozilla\Firefox\Profiles\c3692hjo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-31] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Extension: Screengrab (fix version) - C:\Users\hawk\AppData\Roaming\Mozilla\Firefox\Profiles\c3692hjo.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2016-07-26]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-22]
CHR Extension: (Duolingo on the Web) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-06-21]
CHR Extension: (Tlmočník pre všetky jazyky) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdeidgbmcliegnpcbbkhlflkbdpomhk [2016-05-22]
CHR Extension: (Dokumenty Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-22]
CHR Extension: (Disk Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-22]
CHR Extension: (MEGA) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-08-11]
CHR Extension: (YouTube) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-22]
CHR Extension: (Adblock Plus) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-09]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2016-05-22]
CHR Extension: (Black Hole Sun) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjflaldchiphekckakjglcfjiomhjobc [2016-05-22]
CHR Extension: (Timer) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2016-05-22]
CHR Extension: (Kalendár Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-05-22]
CHR Extension: (Tabuľky Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-22]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-23]
CHR Extension: (Customizable startpage by Domostra homepage) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\iijggnjpdajkbhmnmofglkmoimfbjnjo [2016-05-22]
CHR Extension: (Mapy Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-05-22]
CHR Extension: (Kontrola pošty Google) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-05-22]
CHR Extension: (Lomo+) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihmjgdafbdggpgjfaeinppnlnpgelnj [2016-05-22]
CHR Extension: (Pocket) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-05-22]
CHR Extension: (Save to Pocket) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-08-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-22]
CHR Extension: (piZap Photo Editor) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2016-05-22]
CHR Extension: (Evernote Web Clipper) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-07-09]
CHR Extension: (Gmail) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-22]
CHR Extension: (Chrome Media Router) - C:\Users\hawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-11]

