VIRY.CZ

Dobrý večer,

prosím o pomoc- pomalé načítání stránek, sem tam vyskočí reklamní okno či antivirus detekuje trojana.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:28:54, on 7.3.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Mindjet\MindManager 16\MmReminderService.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Coldmay\Application\chrome.exe
C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Users\zdrahal\Desktop\hijackthis.exe
C:\WINDOWS\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpageing123.com/?type=hp ... 4542406652
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://intranet.entry.siemens.com/osiep/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxyconf
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_92\bin\ssv.dll
O2 - BHO: Trend Micro Osprey Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_92\bin\jp2ssv.dll
O3 - Toolbar: PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [USM] C:\Program Files (x86)\Siemens\USM\USM.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SBUSGUI] C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 16\MMReminderService.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: CodeMeter Control Center.lnk = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
O4 - Global Startup: Snagit 10.lnk = C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll/201
O8 - Extra context menu item: Send Link To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll/203
O8 - Extra context menu item: Send Page To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll/204
O8 - Extra context menu item: Send Text To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll/202
O9 - Extra button: Send to MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ww004.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ww004.siemens.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ww004.siemens.net
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BarTender System Service - Seagull Scientific, Inc. - C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
O23 - Service: BlackBerry Device Manager - BlackBerry Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Commander Service - Unknown owner - C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Pulse Secure, LLC - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ed2k idle service (ed2kidle) - http://www.amulew.org/ - C:\Program Files (x86)\amuleCexx\ed2k.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FileOpen Manager (FileOpenManager) - FileOpen Systems Inc. - C:\Program Files\FileOpen\Services\FileOpenManager64.exe
O23 - Service: Update Service(FirefoxU) (FirefoxU) - Unknown owner - C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Hotkey Service - HP - C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - HP - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Kyubey - Unknown owner - C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe
O23 - Service: Printer Maestro (Maestro) - Seagull Scientific, Inc. - C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: OfficeScan NT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Dell Migration Manager RUM Agent Service (QsRUMAgent) - Dell Software Inc - C:\WINDOWS\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
O23 - Service: OfficeScan Common Client Solution Framework (TmCCSF) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: UC??????? (UCBrowserSvc) - Unknown owner - C:\Program Files (x86)\UCBrowser\Application\UCService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14190 bytes

Zdravím!
HijackThis už má zenit slávy za sebou. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Dobrý večer,
zasílám výpis z FRST. Děkuji za pomoc

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by zdrahal (administrator) on FST6008C (08-03-2017 21:47:47)
Running from C:\Users\zdrahal\Desktop
Loaded Profiles: zdrahal (Available Profiles: zdrahal & FSTM_local)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\CxUtilSvc.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(HP) C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(Dell Software Inc) C:\Windows\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\fvenotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Conexant) C:\Program Files\CONEXANT\MicTray\MicTray64.exe
(Atos IT Solutions and Services GmbH) C:\Program Files\CardOS API\bin\cardoscp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(SAP AG) C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 16\MmReminderService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
(hxxp://www.amulew.org/) C:\Program Files (x86)\amuleCexx\ed2k.exe
() C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
() C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MicTray] => C:\Program Files\Conexant\MicTray\MicTray64.exe [11289176 2015-12-24] (Conexant)
HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\HP-NB-AIO\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc.)
HKLM\...\Run: [CardOS API] => C:\Program Files\CardOS API\bin\cardoscp.exe [169472 2012-10-30] (Atos IT Solutions and Services GmbH)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1568760 2016-05-30] (FileOpen Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USM] => C:\Program Files (x86)\Siemens\USM\USM.exe [57344 2007-11-07] (Siemens AG)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2503608 2016-05-26] (Trend Micro Inc.)
HKLM-x32\...\Run: [SBUSGUI] => C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe [717376 2014-01-15] (SAP AG)
HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 16\MMReminderService.exe [116424 2015-10-08] (Mindjet)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Disallowed\Certificates: 02C2D931062D7B1DC2A5C7F5F0685064081FB221 (U)
HKLM\...\Disallowed\Certificates: 08738A96A4853A52ACEF23F782E8E1FEA7BCED02 (U)
HKLM\...\Disallowed\Certificates: 08E4987249BC450748A4A78133CBF041A3510033 (U)
HKLM\...\Disallowed\Certificates: 09271DD621EBD3910C2EA1D059F99B8181405A17 (U)
HKLM\...\Disallowed\Certificates: 09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E (U)
HKLM\...\Disallowed\Certificates: 1916A2AF346D399F50313C393200F14140456616 (U)
HKLM\...\Disallowed\Certificates: 23EF3384E21F70F034C467D4CBA6EB61429F174E (U)
HKLM\...\Disallowed\Certificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (U)
HKLM\...\Disallowed\Certificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (U)
HKLM\...\Disallowed\Certificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (U)
HKLM\...\Disallowed\Certificates: 330D8D3FD325A0E5FDDDA27013A2E75E7130165F (U)
HKLM\...\Disallowed\Certificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (U)
HKLM\...\Disallowed\Certificates: 374D5B925B0BD83494E656EB8087127275DB83CE (U)
HKLM\...\Disallowed\Certificates: 3A26012171855D4020C973BEC3F4F9DA45BD2B83 (U)
HKLM\...\Disallowed\Certificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (U)
HKLM\...\Disallowed\Certificates: 3EB44E5FFE6DC72DED703E99902722DB38FFD1CB (U)
HKLM\...\Disallowed\Certificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (U)
HKLM\...\Disallowed\Certificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (U)
HKLM\...\Disallowed\Certificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (U)
HKLM\...\Disallowed\Certificates: 4822824ECE7ED1450C039AA077DC1F8AE3489BBF (U)
HKLM\...\Disallowed\Certificates: 4D8547B7F864132A7F62D9B75B068521F10B68E3 (U)
HKLM\...\Disallowed\Certificates: 4DF13947493CFF69CDE554881C5F114E97C3D03B (U)
HKLM\...\Disallowed\Certificates: 4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F (U)
HKLM\...\Disallowed\Certificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (U)
HKLM\...\Disallowed\Certificates: 587B59FB52D8A683CBE1CA00E6393D7BB923BC92 (U)
HKLM\...\Disallowed\Certificates: 5CE339465F41A1E423149F65544095404DE6EBE2 (U)
HKLM\...\Disallowed\Certificates: 5D5185DF1EB7DC76015422EC8138A5724BEE2886 (U)
HKLM\...\Disallowed\Certificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (U)
HKLM\...\Disallowed\Certificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (U)
HKLM\...\Disallowed\Certificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (U)
HKLM\...\Disallowed\Certificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (U)
HKLM\...\Disallowed\Certificates: 6431723036FD26DEA502792FA595922493030F97 (U)
HKLM\...\Disallowed\Certificates: 6690C02B922CBD3FF0D0A5994DBD336592887E3F (U)
HKLM\...\Disallowed\Certificates: 7311E77EC400109D6A5326D8F6696204FD59AA3B (U)
HKLM\...\Disallowed\Certificates: 7613BF0BA261006CAC3ED2DDBEF343425357F18B (U)
HKLM\...\Disallowed\Certificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (U)
HKLM\...\Disallowed\Certificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (U)
HKLM\...\Disallowed\Certificates: 838FFD509DE868F481C29819992E38A4F7082873 (U)
HKLM\...\Disallowed\Certificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (U)
HKLM\...\Disallowed\Certificates: 8977E8569D2A633AF01D0394851681CE122683A6 (U)
HKLM\...\Disallowed\Certificates: 8B2E65A5DA17FCCCBCDE7EF87B0C0ED5D0701F9F (U)
HKLM\...\Disallowed\Certificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (U)
HKLM\...\Disallowed\Certificates: 915A478DB939925DA8D9AEA12D8BBA140D26599C (U)
HKLM\...\Disallowed\Certificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (U)
HKLM\...\Disallowed\Certificates: 98A04E4163357790C4A79E6D713FF0AF51FE6927 (U)
HKLM\...\Disallowed\Certificates: A1505D9843C826DD67ED4EA5209804BDBB0DF502 (U)
HKLM\...\Disallowed\Certificates: A221D360309B5C3C4097C44CC779ACC5A9845B66 (U)
HKLM\...\Disallowed\Certificates: A35A8C727E88BCCA40A3F9679CE8CA00C26789FD (U)
HKLM\...\Disallowed\Certificates: A7B5531DDC87129E2C3BB14767953D6745FB14A6 (U)
HKLM\...\Disallowed\Certificates: A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 (U)
HKLM\...\Disallowed\Certificates: B533345D06F64516403C00DA03187D3BFEF59156 (U)
HKLM\...\Disallowed\Certificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (U)
HKLM\...\Disallowed\Certificates: BED412B1334D7DFCEBA3015E5F9F905D571C45CF (U)
HKLM\...\Disallowed\Certificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (U)
HKLM\...\Disallowed\Certificates: C6796490CDEEAAB31AED798752ECD003E6866CB2 (U)
HKLM\...\Disallowed\Certificates: C69F28C825139E65A646C434ACA5A1D200295DB1 (U)
HKLM\...\Disallowed\Certificates: CEA586B2CE593EC7D939898337C57814708AB2BE (U)
HKLM\...\Disallowed\Certificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (U)
HKLM\...\Disallowed\Certificates: D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E (U)
HKLM\...\Disallowed\Certificates: D2DBF71823B2B8E78F5958096150BFCB97CC388A (U)
HKLM\...\Disallowed\Certificates: D43153C8C25F0041287987250F1E3CABAC8C2177 (U)
HKLM\...\Disallowed\Certificates: D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B (U)
HKLM\...\Disallowed\Certificates: DB5042ED256FF426867B332887ECCE2D95E79614 (U)
HKLM\...\Disallowed\Certificates: E1F3591E769865C4E447ACC37EAFC9E2BFE4C576 (U)
HKLM\...\Disallowed\Certificates: E38A2B7663B86796436D8DF5898D9FAA6835B238 (U)
HKLM\...\Disallowed\Certificates: E95DD86F32C771F0341743EBD75EC33C74A3DED9 (U)
HKLM\...\Disallowed\Certificates: E9809E023B4512AA4D4D53F40569C313C1D0294D (U)
HKLM\...\Disallowed\Certificates: F5A874F3987EB0A9961A564B669A9050F770308A (U)
HKLM\...\Disallowed\Certificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (U)
HKLM\...\Disallowed\Certificates: F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB (U)
HKLM\...\Disallowed\Certificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (U)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {084b234d-f5c3-11e6-8772-fc3fdb8400b9} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {11108763-27fb-11e6-8598-fc3fdb8400b9} - G:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {17e1a827-a005-11e6-9ced-a434d9a1e617} - H:\winopen.exe \index.html
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {9e838994-6112-11e6-8c52-a434d9a1e617} - G:\Setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {e9aa8549-4b13-11e6-9c57-a434d9a1e617} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {f1a8eb31-6a06-11e6-9705-a434d9a1e617} - I:\setup.exe
HKLM\...\Providers\yks9i9i9: C:\Program Files (x86)\Sterberph Controls\local64spl.dll [315904 2017-02-11] ()
ShellExecuteHooks: No Name - {49CA6BDA-ECD2-11E6-B70F-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Plpoentthvutain\Chuvet.dll -> No File
ShellExecuteHooks: No Name - {AD722266-ECD2-11E6-BE37-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Ckafoy\Pherluycogch.dll [148992 2017-02-12] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-06-01]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2016-06-01]
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1292428093-838170752-682003330-178154] => hxxp://proxyconf
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{45324F4F-8AA9-4B43-95D4-3FAA46B6AE44}: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{713DCD72-8B2E-40F3-9B11-8165CE768E78}: [DhcpNameServer] 163.242.85.210 163.242.85.221
Tcpip\..\Interfaces\{AC13ADEB-99DE-4136-859A-4261097663FD}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://proxyconf

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... 4542406652
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://intranet.entry.siemens.com/osiep/
HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... 4542406652
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {2AB6ACB9-161E-4889-8A3F-A00C87B703CD} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {A0D64377-9E9F-4024-ACC7-F8F38B13A802} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {E421A340-388A-4253-A18A-E517AB25411C} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: PDFXChange 4.0 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2015-10-08] (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=148 ... 4542406652

FireFox:
========
FF DefaultProfile: nckuckjx.default
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\nckuckjx.default\Profiles\nckuckjx.default [not found]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\nckuckjx.default\Profiles\nckuckjx.default [not found]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default [2017-02-13]
FF NewTab: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2016-06-01]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2016-06-02]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default [2017-03-08]
FF NewTab: Firefox\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF SelectedSearchEngine: Firefox\Firefox\Profiles\nckuckjx.default -> youndoo
FF Extension: (SimilarWeb) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-07] [not signed]
FF Extension: (FF Adr) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-06] [not signed]
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2017-03-06]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2017-03-06]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-03-06] [not signed]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\startsearch.xml [2017-03-06]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey [2017-03-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-20] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-04-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData2
CHR Profile: C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-03-06] <==== ATTENTION
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.startpageing123.com/?type=sc&ts=148 ... 4542406652

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apps_Cfg; C:\ProgramData\Apple\Apps\config.dll [120320 2017-03-06] () [File not signed]
R2 BarTender System Service; C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe [36432 2013-11-19] (Seagull Scientific, Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 Commander Service; C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe [1272912 2013-11-19] ()
R2 Coqaph; C:\Program Files (x86)\Pejghtkerrodom\drraseckoqolycr.dll [148992 2017-02-11] () [File not signed]
S4 CRS Service; C:\Program Files (x86)\CRService\CRService.exe [110592 2004-10-05] () [File not signed]
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe [135288 2015-08-09] (Conexant Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [674136 2016-01-19] (Pulse Secure, LLC)
R2 ed2kidle; C:\Program Files (x86)\amuleCexx\ed2k.exe [237568 2017-03-03] (hxxp://www.amulew.org/) [File not signed]
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [385016 2016-05-30] (FileOpen Systems Inc.)
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [105136 2017-03-06] ()
R2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [782048 2015-11-16] (HP)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [1102560 2015-10-19] (HP)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [150632 2015-10-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [364472 2015-12-05] (Intel Corporation)
R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-02-11] ()
R2 Kyubey; C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe [111104 2017-03-08] () [File not signed]
R2 Maestro; C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe [232528 2013-11-19] (Seagull Scientific, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5684544 2016-05-26] (Trend Micro Inc.)
R2 QsRUMAgent; C:\WINDOWS\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [894976 2014-11-13] (Dell Software Inc) [File not signed]
S3 smstsmgr; C:\WINDOWS\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
S4 SQLAgent$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-11-18] (Synaptics Incorporated)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592896 2016-05-26] (Trend Micro Inc.)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe [851056 2016-05-26] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5298688 2016-05-26] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\zdrahal\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-03-07] (Windows) [File not signed]
R2 WinSnare; C:\Users\zdrahal\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-08] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S4 gemeloki; [X]
S4 GoogleChromeUpService; [X]
S4 Nettrans; [X]
S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
S4 Zaamla; C:\ProgramData\\Zaamla\\Zaamla.exe shuz -f "C:\ProgramData\\Zaamla\\Zaamla.dat" -l -a