Opera:
=======
OPR Extension: (Evernote Web Clipper) - C:\Users\hawk\AppData\Roaming\Opera Software\Opera Stable\Extensions\afgbccjghcnbcdjgogpckamibfkceahd [2016-07-06]
OPR Extension: (Preložiť) - C:\Users\hawk\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2016-05-31]
OPR Extension: (Adblock Plus) - C:\Users\hawk\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-07-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-06-09] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2016-05-22] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-07-01] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [651856 2013-10-26] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 nlsX86cc; C:\windows\SysWOW64\nlssrv32.exe [66560 2011-11-15] (Nalpeiron Ltd.) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-01-12] (PDF Complete Inc)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-29] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2016-05-25] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.)
R3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [380672 2014-09-30] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-04-27] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-21 11:43 - 2016-08-21 11:43 - 00020470 _____ C:\Users\hawk\Desktop\FRST.txt
2016-08-21 11:43 - 2016-08-21 11:43 - 00000000 ____D C:\Users\hawk\Desktop\FRST-OlderVersion
2016-08-20 23:02 - 2016-08-20 23:07 - 00000000 ____D C:\AdwCleaner
2016-08-20 23:02 - 2016-08-20 23:02 - 03784256 _____ C:\Users\hawk\Desktop\adwcleaner_6.000.exe
2016-08-20 21:34 - 2016-08-21 11:43 - 00000000 ____D C:\FRST
2016-08-20 21:29 - 2016-08-21 11:43 - 02395648 _____ (Farbar) C:\Users\hawk\Desktop\FRST64.exe
2016-08-20 18:28 - 2016-08-20 18:38 - 00000000 ____D C:\Users\hawk\AppData\Local\Microsoft Games
2016-08-19 10:24 - 2016-08-19 10:25 - 00046080 _____ C:\Users\hawk\Documents\cc_20160819_102413.reg
2016-08-19 10:08 - 2016-08-19 12:31 - 00000000 ____D C:\Program Files\trend micro
2016-08-19 10:08 - 2016-08-19 10:08 - 01222144 _____ C:\Users\hawk\Downloads\RSITx64.exe
2016-08-19 10:08 - 2016-08-19 10:08 - 00000000 ____D C:\rsit
2016-08-19 10:02 - 2016-08-19 10:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\hawk\Downloads\hijackthis.exe
2016-08-19 09:59 - 2016-08-19 09:59 - 00371282 _____ C:\Users\hawk\Downloads\gmer.zip
2016-08-19 09:39 - 2016-08-19 09:39 - 00000000 ____D C:\Users\hawk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-19 09:39 - 2016-08-19 09:39 - 00000000 ____D C:\Program Files (x86)\CCleaner
2016-08-19 09:37 - 2016-08-19 09:37 - 03310608 _____ (Piriform Ltd) C:\Users\hawk\Desktop\ccsetup225.exe
2016-08-17 23:28 - 2016-08-17 23:28 - 00000000 ____D C:\Users\hawk\AppData\Local\CrashDumps
2016-08-14 22:35 - 2016-08-14 22:35 - 00001523 _____ C:\Users\hawk\Documents\malware.txt
2016-08-14 20:59 - 2016-08-14 21:01 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-14 20:59 - 2016-08-14 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-14 20:59 - 2016-08-14 20:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-14 20:59 - 2016-08-14 20:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-14 20:59 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-08-14 20:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-08-14 20:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-08-11 12:23 - 2016-08-11 13:29 - 00000000 ____D C:\Users\hawk\Downloads\DUCHOVNÍ MOLEKULA - dokument o DMT a převratném vědeckém výzkumu
2016-08-11 09:25 - 2011-07-09 14:05 - 131810988 _____ C:\Users\hawk\Desktop\Kniha - Dobrodružné hry a cvičení v přírodě.pdf
2016-08-10 17:54 - 2016-08-10 18:01 - 125381931 _____ C:\Users\hawk\Desktop\Kniha---Dobrodružné-hry-a-cvičení-v-přírodě.zip
2016-08-10 09:41 - 2016-08-10 09:41 - 00019456 _____ C:\Users\hawk\Desktop\kalkulacka-krmiva-sliepky.xls
2016-08-09 15:43 - 2016-08-09 15:43 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2016-08-09 15:42 - 2016-08-09 15:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe
2016-08-09 15:42 - 2016-08-09 15:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe
2016-08-09 15:41 - 2016-08-17 23:26 - 00000000 ____D C:\Users\hawk\AppData\Roaming\onOne Software
2016-08-09 15:40 - 2016-08-09 15:40 - 00000000 ____D C:\Users\Guest\AppData\Roaming\onOne Software
2016-08-09 15:39 - 2016-08-09 15:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\onOne Software
2016-08-09 15:39 - 2016-08-09 15:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\onOne Software
2016-08-09 15:27 - 2016-08-09 15:43 - 00000000 ____D C:\Program Files (x86)\onOne Software
2016-08-09 15:27 - 2016-08-09 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
2016-08-09 15:27 - 2016-08-09 15:37 - 00000000 ____D C:\Program Files\onOne Software
2016-08-09 15:27 - 2016-08-09 15:27 - 00000000 ____D C:\windows\SysWOW64\spool
2016-08-09 15:27 - 2011-11-15 03:15 - 00066560 _____ (Nalpeiron Ltd.) C:\windows\SysWOW64\nlssrv32.exe
2016-08-09 15:27 - 2011-11-15 03:15 - 00066560 _____ (Nalpeiron Ltd.) C:\windows\system32\nlssrv32.exe
2016-08-09 15:26 - 2016-08-09 15:37 - 00000000 ____D C:\ProgramData\onOne Software
2016-08-09 15:23 - 2016-08-09 15:23 - 00000000 ____D C:\Users\hawk\AppData\Roaming\Zoner
2016-08-09 15:23 - 2016-08-09 15:23 - 00000000 ____D C:\Users\hawk\AppData\Local\Zoner
2016-08-09 12:44 - 2016-08-09 12:44 - 00000000 ____D C:\Users\hawk\Downloads\Perfect Suite.6.0.1.x86x64
2016-08-09 12:32 - 2016-08-09 12:33 - 00000000 ____D C:\ProgramData\Zoner
2016-08-09 12:32 - 2016-08-09 12:32 - 00001982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Zoner Photo Studio 17.lnk
2016-08-09 12:32 - 2016-08-09 12:32 - 00001976 _____ C:\Users\Public\Desktop\Zoner Photo Studio 17.lnk
2016-08-09 12:30 - 2016-08-09 12:30 - 00000000 ____D C:\Program Files\Zoner
2016-08-09 12:26 - 2016-08-09 12:27 - 80591960 _____ (ZONER software ) C:\Users\hawk\Downloads\zps17_en_pro_bdj2-August2016.exe
2016-08-09 11:53 - 2016-08-09 12:32 - 2171384272 _____ C:\Users\hawk\Downloads\Perfect Suite.6.0.1.x86x64.zip
2016-08-08 23:15 - 2016-08-08 23:15 - 00000000 ____D C:\Program Files (x86)\GUM117F.tmp
2016-08-08 11:52 - 2016-08-08 11:52 - 00000000 ____D C:\Users\hawk\AppData\Local\ElevatedDiagnostics
2016-08-06 10:10 - 2016-08-06 10:10 - 03164340 _____ C:\Users\hawk\Desktop\Priloha_6_6_17_Management_plan_201604.pdf
2016-08-02 16:32 - 2016-08-02 16:32 - 00586212 _____ C:\Users\hawk\Desktop\Install_VX_ENG.pdf
2016-07-31 20:24 - 2016-07-31 20:24 - 00000000 ____D C:\Users\hawk\AppData\Local\Macromedia
2016-07-23 00:28 - 2016-07-23 00:28 - 00000000 ____D C:\Users\hawk\AppData\Local\Kosata6