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmdGpio2; C:\WINDOWS\system32\drivers\AmdGpio2.sys [45296 2015-06-19] (Advanced Micro Devices, INC.)
S3 amdi2c; C:\WINDOWS\system32\drivers\amdi2c.sys [60656 2015-06-19] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
S3 blackberryncm; C:\WINDOWS\System32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R3 btmaux; C:\WINDOWS\System32\DRIVERS\btmaux.sys [141800 2015-07-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [1445688 2014-11-20] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-01] (Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [502256 2015-08-13] (Intel Corporation)
S3 ew_usbenumfilter; C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys [15744 2013-10-28] (MBB Technologies Co., Ltd.)
S3 hidemi; C:\WINDOWS\system32\drivers\hidemi.sys [30544 2015-08-21] (Microchip)
S3 huawei_cdcacm; C:\WINDOWS\system32\drivers\ew_jucdcacm.sys [110592 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_enumerator; C:\WINDOWS\system32\drivers\ew_jubusenum.sys [92672 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\system32\drivers\ew_juextctrl.sys [30720 2014-01-02] (MBB Technologies Co., Ltd.)
S3 hwdatacard; C:\WINDOWS\system32\drivers\ewusbmdm.sys [226176 2014-01-02] (MBB Technologies Co., Ltd.)
R0 iaStorF; C:\WINDOWS\System32\drivers\iaStorF.sys [31712 2015-10-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\System32\DRIVERS\ibtusb.sys [96496 2015-09-10] (Intel Corporation)
R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92832 2017-02-11] (WinMount International Inc)
S3 mchpemi; C:\WINDOWS\system32\drivers\mchpemi.sys [37728 2015-08-21] (Microchip)
R3 MEIx64; C:\WINDOWS\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-09] (Intel Corporation)
R3 NETwNs64; C:\WINDOWS\System32\DRIVERS\Netwsw02.sys [3422472 2016-01-01] (Intel Corporation)
R3 prepdrvr; C:\WINDOWS\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 qcfilter; C:\WINDOWS\system32\drivers\hpusbfilter.sys [40448 2015-11-19] (HP)
S3 qcusbser; C:\WINDOWS\system32\drivers\hpusbser.sys [238592 2015-11-19] (HP)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (BlackBerry Limited)
R3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [42600 2015-11-18] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [730368 2015-12-14] (Sunplus)
S3 SzCCID; C:\WINDOWS\System32\DRIVERS\SzCCID.sys [51352 2015-06-03] (Generic)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [120640 2016-05-25] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [324408 2015-11-30] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [79168 2016-05-25] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393952 2016-08-22] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66784 2016-08-22] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [102176 2016-04-30] (Trend Micro Inc.)
R3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.)
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ATTENTION
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2578656 2016-08-22] (Trend Micro Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-08 21:47 - 2017-03-08 21:48 - 00042397 _____ C:\Users\zdrahal\Desktop\FRST.txt
2017-03-08 21:46 - 2017-03-08 21:47 - 00000000 ____D C:\FRST
2017-03-08 21:44 - 2017-03-08 21:44 - 00112640 _____ (forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
2017-03-08 21:43 - 2017-03-08 21:44 - 02423808 _____ (Farbar) C:\Users\zdrahal\Desktop\FRST64.exe
2017-03-08 21:21 - 2017-03-08 21:21 - 00000000 ____D C:\Program Files (x86)\58C067C0_cacayima
2017-03-08 21:20 - 2017-03-08 21:20 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.2.6)
2017-03-08 21:18 - 2017-03-08 21:18 - 00000004 ____H C:\ProgramData\cm-lock
2017-03-08 08:30 - 2017-03-08 08:30 - 00941183 _____ C:\Users\zdrahal\Desktop\Protokoll_Suche.zip
2017-03-08 08:30 - 2017-03-08 08:30 - 00000000 ____D C:\Users\zdrahal\Desktop\Protokoll_Suche
2017-03-07 23:45 - 2017-03-07 23:45 - 00000000 ____D C:\Program Files (x86)\58BF3816_cacayima
2017-03-07 21:55 - 2017-03-07 21:55 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215 (1).pdf
2017-03-07 21:45 - 2017-03-07 21:45 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-07 10:45 - 2017-03-07 10:45 - 07605801 _____ C:\Users\zdrahal\Desktop\SIEMENS S120 Servo overview2 080414.pdf
2017-03-07 10:36 - 2017-03-07 10:36 - 12977206 _____ C:\Users\zdrahal\Desktop\enman_sinamics-v6-4_2015_en.pdf
2017-03-06 23:41 - 2017-03-06 23:41 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015 (1).rar
2017-03-06 23:14 - 2017-03-06 23:17 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015.rar
2017-03-06 22:10 - 2017-03-08 21:21 - 00002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-08 21:21 - 00002005 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Firefox
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Firefox
2017-03-06 22:09 - 2017-03-07 23:58 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-03-06 22:08 - 2017-03-08 21:41 - 00024908 _____ C:\Program Files (x86)\metadata
2017-03-06 22:08 - 2017-03-08 21:41 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-03-06 22:08 - 2017-03-08 21:41 - 00000000 ____D C:\Program Files (x86)\reports
2017-03-06 22:08 - 2017-03-08 21:30 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Coldmay
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\ProgramData\Apple
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Program Files (x86)\Coldmay
2017-03-06 22:06 - 2017-03-08 21:21 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-04 22:12 - 2011-04-06 18:21 - 273165554 _____ C:\Users\zdrahal\Desktop\Garage_5_4_2011.avi
2017-03-04 12:24 - 2017-03-04 12:24 - 14876943 _____ C:\Users\zdrahal\Downloads\IBb_HLAVNI_VYKRES.pdf
2017-03-04 12:24 - 2017-03-04 12:24 - 01044234 _____ C:\Users\zdrahal\Downloads\UZEMNI_PLAN_OOP.pdf
2017-03-03 23:29 - 2017-03-03 23:29 - 00000000 ____D C:\Users\zdrahal\Documents\aMule Downloads
2017-03-03 23:19 - 2017-03-03 23:19 - 00000000 ____D C:\ProgramData\3d7cfc8d-5d53-0
2017-03-03 23:14 - 2017-03-03 23:14 - 00000000 ____D C:\ProgramData\3d7cfc8d-6773-0
2017-03-03 23:14 - 2017-03-03 23:14 - 00000000 ____D C:\ProgramData\{26444394-512c-1}
2017-03-03 23:14 - 2017-03-03 23:14 - 00000000 ____D C:\ProgramData\{08ce25ba-112c-0}
2017-03-03 22:29 - 2017-03-07 21:45 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-03-03 22:29 - 2017-03-07 21:45 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\aMule
2017-03-03 22:29 - 2017-03-03 22:29 - 00000000 ____D C:\Program Files (x86)\amuleCexx
2017-03-03 13:07 - 2017-03-03 14:47 - 00000000 ___SD C:\Users\zdrahal\Documents\SharePoint – koncepty
2017-03-03 10:42 - 2017-03-03 10:36 - 30757680 _____ C:\Users\zdrahal\Downloads\simotics-low-voltage-motors-catalog-d81-1-en-2016.zip
2017-03-03 10:30 - 2017-03-03 10:30 - 13982950 _____ C:\Users\zdrahal\Downloads\sinamics-projektierungshandbuch-lv-de.pdf
2017-03-02 23:12 - 2017-03-02 23:14 - 213929163 _____ C:\Users\zdrahal\Downloads\sw_20170127_631_U_5.16_371_gdb_pn_user.zip
2017-03-02 22:32 - 2017-03-02 22:32 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\U3
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-02 20:19 - 2017-03-08 21:20 - 00003594 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-03-02 20:19 - 2017-03-08 21:20 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\WinSnare
2017-03-02 20:19 - 2017-03-07 21:45 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\WinSAPSvc
2017-03-02 20:19 - 2017-03-02 23:35 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-02 20:19 - 2017-03-02 20:19 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Kyubey
2017-03-02 20:16 - 2017-03-02 20:16 - 00000000 ____D C:\WINDOWS\SysWOW64\{C5C16BF2-3257-4498-A5C2-DFDF85D7E259}
2017-03-01 23:19 - 2017-03-01 23:19 - 00000000 ____D C:\ProgramData\3d7cfc8d-6407-0
2017-03-01 23:14 - 2017-03-06 11:19 - 00000000 ____D C:\ProgramData\a3597868
2017-03-01 23:14 - 2017-03-01 23:14 - 00000000 ____D C:\ProgramData\3d7cfc8d-24b5-0
2017-03-01 23:14 - 2017-03-01 23:14 - 00000000 ____D C:\ProgramData\{75a04e37-612c-0}
2017-03-01 23:14 - 2017-03-01 23:14 - 00000000 ____D C:\ProgramData\{2ee60541-012c-1}
2017-03-01 10:17 - 2017-03-01 10:17 - 00000000 ____D C:\WINDOWS\Quest Resource Updating Agent
2017-03-01 07:13 - 2017-03-01 07:13 - 02610081 _____ C:\Users\zdrahal\Downloads\osm-uderu-hodin (1).mobi
2017-02-27 22:31 - 2017-02-27 22:31 - 25971958 _____ C:\Users\zdrahal\Downloads\Visingr---Zbraně-21.-století.pdf
2017-02-26 21:49 - 2017-02-26 21:50 - 106616851 _____ C:\Users\zdrahal\Downloads\S4A.zip
2017-02-26 21:35 - 2017-02-26 21:36 - 27926619 _____ C:\Users\zdrahal\Downloads\Dějiny národního hospodářství.pdf
2017-02-25 23:39 - 2017-02-25 23:39 - 00614385 _____ C:\Users\zdrahal\Desktop\Bezpecnost_Evropy.pdf
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Apowersoft
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Apowersoft
2017-02-25 22:58 - 2017-02-25 22:58 - 01226104 _____ (Apowersoft Ltd. ) C:\Users\zdrahal\Downloads\apowersoft-online-launcher.exe
2017-02-24 23:31 - 2017-02-24 23:39 - 1134763162 _____ C:\Users\zdrahal\Downloads\Hotel-of-the-Damned-(2016)en.mkv
2017-02-24 14:23 - 2017-02-24 14:23 - 00000000 ____D C:\export
2017-02-23 07:20 - 2017-02-23 07:20 - 00000000 ____D C:\WINDOWS\audit
2017-02-22 22:24 - 2017-02-22 22:28 - 427098090 _____ C:\Users\zdrahal\Downloads\Chéri---Michelle-Pfeiffer,-Rupert-Friend,-Kathy-Bates,-Felicity-Jones-2009-cz-dab.avi
2017-02-22 15:14 - 2017-02-22 15:14 - 00047958 _____ C:\Users\zdrahal\Downloads\Pohyb_13892487911_na_uctu_2000302534.pdf
2017-02-22 09:07 - 2017-02-22 12:57 - 00000000 ____D C:\Users\zdrahal\Desktop\UL_CSA
2017-02-21 12:57 - 2017-02-21 12:57 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215.pdf
2017-02-20 23:37 - 2017-02-20 23:37 - 36092047 _____ C:\Users\zdrahal\Desktop\Werner Leonhard-Control of Electrical Drives-Springer (2001).pdf
2017-02-20 23:10 - 2017-02-20 23:11 - 16219691 _____ C:\Users\zdrahal\Downloads\Czech.zip
2017-02-20 23:03 - 2017-02-20 23:03 - 00321525 _____ C:\Users\zdrahal\Downloads\024269.pdf
2017-02-19 23:03 - 2017-02-19 23:25 - 00000000 ____D C:\Program Files (x86)\Age of Empires II HD
2017-02-19 22:42 - 2017-02-19 22:51 - 966636757 _____ C:\Users\zdrahal\Downloads\Age-of-Empires-2-HD+Čeština+Crack (1).rar
2017-02-19 22:30 - 2017-02-19 22:33 - 391288316 _____ C:\Users\zdrahal\Downloads\Steel-Panthers-World-At-War.rar
2017-02-18 11:48 - 2017-02-18 11:48 - 00033475 _____ C:\Users\zdrahal\Downloads\F_2834911317.pdf
2017-02-18 01:00 - 2017-02-18 01:11 - 1483778946 _____ C:\Users\zdrahal\Downloads\The.Night.Watchman.2016.DVDRip.XviD.AC3-EVO.avi
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Jujubee S_A_
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-02-16 23:05 - 2017-03-01 21:03 - 00000000 ____D C:\Users\zdrahal\Desktop\Ila
2017-02-16 22:22 - 2017-02-16 22:22 - 00135903 _____ C:\Users\zdrahal\Downloads\vybor_zapis_15_01_20115.pdf
2017-02-16 20:16 - 2017-02-16 20:16 - 00212342 _____ C:\Users\zdrahal\Downloads\Seznam vlastníků bytů.pdf
2017-02-16 14:47 - 2017-02-16 14:47 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-16 14:47 - 2017-02-16 14:47 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 13:13 - 2017-02-15 13:13 - 01035943 _____ C:\Users\zdrahal\Desktop\IEC 60034-14_2017_draft.pdf
2017-02-15 08:07 - 2017-03-08 21:18 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-02-15 08:07 - 2017-03-08 15:12 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-02-15 08:07 - 2017-03-06 22:08 - 00002570 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-15 08:07 - 2017-03-06 22:08 - 00002500 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-15 08:07 - 2017-02-15 08:07 - 00003948 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-15 08:07 - 2017-02-15 08:07 - 00003696 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-12 23:34 - 2017-02-12 23:46 - 705433141 _____ C:\Users\zdrahal\Downloads\Cherry-Tree-CZ-Titulky-Horor,-Irsko,-2015....ID--154291.mkv
2017-02-12 14:31 - 2017-02-12 15:54 - 00000000 ____D C:\Users\zdrahal\Desktop\1MB1 vývody
2017-02-12 13:18 - 2017-03-02 22:21 - 00000000 ____D C:\Users\zdrahal\Desktop\backups
2017-02-12 12:16 - 2017-02-12 12:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Desktop\hijackthis.exe
2017-02-12 11:29 - 2017-02-12 11:29 - 00000000 ____D C:\Users\zdrahal\Downloads\backups
2017-02-12 11:09 - 2017-02-12 11:11 - 00000000 ____D C:\Program Files (x86)\Wsuiedfuloing
2017-02-12 10:53 - 2017-02-12 10:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Downloads\hijackthis.exe
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\rsit
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\Program Files\trend micro
2017-02-12 09:42 - 2017-02-12 11:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Ckafoy
2017-02-12 09:41 - 2017-02-12 09:41 - 00006100 _____ C:\WINDOWS\System32\Tasks\Qerzitainckeriward Launcher
2017-02-12 09:41 - 2017-02-12 09:41 - 00000000 ____D C:\Program Files (x86)\Qerzitainckeriward Launcher
2017-02-12 09:30 - 2017-02-12 09:30 - 00003258 _____ C:\WINDOWS\System32\Tasks\psv_LabOzeis
2017-02-11 23:11 - 2017-02-11 23:11 - 00004438 _____ C:\WINDOWS\System32\Tasks\SecureUpdater
2017-02-11 23:09 - 2017-03-08 21:18 - 00000276 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2017-02-11 23:09 - 2017-03-08 15:45 - 00000282 _____ C:\WINDOWS\Tasks\PC Clean Plus_DEFAULT.job
2017-02-11 23:09 - 2017-03-07 11:49 - 00000276 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2017-02-11 23:09 - 2017-03-01 23:09 - 00000290 _____ C:\WINDOWS\Tasks\PC Clean Plus_UPDATES.job
2017-02-11 23:09 - 2017-02-12 11:06 - 00000000 ____D C:\Program Files (x86)\pccleanplus
2017-02-11 23:09 - 2017-02-11 23:09 - 00024604 _____ C:\WINDOWS\System32\Tasks\{04080847-0B09-080E-0A11-7F79787E1104}
2017-02-11 23:09 - 2017-02-11 23:09 - 00003572 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2017-02-11 23:09 - 2017-02-11 23:09 - 00003308 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
2017-02-11 23:09 - 2017-02-11 23:09 - 00003242 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2017-02-11 23:09 - 2017-02-11 23:09 - 00003218 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_DEFAULT
2017-02-11 23:09 - 2017-02-11 23:09 - 00003122 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus
2017-02-11 23:09 - 2017-02-11 23:09 - 00003030 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_UPDATES
2017-02-11 23:09 - 2017-02-11 23:09 - 00002856 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2017-02-11 23:09 - 2017-02-11 23:09 - 00002554 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2017-02-11 23:09 - 2017-02-11 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2017-02-11 23:09 - 2017-02-11 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
2017-02-11 22:38 - 2017-02-11 22:38 - 00003256 _____ C:\WINDOWS\System32\Tasks\psv_Lam-Ron
2017-02-11 22:35 - 2017-02-11 22:35 - 00003270 _____ C:\WINDOWS\System32\Tasks\psv_Canzap
2017-02-11 22:35 - 2017-02-11 22:34 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
2017-02-11 22:34 - 2017-03-08 21:18 - 00000296 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
2017-02-11 22:34 - 2017-03-08 16:07 - 00000460 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-02-11 22:34 - 2017-02-12 10:38 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-11 22:34 - 2017-02-11 23:11 - 00003438 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-02-11 22:34 - 2017-02-11 23:11 - 00002564 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-02-11 22:34 - 2017-02-11 22:39 - 00000000 ____D C:\Program Files\żěŃą
2017-02-11 22:34 - 2017-02-11 22:38 - 00003560 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-02-11 22:34 - 2017-02-11 22:34 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Softlink
2017-02-11 22:32 - 2017-02-11 22:32 - 00003682 _____ C:\WINDOWS\System32\Tasks\Jogosephakeck
2017-02-11 22:30 - 2017-02-14 15:28 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
2017-02-11 22:30 - 2017-02-11 22:30 - 00000000 ____D C:\Program Files (x86)\Sterberph Controls
2017-02-11 22:29 - 2017-02-11 22:29 - 00006056 _____ C:\WINDOWS\System32\Tasks\Sterberph Controls
2017-02-11 22:28 - 2017-02-12 11:57 - 00000000 ____D C:\Program Files (x86)\Pejghtkerrodom
2017-02-11 22:28 - 2017-02-11 22:29 - 00000000 ____D C:\ProgramData\Microleaves
2017-02-11 22:27 - 2017-03-08 21:48 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-02-11 22:27 - 2017-03-08 21:48 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-02-11 22:27 - 2017-03-08 21:48 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-02-11 22:27 - 2017-03-08 13:29 - 00000366 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
2017-02-11 22:27 - 2017-02-11 22:27 - 00003196 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-11 22:26 - 2017-02-11 22:26 - 00000000 _____ C:\TOSTACK
2017-02-11 22:25 - 2017-02-12 11:43 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\cryptolib

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-08 21:26 - 2012-08-29 10:23 - 00883936 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-08 21:26 - 2012-08-29 10:23 - 00222930 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-08 21:26 - 2012-08-29 10:13 - 00864066 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-08 21:26 - 2012-08-29 10:13 - 00215712 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-08 21:26 - 2009-07-14 06:13 - 03244726 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 21:26 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-08 21:26 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-08 21:26 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\inf
2017-03-08 21:22 - 2016-09-22 08:12 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-08 21:20 - 2016-11-17 00:26 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Mozilla
2017-03-08 21:19 - 2015-10-08 21:14 - 00000405 _____ C:\WINDOWS\SMSCFG.INI
2017-03-08 21:18 - 2016-11-29 18:16 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Skype
2017-03-08 21:18 - 2016-06-01 09:38 - 00000000 __SHD C:\Users\zdrahal\IntelGraphicsProfiles
2017-03-08 21:18 - 2009-07-14 06:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 15:58 - 2016-05-13 15:06 - 00011091 _____ C:\WINDOWS\cfgall.ini
2017-03-08 15:33 - 2015-10-08 21:12 - 00008400 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-03-08 08:33 - 2016-05-13 15:03 - 00000000 ____D C:\Temp
2017-03-08 07:33 - 2016-06-01 09:39 - 00000000 ____D C:\Users\zdrahal\Tracing
2017-03-08 00:06 - 2016-06-01 21:41 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\uTorrent
2017-03-07 23:42 - 2016-06-01 20:38 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\vlc
2017-03-07 11:54 - 2016-10-17 14:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\ElevatedDiagnostics
2017-03-07 07:50 - 2016-06-01 15:06 - 00000000 ____D C:\Smart
2017-03-06 14:20 - 2016-06-01 09:38 - 00007728 __RSH C:\Users\zdrahal\ntuser.pol
2017-03-06 14:20 - 2016-06-01 09:38 - 00000000 ____D C:\Users\zdrahal
2017-03-06 11:19 - 2016-06-01 20:56 - 00451584 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2017-03-02 20:19 - 2016-06-01 09:39 - 00001723 _____ C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-01 12:24 - 2012-08-28 15:14 - 00158296 __RSH C:\ProgramData\ntuser.pol
2017-02-24 09:53 - 2017-01-02 20:55 - 00000000 ____D C:\Users\zdrahal\Desktop\clo
2017-02-23 13:09 - 2016-06-01 11:10 - 00000000 ____D C:\Users\zdrahal\Desktop\VYKAZOVÁNÍ
2017-02-19 23:33 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-15 20:10 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-15 08:07 - 2016-09-05 07:06 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-12 22:34 - 2016-06-01 12:28 - 00000000 ____D C:\2_VECI
2017-02-12 13:18 - 2016-05-16 09:27 - 00000000 ____D C:\Program Files (x86)\CRService
2017-02-12 10:50 - 2016-10-21 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 10:05 - 2016-09-05 19:46 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Google
2017-02-11 22:33 - 2015-10-08 11:15 - 03276772 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2017-03-06 22:08 - 2017-03-08 21:41 - 0024908 _____ () C:\Program Files (x86)\metadata
2017-03-06 22:08 - 2017-03-08 21:41 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2016-06-01 22:15 - 2016-06-01 22:15 - 0000001 _____ () C:\Users\zdrahal\AppData\Local\llftool.4.40.agreement
2016-06-01 22:18 - 2016-06-01 22:18 - 0000019 _____ () C:\Users\zdrahal\AppData\Local\llftool.license
2017-03-08 21:18 - 2017-03-08 21:18 - 0000004 ____H () C:\ProgramData\cm-lock

Some files in TEMP:
====================
2016-05-24 06:30 - 2015-09-07 13:47 - 0007168 _____ (Siemens AG) C:\Users\rezniceko\AppData\Local\Temp\GetJavaPath.exe
2016-05-24 06:30 - 2016-04-13 08:18 - 0015872 _____ (Siemens AG) C:\Users\rezniceko\AppData\Local\Temp\JreCheck.exe
2016-05-16 14:32 - 2013-11-25 16:43 - 0060296 _____ (Autodesk, Inc.) C:\Users\w9a93e10\AppData\Local\Temp\AcDeltree.exe
2016-05-31 14:41 - 2016-04-13 08:18 - 0015872 _____ (Siemens AG) C:\Users\w9a93e10\AppData\Local\Temp\JreCheck.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================

SIZER for Siemens Drives (HKLM-x32\...\{53FDD695-AE45-42A8-994D-EA9B714C4761}) (Version: 3.15 - Siemens AG)
SIZER for Siemens Drives Product Database (x32 Version: 1.1 - Siemens AG) Hidden

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PC Clean Plus_DEFAULT.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC Clean Plus_UPDATES.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\zdrahal\Desktop" je 1456 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v6.044 - Log vytvořen 08/03/2017 v 22:09:55
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Místní]
# Operační systém : Windows 7 Enterprise Service Pack 1 (X64)
# Uživatelské jméno : zdrahal - FST6008C
# Spuštěno z : C:\Users\zdrahal\Desktop\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: GoogleChromeUpService
[-] Služba smazána: KuaiZipDrive
[-] Služba smazána: KuaizipUpdateChecker
[-] Služba smazána: FirefoxU
[-] Služba smazána: Nettrans
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: ed2kidle
[-] Služba smazána: ucdrv
[-] Služba smazána: Zaamla
[-] Služba smazána: WinSnare


***** [ Složky ] *****

[-] Složka smazána: C:\Program Files (x86)\WinSnare(4.2.6)
[-] Složka smazána: C:\ProgramData\3d7cfc8d-24b5-0
[-] Složka smazána: C:\ProgramData\3d7cfc8d-5d53-0
[-] Složka smazána: C:\ProgramData\3d7cfc8d-6407-0
[-] Složka smazána: C:\ProgramData\3d7cfc8d-6773-0
[-] Složka smazána: C:\ProgramData\a3597868
[-] Složka smazána: C:\ProgramData\{08ce25ba-112c-0}
[-] Složka smazána: C:\ProgramData\{26444394-512c-1}
[-] Složka smazána: C:\ProgramData\{2ee60541-012c-1}
[-] Složka smazána: C:\ProgramData\{75a04e37-612c-0}
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\Softlink
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\WinSAPSvc
[#] Složka smazána po restartu: C:\Users\zdrahal\AppData\Roaming\winsapsvc
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\aMule
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
[-] Složka smazána: C:\ProgramData\NetworkPacketManitor
[-] Složka smazána: C:\ProgramData\Microleaves
[#] Složka smazána po restartu: C:\ProgramData\Application Data\NetworkPacketManitor
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Microleaves
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[-] Složka smazána: C:\Program Files (x86)\Microleaves
[-] Složka smazána: C:\Program Files (x86)\pccleanplus
[-] Složka smazána: C:\Program Files (x86)\MIO
[-] Složka smazána: C:\Program Files (x86)\amuleCexx
[-] Složka smazána: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
[-] Složka smazána: C:\Program Files (x86)\Firefox
[-] Složka smazána: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
[#] Složka smazána po restartu: C:\Users\zdrahal\AppData\Roaming\WinSnare
[#] Složka smazána po restartu: C:\Program Files (x86)\MIO
[-] Složka smazána: C:\Program Files (x86)\reports


***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
[-] Soubor smazán: C:\WINDOWS\SysNative\drivers\KuaiZipDrive.sys
[-] Soubor smazán: C:\TOSTACK
[-] Soubor smazán: C:\Program Files (x86)\settings.dat
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****

[-] Zástupce vyléčen: C:\Users\Public\Desktop\Google Chrome.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simocalc\Homepage.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\zdrahal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eacadfa43776aec\Google Chrome.lnk


***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Jogosephakeck
[-] Úloha smazána: {04080847-0B09-080E-0A11-7F79787E1104}
[-] Úloha smazána: SystemHealer Monitor
[-] Úloha smazána: SystemHealer Run Delay
[-] Úloha smazána: System HealerStartUp
[-] Úloha smazána: System HealerPeriod
[-] Úloha smazána: System Healer Task
[-] Úloha smazána: PC Clean Plus_UPDATES
[-] Úloha smazána: PC Clean Plus_DEFAULT
[-] Úloha smazána: PC Clean Plus
[-] Úloha smazána: Traffic Exchange Guardian
[-] Úloha smazána: Traffic Exchange Updater
[-] Úloha smazána: Traffic Exchange
[-] Úloha smazána: Traffic Exchange Guard
[-] Úloha smazána: SecureUpdater
[-] Úloha smazána: UCBrowserUpdaterCore
[-] Úloha smazána: UCBrowserSecureUpdater
[-] Úloha smazána: Milimili