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-21 11:42 - 2016-06-04 10:03 - 00000000 ____D C:\Users\hawk\AppData\Roaming\Skype
2016-08-21 10:57 - 2016-05-22 18:40 - 00000936 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-21 09:40 - 2016-05-22 18:40 - 00000932 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-21 09:32 - 2009-07-14 06:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-21 09:32 - 2009-07-14 06:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-21 09:24 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-21 00:10 - 2010-09-09 23:23 - 00000000 ____D C:\ProgramData\PDFC
2016-08-20 23:49 - 2016-05-24 20:51 - 00000000 ____D C:\Users\hawk\AppData\Local\JDownloader v2.0
2016-08-19 09:10 - 2016-05-26 20:12 - 00000000 ____D C:\Users\hawk\AppData\Local\Adobe
2016-08-18 08:33 - 2009-07-14 07:08 - 00032568 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-08-17 23:13 - 2016-05-29 06:53 - 00000020 ____H C:\ProgramData\PKP_DLbx.DAT
2016-08-17 11:22 - 2016-06-28 12:41 - 00000000 ____D C:\Users\hawk\Documents\Transylwahnja
2016-08-15 15:08 - 2009-07-14 05:20 - 00000000 ____D C:\windows\Vss
2016-08-11 12:37 - 2016-06-02 11:21 - 00000000 ____D C:\Users\hawk\Documents\DRUŽIVA
2016-08-11 11:40 - 2009-07-14 07:13 - 00781298 _____ C:\windows\system32\PerfStringBackup.INI
2016-08-11 11:40 - 2009-07-14 05:20 - 00000000 ____D C:\windows\inf
2016-08-10 18:49 - 2016-05-22 17:54 - 00000000 ____D C:\ProgramData\Skype
2016-08-10 18:48 - 2016-06-04 10:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-09 22:32 - 2016-06-04 16:46 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-08-09 22:32 - 2016-06-04 16:46 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-09 15:27 - 2010-09-09 23:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-09 00:00 - 2016-05-22 18:43 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-06 00:18 - 2016-05-22 18:38 - 00000000 ____D C:\Users\hawk\AppData\Roaming\Adobe
2016-08-05 11:12 - 2016-05-27 15:24 - 00003856 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1464355441
2016-08-05 11:12 - 2016-05-27 15:24 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-31 20:23 - 2016-05-26 20:22 - 00000000 ____D C:\windows\system32\Macromed
2016-07-31 20:23 - 2010-09-09 23:25 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-07-30 11:34 - 2016-05-25 12:43 - 00000000 ____D C:\Users\hawk\Desktop\nanet
2016-07-29 11:52 - 2016-05-22 18:40 - 00003932 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 11:52 - 2016-05-22 18:40 - 00003680 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2016-05-29 07:03 - 2016-05-29 07:03 - 0000268 ___RH () C:\Users\hawk\AppData\Roaming\Commands
2016-06-20 16:26 - 2016-06-20 21:16 - 0001480 _____ () C:\Users\hawk\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2016-05-26 08:33 - 2016-05-30 12:45 - 0007594 _____ () C:\Users\hawk\AppData\Local\Resmon.ResmonCfg
2016-05-29 07:03 - 2016-05-29 07:03 - 0000268 ___RH () C:\ProgramData\Conditionals
2010-09-09 23:58 - 2010-09-09 23:58 - 0000193 _____ () C:\ProgramData\HPWALog.txt
2016-05-29 07:03 - 2016-05-29 07:03 - 0000012 ___RH () C:\ProgramData\InkjetPrinter
2016-05-29 06:53 - 2016-08-17 23:13 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT

Some files in TEMP:
====================
C:\Users\hawk\AppData\Local\Temp\libeay32.dll
C:\Users\hawk\AppData\Local\Temp\msvcr120.dll
C:\Users\hawk\AppData\Local\Temp\proxy_vole2628273475970447580.dll
C:\Users\hawk\AppData\Local\Temp\proxy_vole5351307788018688518.dll
C:\Users\hawk\AppData\Local\Temp\proxy_vole7750754537660441471.dll
C:\Users\hawk\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Out of date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Out of date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\hawk\Desktop" je 452 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#8 Příspěvek od **Rudy** » 21 srp 2016 12:08