***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
[-] Klíč smazán: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[-] Klíč smazán: HKU\.DEFAULT\Software\KuaiZip
[-] Klíč smazán: HKU\.DEFAULT\Software\ompndb
[-] Klíč smazán: HKU\.DEFAULT\Software\UpgSvr
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Installer
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\PC Clean Plus
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\System Healer
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\PC
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\AutoTime
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Event Monitor
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\KuaiZip
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\SNDA
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\KuaiZipSFX
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\WinSnare
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\mtZaamla
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\dlr
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\PopWnd
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\UpgSvr
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\KuaiZip
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ompndb
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\UpgSvr
[#] Klíč smazán po restartu: HKCU\Software\Installer
[#] Klíč smazán po restartu: HKCU\Software\PC Clean Plus
[#] Klíč smazán po restartu: HKCU\Software\System Healer
[#] Klíč smazán po restartu: HKCU\Software\PC
[#] Klíč smazán po restartu: HKCU\Software\AutoTime
[#] Klíč smazán po restartu: HKCU\Software\Event Monitor
[#] Klíč smazán po restartu: HKCU\Software\KuaiZip
[#] Klíč smazán po restartu: HKCU\Software\SNDA
[#] Klíč smazán po restartu: HKCU\Software\KuaiZipSFX
[#] Klíč smazán po restartu: HKCU\Software\WinSnare
[#] Klíč smazán po restartu: HKCU\Software\mtZaamla
[#] Klíč smazán po restartu: HKCU\Software\dlr
[#] Klíč smazán po restartu: HKCU\Software\PopWnd
[#] Klíč smazán po restartu: HKCU\Software\UpgSvr
[-] Klíč smazán: HKLM\SOFTWARE\Jawego
[-] Klíč smazán: HKLM\SOFTWARE\PC Clean Plus
[-] Klíč smazán: HKLM\SOFTWARE\PC
[-] Klíč smazán: HKLM\SOFTWARE\Event Monitor
[-] Klíč smazán: HKLM\SOFTWARE\youndooSoftware
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\ompndb
[-] Klíč smazán: HKLM\SOFTWARE\amule-custom
[-] Klíč smazán: HKLM\SOFTWARE\Microleaves
[-] Klíč smazán: HKLM\SOFTWARE\mtZaamla
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Klíč smazán po restartu: [x64] HKCU\Software\Installer
[#] Klíč smazán po restartu: [x64] HKCU\Software\PC Clean Plus
[#] Klíč smazán po restartu: [x64] HKCU\Software\System Healer
[#] Klíč smazán po restartu: [x64] HKCU\Software\PC
[#] Klíč smazán po restartu: [x64] HKCU\Software\AutoTime
[#] Klíč smazán po restartu: [x64] HKCU\Software\Event Monitor
[#] Klíč smazán po restartu: [x64] HKCU\Software\KuaiZip
[#] Klíč smazán po restartu: [x64] HKCU\Software\SNDA
[#] Klíč smazán po restartu: [x64] HKCU\Software\KuaiZipSFX
[#] Klíč smazán po restartu: [x64] HKCU\Software\WinSnare
[#] Klíč smazán po restartu: [x64] HKCU\Software\mtZaamla
[#] Klíč smazán po restartu: [x64] HKCU\Software\dlr
[#] Klíč smazán po restartu: [x64] HKCU\Software\PopWnd
[#] Klíč smazán po restartu: [x64] HKCU\Software\UpgSvr
[-] Klíč smazán: [x64] HKLM\SOFTWARE\ompndb
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microleaves
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Data obnovena: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Klíč smazán: HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Data obnovena: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\BHO.DLL
[-] Klíč smazán: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[#] Klíč smazán po restartu: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.crx\OpenWithProgids [UCHTML.AssocFile.CRX]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Hodnota smazána: HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.crx\OpenWithProgids [UCHTML.AssocFile.CRX]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Klíč smazán: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [16783 Bajty] - [08/03/2017 22:09:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [17860 Bajty] - [08/03/2017 22:08:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [16931 Bajty] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by zdrahal (administrator) on FST6008C (08-03-2017 22:35:24)
Running from C:\Users\zdrahal\Desktop
Loaded Profiles: zdrahal (Available Profiles: zdrahal & FSTM_local)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\CxUtilSvc.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(HP) C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
() C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(Dell Software Inc) C:\Windows\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\fvenotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Conexant) C:\Program Files\CONEXANT\MicTray\MicTray64.exe
(Atos IT Solutions and Services GmbH) C:\Program Files\CardOS API\bin\cardoscp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(SAP AG) C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 16\MmReminderService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Coldmay\Application\chrome.exe
(forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MicTray] => C:\Program Files\Conexant\MicTray\MicTray64.exe [11289176 2015-12-24] (Conexant)
HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\HP-NB-AIO\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc.)
HKLM\...\Run: [CardOS API] => C:\Program Files\CardOS API\bin\cardoscp.exe [169472 2012-10-30] (Atos IT Solutions and Services GmbH)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1568760 2016-05-30] (FileOpen Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USM] => C:\Program Files (x86)\Siemens\USM\USM.exe [57344 2007-11-07] (Siemens AG)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2503608 2016-05-26] (Trend Micro Inc.)
HKLM-x32\...\Run: [SBUSGUI] => C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe [717376 2014-01-15] (SAP AG)
HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 16\MMReminderService.exe [116424 2015-10-08] (Mindjet)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Disallowed\Certificates: 02C2D931062D7B1DC2A5C7F5F0685064081FB221 (U)
HKLM\...\Disallowed\Certificates: 08738A96A4853A52ACEF23F782E8E1FEA7BCED02 (U)
HKLM\...\Disallowed\Certificates: 08E4987249BC450748A4A78133CBF041A3510033 (U)
HKLM\...\Disallowed\Certificates: 09271DD621EBD3910C2EA1D059F99B8181405A17 (U)
HKLM\...\Disallowed\Certificates: 09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E (U)
HKLM\...\Disallowed\Certificates: 1916A2AF346D399F50313C393200F14140456616 (U)
HKLM\...\Disallowed\Certificates: 23EF3384E21F70F034C467D4CBA6EB61429F174E (U)
HKLM\...\Disallowed\Certificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (U)
HKLM\...\Disallowed\Certificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (U)
HKLM\...\Disallowed\Certificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (U)
HKLM\...\Disallowed\Certificates: 330D8D3FD325A0E5FDDDA27013A2E75E7130165F (U)
HKLM\...\Disallowed\Certificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (U)
HKLM\...\Disallowed\Certificates: 374D5B925B0BD83494E656EB8087127275DB83CE (U)
HKLM\...\Disallowed\Certificates: 3A26012171855D4020C973BEC3F4F9DA45BD2B83 (U)
HKLM\...\Disallowed\Certificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (U)
HKLM\...\Disallowed\Certificates: 3EB44E5FFE6DC72DED703E99902722DB38FFD1CB (U)
HKLM\...\Disallowed\Certificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (U)
HKLM\...\Disallowed\Certificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (U)
HKLM\...\Disallowed\Certificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (U)
HKLM\...\Disallowed\Certificates: 4822824ECE7ED1450C039AA077DC1F8AE3489BBF (U)
HKLM\...\Disallowed\Certificates: 4D8547B7F864132A7F62D9B75B068521F10B68E3 (U)
HKLM\...\Disallowed\Certificates: 4DF13947493CFF69CDE554881C5F114E97C3D03B (U)
HKLM\...\Disallowed\Certificates: 4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F (U)
HKLM\...\Disallowed\Certificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (U)
HKLM\...\Disallowed\Certificates: 587B59FB52D8A683CBE1CA00E6393D7BB923BC92 (U)
HKLM\...\Disallowed\Certificates: 5CE339465F41A1E423149F65544095404DE6EBE2 (U)
HKLM\...\Disallowed\Certificates: 5D5185DF1EB7DC76015422EC8138A5724BEE2886 (U)
HKLM\...\Disallowed\Certificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (U)
HKLM\...\Disallowed\Certificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (U)
HKLM\...\Disallowed\Certificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (U)
HKLM\...\Disallowed\Certificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (U)
HKLM\...\Disallowed\Certificates: 6431723036FD26DEA502792FA595922493030F97 (U)
HKLM\...\Disallowed\Certificates: 6690C02B922CBD3FF0D0A5994DBD336592887E3F (U)
HKLM\...\Disallowed\Certificates: 7311E77EC400109D6A5326D8F6696204FD59AA3B (U)
HKLM\...\Disallowed\Certificates: 7613BF0BA261006CAC3ED2DDBEF343425357F18B (U)
HKLM\...\Disallowed\Certificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (U)
HKLM\...\Disallowed\Certificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (U)
HKLM\...\Disallowed\Certificates: 838FFD509DE868F481C29819992E38A4F7082873 (U)
HKLM\...\Disallowed\Certificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (U)
HKLM\...\Disallowed\Certificates: 8977E8569D2A633AF01D0394851681CE122683A6 (U)
HKLM\...\Disallowed\Certificates: 8B2E65A5DA17FCCCBCDE7EF87B0C0ED5D0701F9F (U)
HKLM\...\Disallowed\Certificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (U)
HKLM\...\Disallowed\Certificates: 915A478DB939925DA8D9AEA12D8BBA140D26599C (U)
HKLM\...\Disallowed\Certificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (U)
HKLM\...\Disallowed\Certificates: 98A04E4163357790C4A79E6D713FF0AF51FE6927 (U)
HKLM\...\Disallowed\Certificates: A1505D9843C826DD67ED4EA5209804BDBB0DF502 (U)
HKLM\...\Disallowed\Certificates: A221D360309B5C3C4097C44CC779ACC5A9845B66 (U)
HKLM\...\Disallowed\Certificates: A35A8C727E88BCCA40A3F9679CE8CA00C26789FD (U)
HKLM\...\Disallowed\Certificates: A7B5531DDC87129E2C3BB14767953D6745FB14A6 (U)
HKLM\...\Disallowed\Certificates: A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 (U)
HKLM\...\Disallowed\Certificates: B533345D06F64516403C00DA03187D3BFEF59156 (U)
HKLM\...\Disallowed\Certificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (U)
HKLM\...\Disallowed\Certificates: BED412B1334D7DFCEBA3015E5F9F905D571C45CF (U)
HKLM\...\Disallowed\Certificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (U)
HKLM\...\Disallowed\Certificates: C6796490CDEEAAB31AED798752ECD003E6866CB2 (U)
HKLM\...\Disallowed\Certificates: C69F28C825139E65A646C434ACA5A1D200295DB1 (U)
HKLM\...\Disallowed\Certificates: CEA586B2CE593EC7D939898337C57814708AB2BE (U)
HKLM\...\Disallowed\Certificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (U)
HKLM\...\Disallowed\Certificates: D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E (U)
HKLM\...\Disallowed\Certificates: D2DBF71823B2B8E78F5958096150BFCB97CC388A (U)
HKLM\...\Disallowed\Certificates: D43153C8C25F0041287987250F1E3CABAC8C2177 (U)
HKLM\...\Disallowed\Certificates: D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B (U)
HKLM\...\Disallowed\Certificates: DB5042ED256FF426867B332887ECCE2D95E79614 (U)
HKLM\...\Disallowed\Certificates: E1F3591E769865C4E447ACC37EAFC9E2BFE4C576 (U)
HKLM\...\Disallowed\Certificates: E38A2B7663B86796436D8DF5898D9FAA6835B238 (U)
HKLM\...\Disallowed\Certificates: E95DD86F32C771F0341743EBD75EC33C74A3DED9 (U)
HKLM\...\Disallowed\Certificates: E9809E023B4512AA4D4D53F40569C313C1D0294D (U)
HKLM\...\Disallowed\Certificates: F5A874F3987EB0A9961A564B669A9050F770308A (U)
HKLM\...\Disallowed\Certificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (U)
HKLM\...\Disallowed\Certificates: F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB (U)
HKLM\...\Disallowed\Certificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (U)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {084b234d-f5c3-11e6-8772-fc3fdb8400b9} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {11108763-27fb-11e6-8598-fc3fdb8400b9} - G:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {17e1a827-a005-11e6-9ced-a434d9a1e617} - H:\winopen.exe \index.html
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {9e838994-6112-11e6-8c52-a434d9a1e617} - G:\Setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {e9aa8549-4b13-11e6-9c57-a434d9a1e617} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {f1a8eb31-6a06-11e6-9705-a434d9a1e617} - I:\setup.exe
HKLM\...\Providers\yks9i9i9: C:\Program Files (x86)\Sterberph Controls\local64spl.dll [315904 2017-02-11] ()
ShellExecuteHooks: No Name - {49CA6BDA-ECD2-11E6-B70F-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Plpoentthvutain\Chuvet.dll -> No File
ShellExecuteHooks: No Name - {AD722266-ECD2-11E6-BE37-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Ckafoy\Pherluycogch.dll [148992 2017-02-12] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-06-01]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2016-06-01]
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1292428093-838170752-682003330-178154] => hxxp://proxyconf
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{45324F4F-8AA9-4B43-95D4-3FAA46B6AE44}: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{713DCD72-8B2E-40F3-9B11-8165CE768E78}: [DhcpNameServer] 163.242.85.210 163.242.85.221
Tcpip\..\Interfaces\{AC13ADEB-99DE-4136-859A-4261097663FD}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://proxyconf

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://intranet.entry.siemens.com/osiep/
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {2AB6ACB9-161E-4889-8A3F-A00C87B703CD} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {A0D64377-9E9F-4024-ACC7-F8F38B13A802} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {E421A340-388A-4253-A18A-E517AB25411C} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: PDFXChange 4.0 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2015-10-08] (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)

FireFox:
========
FF DefaultProfile: nckuckjx.default
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\nckuckjx.default\Profiles\nckuckjx.default [not found]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default [2017-02-13]
FF NewTab: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2016-06-01]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2016-06-02]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default [2017-03-08]
FF NewTab: Firefox\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF SelectedSearchEngine: Firefox\Firefox\Profiles\nckuckjx.default -> youndoo
FF Extension: (SimilarWeb) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-07] [not signed]
FF Extension: (FF Adr) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-06] [not signed]
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2017-03-06]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2017-03-06]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-03-06] [not signed]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\startsearch.xml [2017-03-06]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey [2017-03-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-20] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-04-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData2
CHR Profile: C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-03-06] <==== ATTENTION
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apps_Cfg; C:\ProgramData\Apple\Apps\config.dll [120320 2017-03-06] () [File not signed]
R2 BarTender System Service; C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe [36432 2013-11-19] (Seagull Scientific, Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 Commander Service; C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe [1272912 2013-11-19] ()
R2 Coqaph; C:\Program Files (x86)\Pejghtkerrodom\drraseckoqolycr.dll [148992 2017-02-11] () [File not signed]
S4 CRS Service; C:\Program Files (x86)\CRService\CRService.exe [110592 2004-10-05] () [File not signed]
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe [135288 2015-08-09] (Conexant Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [674136 2016-01-19] (Pulse Secure, LLC)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [385016 2016-05-30] (FileOpen Systems Inc.)
R2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [782048 2015-11-16] (HP)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [1102560 2015-10-19] (HP)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [150632 2015-10-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [364472 2015-12-05] (Intel Corporation)
R2 Kyubey; C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe [111104 2017-03-08] () [File not signed]
R2 Maestro; C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe [232528 2013-11-19] (Seagull Scientific, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5684544 2016-05-26] (Trend Micro Inc.)
R2 QsRUMAgent; C:\WINDOWS\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [894976 2014-11-13] (Dell Software Inc) [File not signed]
S3 smstsmgr; C:\WINDOWS\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
S4 SQLAgent$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-11-18] (Synaptics Incorporated)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592896 2016-05-26] (Trend Micro Inc.)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe [851056 2016-05-26] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5298688 2016-05-26] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 gemeloki; [X]
S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmdGpio2; C:\WINDOWS\system32\drivers\AmdGpio2.sys [45296 2015-06-19] (Advanced Micro Devices, INC.)
S3 amdi2c; C:\WINDOWS\system32\drivers\amdi2c.sys [60656 2015-06-19] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
S3 blackberryncm; C:\WINDOWS\System32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R3 btmaux; C:\WINDOWS\System32\DRIVERS\btmaux.sys [141800 2015-07-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [1445688 2014-11-20] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-01] (Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [502256 2015-08-13] (Intel Corporation)
S3 ew_usbenumfilter; C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys [15744 2013-10-28] (MBB Technologies Co., Ltd.)
S3 hidemi; C:\WINDOWS\system32\drivers\hidemi.sys [30544 2015-08-21] (Microchip)
S3 huawei_cdcacm; C:\WINDOWS\system32\drivers\ew_jucdcacm.sys [110592 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_enumerator; C:\WINDOWS\system32\drivers\ew_jubusenum.sys [92672 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\system32\drivers\ew_juextctrl.sys [30720 2014-01-02] (MBB Technologies Co., Ltd.)
S3 hwdatacard; C:\WINDOWS\system32\drivers\ewusbmdm.sys [226176 2014-01-02] (MBB Technologies Co., Ltd.)
R0 iaStorF; C:\WINDOWS\System32\drivers\iaStorF.sys [31712 2015-10-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\System32\DRIVERS\ibtusb.sys [96496 2015-09-10] (Intel Corporation)
S3 mchpemi; C:\WINDOWS\system32\drivers\mchpemi.sys [37728 2015-08-21] (Microchip)
R3 MEIx64; C:\WINDOWS\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-09] (Intel Corporation)
R3 NETwNs64; C:\WINDOWS\System32\DRIVERS\Netwsw02.sys [3422472 2016-01-01] (Intel Corporation)
R3 prepdrvr; C:\WINDOWS\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 qcfilter; C:\WINDOWS\system32\drivers\hpusbfilter.sys [40448 2015-11-19] (HP)
S3 qcusbser; C:\WINDOWS\system32\drivers\hpusbser.sys [238592 2015-11-19] (HP)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (BlackBerry Limited)
R3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [42600 2015-11-18] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [730368 2015-12-14] (Sunplus)
S3 SzCCID; C:\WINDOWS\System32\DRIVERS\SzCCID.sys [51352 2015-06-03] (Generic)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [120640 2016-05-25] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [324408 2015-11-30] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [79168 2016-05-25] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393952 2016-08-22] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66784 2016-08-22] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [102176 2016-04-30] (Trend Micro Inc.)
R3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2578656 2016-08-22] (Trend Micro Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-08 22:35 - 2017-03-08 22:36 - 00037989 _____ C:\Users\zdrahal\Desktop\FRST.txt
2017-03-08 22:13 - 2017-03-08 22:34 - 00000000 ____D C:\Program Files (x86)\reports
2017-03-08 22:13 - 2017-03-08 22:17 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-03-08 22:13 - 2017-03-08 22:13 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-08 22:11 - 2017-03-08 22:11 - 00000004 ____H C:\ProgramData\cm-lock
2017-03-08 22:07 - 2017-03-08 22:09 - 00000000 ____D C:\AdwCleaner
2017-03-08 22:06 - 2017-03-08 22:05 - 04031440 _____ C:\Users\zdrahal\Desktop\adwcleaner_6.044.exe
2017-03-08 22:05 - 2017-03-08 22:05 - 04031440 _____ C:\Users\zdrahal\Downloads\adwcleaner_6.044.exe
2017-03-08 21:46 - 2017-03-08 21:47 - 00000000 ____D C:\FRST
2017-03-08 21:44 - 2017-03-08 21:44 - 00112640 _____ (forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
2017-03-08 21:43 - 2017-03-08 21:44 - 02423808 _____ (Farbar) C:\Users\zdrahal\Desktop\FRST64.exe
2017-03-08 21:21 - 2017-03-08 21:21 - 00000000 ____D C:\Program Files (x86)\58C067C0_cacayima
2017-03-08 08:30 - 2017-03-08 08:30 - 00941183 _____ C:\Users\zdrahal\Desktop\Protokoll_Suche.zip
2017-03-08 08:30 - 2017-03-08 08:30 - 00000000 ____D C:\Users\zdrahal\Desktop\Protokoll_Suche
2017-03-07 23:45 - 2017-03-07 23:45 - 00000000 ____D C:\Program Files (x86)\58BF3816_cacayima
2017-03-07 21:55 - 2017-03-07 21:55 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215 (1).pdf
2017-03-07 21:45 - 2017-03-07 21:45 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-07 10:45 - 2017-03-07 10:45 - 07605801 _____ C:\Users\zdrahal\Desktop\SIEMENS S120 Servo overview2 080414.pdf
2017-03-07 10:36 - 2017-03-07 10:36 - 12977206 _____ C:\Users\zdrahal\Desktop\enman_sinamics-v6-4_2015_en.pdf
2017-03-06 23:41 - 2017-03-06 23:41 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015 (1).rar
2017-03-06 23:14 - 2017-03-06 23:17 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015.rar
2017-03-06 22:10 - 2017-03-08 21:21 - 00002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-08 21:21 - 00002005 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Firefox
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Firefox
2017-03-06 22:08 - 2017-03-08 22:34 - 00031572 _____ C:\Program Files (x86)\metadata
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Coldmay
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\ProgramData\Apple
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Program Files (x86)\Coldmay
2017-03-04 22:12 - 2011-04-06 18:21 - 273165554 _____ C:\Users\zdrahal\Desktop\Garage_5_4_2011.avi
2017-03-04 12:24 - 2017-03-04 12:24 - 14876943 _____ C:\Users\zdrahal\Downloads\IBb_HLAVNI_VYKRES.pdf
2017-03-04 12:24 - 2017-03-04 12:24 - 01044234 _____ C:\Users\zdrahal\Downloads\UZEMNI_PLAN_OOP.pdf
2017-03-03 23:29 - 2017-03-03 23:29 - 00000000 ____D C:\Users\zdrahal\Documents\aMule Downloads
2017-03-03 13:07 - 2017-03-03 14:47 - 00000000 ___SD C:\Users\zdrahal\Documents\SharePoint – koncepty
2017-03-03 10:42 - 2017-03-03 10:36 - 30757680 _____ C:\Users\zdrahal\Downloads\simotics-low-voltage-motors-catalog-d81-1-en-2016.zip
2017-03-03 10:30 - 2017-03-03 10:30 - 13982950 _____ C:\Users\zdrahal\Downloads\sinamics-projektierungshandbuch-lv-de.pdf
2017-03-02 23:12 - 2017-03-02 23:14 - 213929163 _____ C:\Users\zdrahal\Downloads\sw_20170127_631_U_5.16_371_gdb_pn_user.zip
2017-03-02 22:32 - 2017-03-02 22:32 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\U3
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-02 20:19 - 2017-03-02 20:19 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Kyubey
2017-03-02 20:16 - 2017-03-02 20:16 - 00000000 ____D C:\WINDOWS\SysWOW64\{C5C16BF2-3257-4498-A5C2-DFDF85D7E259}
2017-03-01 10:17 - 2017-03-01 10:17 - 00000000 ____D C:\WINDOWS\Quest Resource Updating Agent
2017-03-01 07:13 - 2017-03-01 07:13 - 02610081 _____ C:\Users\zdrahal\Downloads\osm-uderu-hodin (1).mobi
2017-02-27 22:31 - 2017-02-27 22:31 - 25971958 _____ C:\Users\zdrahal\Downloads\Visingr---Zbraně-21.-století.pdf
2017-02-26 21:49 - 2017-02-26 21:50 - 106616851 _____ C:\Users\zdrahal\Downloads\S4A.zip
2017-02-26 21:35 - 2017-02-26 21:36 - 27926619 _____ C:\Users\zdrahal\Downloads\Dějiny národního hospodářství.pdf
2017-02-25 23:39 - 2017-02-25 23:39 - 00614385 _____ C:\Users\zdrahal\Desktop\Bezpecnost_Evropy.pdf
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Apowersoft
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Apowersoft
2017-02-25 22:58 - 2017-02-25 22:58 - 01226104 _____ (Apowersoft Ltd. ) C:\Users\zdrahal\Downloads\apowersoft-online-launcher.exe
2017-02-24 23:31 - 2017-02-24 23:39 - 1134763162 _____ C:\Users\zdrahal\Downloads\Hotel-of-the-Damned-(2016)en.mkv
2017-02-24 14:23 - 2017-02-24 14:23 - 00000000 ____D C:\export
2017-02-23 07:20 - 2017-02-23 07:20 - 00000000 ____D C:\WINDOWS\audit
2017-02-22 22:24 - 2017-02-22 22:28 - 427098090 _____ C:\Users\zdrahal\Downloads\Chéri---Michelle-Pfeiffer,-Rupert-Friend,-Kathy-Bates,-Felicity-Jones-2009-cz-dab.avi
2017-02-22 15:14 - 2017-02-22 15:14 - 00047958 _____ C:\Users\zdrahal\Downloads\Pohyb_13892487911_na_uctu_2000302534.pdf
2017-02-22 09:07 - 2017-02-22 12:57 - 00000000 ____D C:\Users\zdrahal\Desktop\UL_CSA
2017-02-21 12:57 - 2017-02-21 12:57 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215.pdf
2017-02-20 23:37 - 2017-02-20 23:37 - 36092047 _____ C:\Users\zdrahal\Desktop\Werner Leonhard-Control of Electrical Drives-Springer (2001).pdf
2017-02-20 23:10 - 2017-02-20 23:11 - 16219691 _____ C:\Users\zdrahal\Downloads\Czech.zip
2017-02-20 23:03 - 2017-02-20 23:03 - 00321525 _____ C:\Users\zdrahal\Downloads\024269.pdf
2017-02-19 23:03 - 2017-02-19 23:25 - 00000000 ____D C:\Program Files (x86)\Age of Empires II HD
2017-02-19 22:42 - 2017-02-19 22:51 - 966636757 _____ C:\Users\zdrahal\Downloads\Age-of-Empires-2-HD+Čeština+Crack (1).rar
2017-02-19 22:30 - 2017-02-19 22:33 - 391288316 _____ C:\Users\zdrahal\Downloads\Steel-Panthers-World-At-War.rar
2017-02-18 11:48 - 2017-02-18 11:48 - 00033475 _____ C:\Users\zdrahal\Downloads\F_2834911317.pdf
2017-02-18 01:00 - 2017-02-18 01:11 - 1483778946 _____ C:\Users\zdrahal\Downloads\The.Night.Watchman.2016.DVDRip.XviD.AC3-EVO.avi
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Jujubee S_A_
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-02-16 23:05 - 2017-03-01 21:03 - 00000000 ____D C:\Users\zdrahal\Desktop\Ila
2017-02-16 22:22 - 2017-02-16 22:22 - 00135903 _____ C:\Users\zdrahal\Downloads\vybor_zapis_15_01_20115.pdf
2017-02-16 20:16 - 2017-02-16 20:16 - 00212342 _____ C:\Users\zdrahal\Downloads\Seznam vlastníků bytů.pdf
2017-02-16 14:47 - 2017-02-16 14:47 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-16 14:47 - 2017-02-16 14:47 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 13:13 - 2017-02-15 13:13 - 01035943 _____ C:\Users\zdrahal\Desktop\IEC 60034-14_2017_draft.pdf
2017-02-15 08:07 - 2017-03-08 22:12 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-02-15 08:07 - 2017-03-08 22:11 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-02-15 08:07 - 2017-03-08 22:09 - 00001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-15 08:07 - 2017-03-08 22:09 - 00001150 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-15 08:07 - 2017-02-15 08:07 - 00003948 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-15 08:07 - 2017-02-15 08:07 - 00003696 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-12 23:34 - 2017-02-12 23:46 - 705433141 _____ C:\Users\zdrahal\Downloads\Cherry-Tree-CZ-Titulky-Horor,-Irsko,-2015....ID--154291.mkv
2017-02-12 14:31 - 2017-02-12 15:54 - 00000000 ____D C:\Users\zdrahal\Desktop\1MB1 vývody
2017-02-12 13:18 - 2017-03-02 22:21 - 00000000 ____D C:\Users\zdrahal\Desktop\backups
2017-02-12 12:16 - 2017-02-12 12:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Desktop\hijackthis.exe
2017-02-12 11:29 - 2017-02-12 11:29 - 00000000 ____D C:\Users\zdrahal\Downloads\backups
2017-02-12 11:09 - 2017-02-12 11:11 - 00000000 ____D C:\Program Files (x86)\Wsuiedfuloing
2017-02-12 10:53 - 2017-02-12 10:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Downloads\hijackthis.exe
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\rsit
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\Program Files\trend micro
2017-02-12 09:42 - 2017-02-12 11:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Ckafoy
2017-02-12 09:41 - 2017-02-12 09:41 - 00006100 _____ C:\WINDOWS\System32\Tasks\Qerzitainckeriward Launcher
2017-02-12 09:41 - 2017-02-12 09:41 - 00000000 ____D C:\Program Files (x86)\Qerzitainckeriward Launcher
2017-02-12 09:30 - 2017-02-12 09:30 - 00003258 _____ C:\WINDOWS\System32\Tasks\psv_LabOzeis
2017-02-11 22:38 - 2017-02-11 22:38 - 00003256 _____ C:\WINDOWS\System32\Tasks\psv_Lam-Ron
2017-02-11 22:35 - 2017-02-11 22:35 - 00003270 _____ C:\WINDOWS\System32\Tasks\psv_Canzap
2017-02-11 22:34 - 2017-03-08 22:07 - 00000460 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-02-11 22:34 - 2017-02-12 10:38 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-11 22:34 - 2017-02-11 23:11 - 00003438 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-02-11 22:34 - 2017-02-11 22:39 - 00000000 ____D C:\Program Files\żěŃą
2017-02-11 22:30 - 2017-02-11 22:30 - 00000000 ____D C:\Program Files (x86)\Sterberph Controls
2017-02-11 22:29 - 2017-02-11 22:29 - 00006056 _____ C:\WINDOWS\System32\Tasks\Sterberph Controls
2017-02-11 22:28 - 2017-02-12 11:57 - 00000000 ____D C:\Program Files (x86)\Pejghtkerrodom
2017-02-11 22:27 - 2017-03-08 22:36 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-02-11 22:27 - 2017-03-08 22:36 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-02-11 22:27 - 2017-03-08 22:36 - 00000314 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\cryptolib