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {2c402cc2-25e0-11e6-86c6-1cc1deaeb109} - G:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {7f8ee952-33ee-11e6-8626-1cc1deaeb109} - G:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {84a2240c-24f6-11e6-8468-1cc1deaeb109} - I:\Startme.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {b1552506-2037-11e6-a349-1cc1deaeb109} - D:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {b1552514-2037-11e6-a349-1cc1deaeb109} - G:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {c7482b30-226a-11e6-9ee4-1cc1deaeb109} - D:\SETUP.EXE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
SearchScopes: HKLM -> DefaultScope {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001 -> DefaultScope {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
Toolbar: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\hawk\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

hydroplan · #9 Příspěvek od **hydroplan** » 21 srp 2016 14:36

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by hawk (21-08-2016 15:22:50) Run:1
Running from C:\Users\hawk\Desktop
Loaded Profiles: hawk (Available Profiles: hawk & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {2c402cc2-25e0-11e6-86c6-1cc1deaeb109} - G:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {7f8ee952-33ee-11e6-8626-1cc1deaeb109} - G:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {84a2240c-24f6-11e6-8468-1cc1deaeb109} - I:\Startme.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {b1552506-2037-11e6-a349-1cc1deaeb109} - D:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {b1552514-2037-11e6-a349-1cc1deaeb109} - G:\AutoRun.exe
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\...\MountPoints2: {c7482b30-226a-11e6-9ee4-1cc1deaeb109} - D:\SETUP.EXE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
SearchScopes: HKLM -> DefaultScope {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001 -> DefaultScope {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
Toolbar: HKU\S-1-5-21-3033647051-3704803567-3394684512-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\hawk\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c402cc2-25e0-11e6-86c6-1cc1deaeb109}" => key removed successfully
HKCR\CLSID\{2c402cc2-25e0-11e6-86c6-1cc1deaeb109} => key not found.
"HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f8ee952-33ee-11e6-8626-1cc1deaeb109}" => key removed successfully
HKCR\CLSID\{7f8ee952-33ee-11e6-8626-1cc1deaeb109} => key not found.
"HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84a2240c-24f6-11e6-8468-1cc1deaeb109}" => key removed successfully
HKCR\CLSID\{84a2240c-24f6-11e6-8468-1cc1deaeb109} => key not found.
"HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1552506-2037-11e6-a349-1cc1deaeb109}" => key removed successfully
HKCR\CLSID\{b1552506-2037-11e6-a349-1cc1deaeb109} => key not found.
"HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1552514-2037-11e6-a349-1cc1deaeb109}" => key removed successfully
HKCR\CLSID\{b1552514-2037-11e6-a349-1cc1deaeb109} => key not found.
"HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7482b30-226a-11e6-9ee4-1cc1deaeb109}" => key removed successfully
HKCR\CLSID\{c7482b30-226a-11e6-9ee4-1cc1deaeb109} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFD90A5C-C40F-45D9-92AB-A3DAE671237A}" => key removed successfully
HKCR\CLSID\{EFD90A5C-C40F-45D9-92AB-A3DAE671237A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EFD90A5C-C40F-45D9-92AB-A3DAE671237A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{EFD90A5C-C40F-45D9-92AB-A3DAE671237A} => key not found.
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFD90A5C-C40F-45D9-92AB-A3DAE671237A}" => key removed successfully
HKCR\CLSID\{EFD90A5C-C40F-45D9-92AB-A3DAE671237A} => key not found.
HKU\S-1-5-21-3033647051-3704803567-3394684512-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully

"C:\Users\hawk\AppData\Local\Temp" folder move:

Could not move "C:\Users\hawk\AppData\Local\Temp" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-08-2016 15:24:53)

C:\Users\hawk\AppData\Local\Temp => moved successfully

==== End of Fixlog 15:24:56 ====

#10 Příspěvek od **Rudy** » 21 srp 2016 16:39

Smazáno. Nastala nějaká změna?

hydroplan · #11 Příspěvek od **hydroplan** » 22 srp 2016 11:49

Zatiaľ to vyzerá OK. Ďakujem.

#12 Příspěvek od **Rudy** » 22 srp 2016 13:05

Nemáte zač!

VIRY.CZ

Pomalý notebook + otvorené okienko po spustení

Pomalý notebook + otvorené okienko po spustení

Re: Pomalý notebook + otvorené okienko po spustení

Re: Pomalý notebook + otvorené okienko po spustení

Re: Pomalý notebook + otvorené okienko po spustení

Re: Pomalý notebook + otvorené okienko po spustení

Re: Pomalý notebook + otvorené okienko po spustení

Re: Pomalý notebook + otvorené okienko po spustení

Re: Pomalý notebook + otvorené okienko po spustení

Re: Pomalý notebook + otvorené okienko po spustení

Re: Pomalý notebook + otvorené okienko po spustení

Re: Pomalý notebook + otvorené okienko po spustení

Re: Pomalý notebook + otvorené okienko po spustení