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-08 22:22 - 2016-09-22 08:12 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-08 22:19 - 2012-08-29 10:23 - 00883936 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-08 22:19 - 2012-08-29 10:23 - 00222930 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-08 22:19 - 2012-08-29 10:13 - 00864066 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-08 22:19 - 2012-08-29 10:13 - 00215712 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-08 22:19 - 2009-07-14 06:13 - 03244726 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 22:19 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-08 22:19 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-08 22:19 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\inf
2017-03-08 22:12 - 2016-11-29 18:16 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Skype
2017-03-08 22:12 - 2016-06-01 09:38 - 00000000 __SHD C:\Users\zdrahal\IntelGraphicsProfiles
2017-03-08 22:11 - 2015-10-08 21:14 - 00000405 _____ C:\WINDOWS\SMSCFG.INI
2017-03-08 22:10 - 2009-07-14 06:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 22:09 - 2016-06-01 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simocalc
2017-03-08 22:09 - 2016-06-01 09:39 - 00000979 _____ C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-08 21:20 - 2016-11-17 00:26 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Mozilla
2017-03-08 15:58 - 2016-05-13 15:06 - 00011091 _____ C:\WINDOWS\cfgall.ini
2017-03-08 15:33 - 2015-10-08 21:12 - 00008400 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-03-08 08:33 - 2016-05-13 15:03 - 00000000 ____D C:\Temp
2017-03-08 07:33 - 2016-06-01 09:39 - 00000000 ____D C:\Users\zdrahal\Tracing
2017-03-08 00:06 - 2016-06-01 21:41 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\uTorrent
2017-03-07 23:42 - 2016-06-01 20:38 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\vlc
2017-03-07 11:54 - 2016-10-17 14:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\ElevatedDiagnostics
2017-03-07 07:50 - 2016-06-01 15:06 - 00000000 ____D C:\Smart
2017-03-06 14:20 - 2016-06-01 09:38 - 00007728 __RSH C:\Users\zdrahal\ntuser.pol
2017-03-06 14:20 - 2016-06-01 09:38 - 00000000 ____D C:\Users\zdrahal
2017-03-06 11:19 - 2016-06-01 20:56 - 00451584 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2017-03-01 12:24 - 2012-08-28 15:14 - 00158296 __RSH C:\ProgramData\ntuser.pol
2017-02-24 09:53 - 2017-01-02 20:55 - 00000000 ____D C:\Users\zdrahal\Desktop\clo
2017-02-23 13:09 - 2016-06-01 11:10 - 00000000 ____D C:\Users\zdrahal\Desktop\VYKAZOVÁNÍ
2017-02-19 23:33 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-15 20:10 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-15 08:07 - 2016-09-05 07:06 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-12 22:34 - 2016-06-01 12:28 - 00000000 ____D C:\2_VECI
2017-02-12 13:18 - 2016-05-16 09:27 - 00000000 ____D C:\Program Files (x86)\CRService
2017-02-12 10:50 - 2016-10-21 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 10:05 - 2016-09-05 19:46 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Google
2017-02-11 22:33 - 2015-10-08 11:15 - 03276772 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2017-03-06 22:08 - 2017-03-08 22:34 - 0031572 _____ () C:\Program Files (x86)\metadata
2017-03-08 22:13 - 2017-03-08 22:17 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2016-06-01 22:15 - 2016-06-01 22:15 - 0000001 _____ () C:\Users\zdrahal\AppData\Local\llftool.4.40.agreement
2016-06-01 22:18 - 2016-06-01 22:18 - 0000019 _____ () C:\Users\zdrahal\AppData\Local\llftool.license
2017-03-08 22:11 - 2017-03-08 22:11 - 0000004 ____H () C:\ProgramData\cm-lock

Some files in TEMP:
====================
2016-05-24 06:30 - 2015-09-07 13:47 - 0007168 _____ (Siemens AG) C:\Users\rezniceko\AppData\Local\Temp\GetJavaPath.exe
2016-05-24 06:30 - 2016-04-13 08:18 - 0015872 _____ (Siemens AG) C:\Users\rezniceko\AppData\Local\Temp\JreCheck.exe
2016-05-16 14:32 - 2013-11-25 16:43 - 0060296 _____ (Autodesk, Inc.) C:\Users\w9a93e10\AppData\Local\Temp\AcDeltree.exe
2016-05-31 14:41 - 2016-04-13 08:18 - 0015872 _____ (Siemens AG) C:\Users\w9a93e10\AppData\Local\Temp\JreCheck.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================

SIZER for Siemens Drives (HKLM-x32\...\{53FDD695-AE45-42A8-994D-EA9B714C4761}) (Version: 3.15 - Siemens AG)
SIZER for Siemens Drives Product Database (x32 Version: 1.1 - Siemens AG) Hidden

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\zdrahal\Desktop" je 1459 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {084b234d-f5c3-11e6-8772-fc3fdb8400b9} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {11108763-27fb-11e6-8598-fc3fdb8400b9} - G:\setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {17e1a827-a005-11e6-9ced-a434d9a1e617} - H:\winopen.exe \index.html
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {9e838994-6112-11e6-8c52-a434d9a1e617} - G:\Setup.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {e9aa8549-4b13-11e6-9c57-a434d9a1e617} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\MountPoints2: {f1a8eb31-6a06-11e6-9705-a434d9a1e617} - I:\setup.exe
HKLM\...\Providers\yks9i9i9: C:\Program Files (x86)\Sterberph Controls\local64spl.dll [315904 2017-02-11] ()
ShellExecuteHooks: No Name - {49CA6BDA-ECD2-11E6-B70F-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Plpoentthvutain\Chuvet.dll -> No File
C:\Program Files (x86)\Sterberph Controls
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-12]
CHR Extension: (No Name) - C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-12]
S4 gemeloki; [X]
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {2AB6ACB9-161E-4889-8A3F-A00C87B703CD} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {A0D64377-9E9F-4024-ACC7-F8F38B13A802} URL =
SearchScopes: HKU\S-1-5-21-1292428093-838170752-682003330-178154 -> {E421A340-388A-4253-A18A-E517AB25411C} URL =
FF NewTab: Firefox\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e05 ... 52&type=hp
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\startsearch.xml [2017-03-06]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
CHR Profile: C:\Users\zdrahal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-03-06] <==== ATTENTION
C:\Users\rezniceko\AppData\Local\Temp
Task: {3BD58EAC-A04D-431F-BB5C-940DC7022DE1} - System32\Tasks\psv_LabOzeis => cmd.exe /c regedit.exe /s "C:\ProgramData\Zaamla\Medplus.reg" & del "C:\ProgramData\Zaamla\Medplus.reg" & SCHTASKS /Delete /TN "psv_LabOzeis" /F <==== ATTENTION
Task: {717898AC-EFAF-4B05-BBE0-0B9860033E87} - System32\Tasks\psv_Canzap => cmd.exe /c regedit.exe /s "C:\ProgramData\Zaamla\HomeDomhome.reg" & del "C:\ProgramData\Zaamla\HomeDomhome.reg" & SCHTASKS /Delete /TN "psv_Canzap" /F <==== ATTENTION
Task: {7C57552F-F677-413D-94AF-7E5AD6B3CBF8} - \{D1D41CE5-667F-AB4E-4B65-61700B7A60BE} -> No File <==== ATTENTION
Task: {7D1EA7EA-135C-4830-8D4E-1969A3B50326} - \{3D9BED2A-80D7-D1EF-8DFC-7C3D1205AC1C} -> No File <==== ATTENTION
Task: {811AB381-0715-4885-A2D4-C01330B6DD17} - System32\Tasks\psv_Lam-Ron => cmd.exe /c regedit.exe /s "C:\ProgramData\Zaamla\Flexlux.reg" & del "C:\ProgramData\Zaamla\Flexlux.reg" & SCHTASKS /Delete /TN "psv_Lam-Ron" /F <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Dobrý večer,

zasílám aktuální výpis po čištění

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by zdrahal (administrator) on FST6008C (09-03-2017 22:06:30)
Running from C:\Users\zdrahal\Desktop
Loaded Profiles: zdrahal (Available Profiles: zdrahal & FSTM_local)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\CxUtilSvc.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(HP) C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
() C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe
(Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(Dell Software Inc) C:\Windows\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\fvenotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Conexant) C:\Program Files\CONEXANT\MicTray\MicTray64.exe
(Atos IT Solutions and Services GmbH) C:\Program Files\CardOS API\bin\cardoscp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(SAP AG) C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 16\MmReminderService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MicTray] => C:\Program Files\Conexant\MicTray\MicTray64.exe [11289176 2015-12-24] (Conexant)
HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\HP-NB-AIO\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc.)
HKLM\...\Run: [CardOS API] => C:\Program Files\CardOS API\bin\cardoscp.exe [169472 2012-10-30] (Atos IT Solutions and Services GmbH)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1568760 2016-05-30] (FileOpen Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USM] => C:\Program Files (x86)\Siemens\USM\USM.exe [57344 2007-11-07] (Siemens AG)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2503608 2016-05-26] (Trend Micro Inc.)
HKLM-x32\...\Run: [SBUSGUI] => C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe [717376 2014-01-15] (SAP AG)
HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 16\MMReminderService.exe [116424 2015-10-08] (Mindjet)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Disallowed\Certificates: 02C2D931062D7B1DC2A5C7F5F0685064081FB221 (U)
HKLM\...\Disallowed\Certificates: 08738A96A4853A52ACEF23F782E8E1FEA7BCED02 (U)
HKLM\...\Disallowed\Certificates: 08E4987249BC450748A4A78133CBF041A3510033 (U)
HKLM\...\Disallowed\Certificates: 09271DD621EBD3910C2EA1D059F99B8181405A17 (U)
HKLM\...\Disallowed\Certificates: 09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E (U)
HKLM\...\Disallowed\Certificates: 1916A2AF346D399F50313C393200F14140456616 (U)
HKLM\...\Disallowed\Certificates: 23EF3384E21F70F034C467D4CBA6EB61429F174E (U)
HKLM\...\Disallowed\Certificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (U)
HKLM\...\Disallowed\Certificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (U)
HKLM\...\Disallowed\Certificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (U)
HKLM\...\Disallowed\Certificates: 330D8D3FD325A0E5FDDDA27013A2E75E7130165F (U)
HKLM\...\Disallowed\Certificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (U)
HKLM\...\Disallowed\Certificates: 374D5B925B0BD83494E656EB8087127275DB83CE (U)
HKLM\...\Disallowed\Certificates: 3A26012171855D4020C973BEC3F4F9DA45BD2B83 (U)
HKLM\...\Disallowed\Certificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (U)
HKLM\...\Disallowed\Certificates: 3EB44E5FFE6DC72DED703E99902722DB38FFD1CB (U)
HKLM\...\Disallowed\Certificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (U)
HKLM\...\Disallowed\Certificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (U)
HKLM\...\Disallowed\Certificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (U)
HKLM\...\Disallowed\Certificates: 4822824ECE7ED1450C039AA077DC1F8AE3489BBF (U)
HKLM\...\Disallowed\Certificates: 4D8547B7F864132A7F62D9B75B068521F10B68E3 (U)
HKLM\...\Disallowed\Certificates: 4DF13947493CFF69CDE554881C5F114E97C3D03B (U)
HKLM\...\Disallowed\Certificates: 4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F (U)
HKLM\...\Disallowed\Certificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (U)
HKLM\...\Disallowed\Certificates: 587B59FB52D8A683CBE1CA00E6393D7BB923BC92 (U)
HKLM\...\Disallowed\Certificates: 5CE339465F41A1E423149F65544095404DE6EBE2 (U)
HKLM\...\Disallowed\Certificates: 5D5185DF1EB7DC76015422EC8138A5724BEE2886 (U)
HKLM\...\Disallowed\Certificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (U)
HKLM\...\Disallowed\Certificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (U)
HKLM\...\Disallowed\Certificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (U)
HKLM\...\Disallowed\Certificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (U)
HKLM\...\Disallowed\Certificates: 6431723036FD26DEA502792FA595922493030F97 (U)
HKLM\...\Disallowed\Certificates: 6690C02B922CBD3FF0D0A5994DBD336592887E3F (U)
HKLM\...\Disallowed\Certificates: 7311E77EC400109D6A5326D8F6696204FD59AA3B (U)
HKLM\...\Disallowed\Certificates: 7613BF0BA261006CAC3ED2DDBEF343425357F18B (U)
HKLM\...\Disallowed\Certificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (U)
HKLM\...\Disallowed\Certificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (U)
HKLM\...\Disallowed\Certificates: 838FFD509DE868F481C29819992E38A4F7082873 (U)
HKLM\...\Disallowed\Certificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (U)
HKLM\...\Disallowed\Certificates: 8977E8569D2A633AF01D0394851681CE122683A6 (U)
HKLM\...\Disallowed\Certificates: 8B2E65A5DA17FCCCBCDE7EF87B0C0ED5D0701F9F (U)
HKLM\...\Disallowed\Certificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (U)
HKLM\...\Disallowed\Certificates: 915A478DB939925DA8D9AEA12D8BBA140D26599C (U)
HKLM\...\Disallowed\Certificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (U)
HKLM\...\Disallowed\Certificates: 98A04E4163357790C4A79E6D713FF0AF51FE6927 (U)
HKLM\...\Disallowed\Certificates: A1505D9843C826DD67ED4EA5209804BDBB0DF502 (U)
HKLM\...\Disallowed\Certificates: A221D360309B5C3C4097C44CC779ACC5A9845B66 (U)
HKLM\...\Disallowed\Certificates: A35A8C727E88BCCA40A3F9679CE8CA00C26789FD (U)
HKLM\...\Disallowed\Certificates: A7B5531DDC87129E2C3BB14767953D6745FB14A6 (U)
HKLM\...\Disallowed\Certificates: A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 (U)
HKLM\...\Disallowed\Certificates: B533345D06F64516403C00DA03187D3BFEF59156 (U)
HKLM\...\Disallowed\Certificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (U)
HKLM\...\Disallowed\Certificates: BED412B1334D7DFCEBA3015E5F9F905D571C45CF (U)
HKLM\...\Disallowed\Certificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (U)
HKLM\...\Disallowed\Certificates: C6796490CDEEAAB31AED798752ECD003E6866CB2 (U)
HKLM\...\Disallowed\Certificates: C69F28C825139E65A646C434ACA5A1D200295DB1 (U)
HKLM\...\Disallowed\Certificates: CEA586B2CE593EC7D939898337C57814708AB2BE (U)
HKLM\...\Disallowed\Certificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (U)
HKLM\...\Disallowed\Certificates: D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E (U)
HKLM\...\Disallowed\Certificates: D2DBF71823B2B8E78F5958096150BFCB97CC388A (U)
HKLM\...\Disallowed\Certificates: D43153C8C25F0041287987250F1E3CABAC8C2177 (U)
HKLM\...\Disallowed\Certificates: D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B (U)
HKLM\...\Disallowed\Certificates: DB5042ED256FF426867B332887ECCE2D95E79614 (U)
HKLM\...\Disallowed\Certificates: E1F3591E769865C4E447ACC37EAFC9E2BFE4C576 (U)
HKLM\...\Disallowed\Certificates: E38A2B7663B86796436D8DF5898D9FAA6835B238 (U)
HKLM\...\Disallowed\Certificates: E95DD86F32C771F0341743EBD75EC33C74A3DED9 (U)
HKLM\...\Disallowed\Certificates: E9809E023B4512AA4D4D53F40569C313C1D0294D (U)
HKLM\...\Disallowed\Certificates: F5A874F3987EB0A9961A564B669A9050F770308A (U)
HKLM\...\Disallowed\Certificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (U)
HKLM\...\Disallowed\Certificates: F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB (U)
HKLM\...\Disallowed\Certificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (U)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-1292428093-838170752-682003330-178154\...\Policies\Explorer: [NoSimpleStartMenu] 1
ShellExecuteHooks: No Name - {AD722266-ECD2-11E6-BE37-64006A5CFC23} - C:\Users\zdrahal\AppData\Roaming\Ckafoy\Pherluycogch.dll [148992 2017-02-12] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-06-01]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2016-06-01]
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1292428093-838170752-682003330-178154] => hxxp://proxyconf
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{45324F4F-8AA9-4B43-95D4-3FAA46B6AE44}: [DhcpNameServer] 213.155.229.197 213.155.255.12 192.168.1.1
Tcpip\..\Interfaces\{713DCD72-8B2E-40F3-9B11-8165CE768E78}: [DhcpNameServer] 163.242.85.210 163.242.85.221
Tcpip\..\Interfaces\{AC13ADEB-99DE-4136-859A-4261097663FD}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://proxyconf

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1292428093-838170752-682003330-178154\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://intranet.entry.siemens.com/osiep/
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: PDFXChange 4.0 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2015-10-08] (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2011-03-25] (Tracker Softaware)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2015-06-24] (SAP, Walldorf)

FireFox:
========
FF DefaultProfile: nckuckjx.default
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\nckuckjx.default\Profiles\nckuckjx.default [not found]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default [2017-03-09]
FF NewTab: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nckuckjx.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\nckuckjx.default -> hxxp://www.youndoo.com/?z=c5c01e7768e055cba1dd ... 52&type=hp
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2016-06-01]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2016-06-02]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\q90qys0i.xml [2017-02-12]
FF SearchPlugin: C:\Users\zdrahal\AppData\Roaming\Mozilla\Firefox\Profiles\nckuckjx.default\searchplugins\yks9i9i9.xml [2017-02-11]
FF ProfilePath: C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default [2017-03-09]
FF SelectedSearchEngine: Firefox\Firefox\Profiles\nckuckjx.default -> youndoo
FF Extension: (SimilarWeb) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-07] [not signed]
FF Extension: (FF Adr) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-06] [not signed]
FF Extension: (ADB Helper) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\adbhelper@mozilla.org [2017-03-06]
FF Extension: (Valence) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\fxdevtools-adapters@mozilla.org [2017-03-06]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-03-06] [not signed]
FF Extension: (Search Powered by Yahoo Engine) - C:\Users\zdrahal\AppData\Roaming\Firefox\Firefox\Profiles\nckuckjx.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-07-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-20] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-04-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011-03-25] (Tracker Software Products Ltd.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData2

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apps_Cfg; C:\ProgramData\Apple\Apps\config.dll [120320 2017-03-06] () [File not signed]
S2 BarTender System Service; C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe [36432 2013-11-19] (Seagull Scientific, Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S2 Commander Service; C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe [1272912 2013-11-19] ()
R2 Coqaph; C:\Program Files (x86)\Pejghtkerrodom\drraseckoqolycr.dll [148992 2017-02-11] () [File not signed]
S4 CRS Service; C:\Program Files (x86)\CRService\CRService.exe [110592 2004-10-05] () [File not signed]
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe [135288 2015-08-09] (Conexant Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [674136 2016-01-19] (Pulse Secure, LLC)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [385016 2016-05-30] (FileOpen Systems Inc.)
R2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [782048 2015-11-16] (HP)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [1102560 2015-10-19] (HP)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [150632 2015-10-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [364472 2015-12-05] (Intel Corporation)
R2 Kyubey; C:\Users\zdrahal\AppData\Roaming\Kyubey\Kyubey.exe [111104 2017-03-08] () [File not signed]
R2 Maestro; C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe [232528 2013-11-19] (Seagull Scientific, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5684544 2016-05-26] (Trend Micro Inc.)
R2 QsRUMAgent; C:\WINDOWS\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [894976 2014-11-13] (Dell Software Inc) [File not signed]
S3 smstsmgr; C:\WINDOWS\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
S4 SQLAgent$SIEMENSSIZER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SIEMENSSIZER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-11-18] (Synaptics Incorporated)
S3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592896 2016-05-26] (Trend Micro Inc.)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe [851056 2016-05-26] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5298688 2016-05-26] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmdGpio2; C:\WINDOWS\system32\drivers\AmdGpio2.sys [45296 2015-06-19] (Advanced Micro Devices, INC.)
S3 amdi2c; C:\WINDOWS\system32\drivers\amdi2c.sys [60656 2015-06-19] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
S3 blackberryncm; C:\WINDOWS\System32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R3 btmaux; C:\WINDOWS\System32\DRIVERS\btmaux.sys [141800 2015-07-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [1445688 2014-11-20] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-01] (Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [502256 2015-08-13] (Intel Corporation)
S3 ew_usbenumfilter; C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys [15744 2013-10-28] (MBB Technologies Co., Ltd.)
S3 hidemi; C:\WINDOWS\system32\drivers\hidemi.sys [30544 2015-08-21] (Microchip)
S3 huawei_cdcacm; C:\WINDOWS\system32\drivers\ew_jucdcacm.sys [110592 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_enumerator; C:\WINDOWS\system32\drivers\ew_jubusenum.sys [92672 2014-01-02] (MBB Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\system32\drivers\ew_juextctrl.sys [30720 2014-01-02] (MBB Technologies Co., Ltd.)
S3 hwdatacard; C:\WINDOWS\system32\drivers\ewusbmdm.sys [226176 2014-01-02] (MBB Technologies Co., Ltd.)
R0 iaStorF; C:\WINDOWS\System32\drivers\iaStorF.sys [31712 2015-10-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\System32\DRIVERS\ibtusb.sys [96496 2015-09-10] (Intel Corporation)
S3 mchpemi; C:\WINDOWS\system32\drivers\mchpemi.sys [37728 2015-08-21] (Microchip)
R3 MEIx64; C:\WINDOWS\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-09] (Intel Corporation)
R3 NETwNs64; C:\WINDOWS\System32\DRIVERS\Netwsw02.sys [3422472 2016-01-01] (Intel Corporation)
R3 prepdrvr; C:\WINDOWS\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 qcfilter; C:\WINDOWS\system32\drivers\hpusbfilter.sys [40448 2015-11-19] (HP)
S3 qcusbser; C:\WINDOWS\system32\drivers\hpusbser.sys [238592 2015-11-19] (HP)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (BlackBerry Limited)
R3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [42600 2015-11-18] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [730368 2015-12-14] (Sunplus)
R3 SzCCID; C:\WINDOWS\System32\DRIVERS\SzCCID.sys [51352 2015-06-03] (Generic)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [120640 2016-05-25] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [324408 2015-11-30] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [79168 2016-05-25] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393952 2016-08-22] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66784 2016-08-22] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [102176 2016-04-30] (Trend Micro Inc.)
R3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.)
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ATTENTION
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2578656 2016-08-22] (Trend Micro Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 22:07 - 2017-03-09 22:07 - 07680000 _____ C:\Program Files (x86)\GUTC024.tmp
2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\GUMC013.tmp
2017-03-09 22:06 - 2017-03-09 22:06 - 00032609 _____ C:\Users\zdrahal\Desktop\FRST.txt
2017-03-09 22:05 - 2017-03-09 22:05 - 00000004 ____H C:\ProgramData\cm-lock
2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ___HD C:\WINDOWS\AxInstSV
2017-03-09 21:45 - 2017-03-09 21:45 - 00000000 ____D C:\WINDOWS\SysWOW64\{85330E59-5510-4D4C-A752-ACB5AA752C0C}
2017-03-09 21:23 - 2017-03-09 22:03 - 00013327 _____ C:\Users\zdrahal\Desktop\Fixlog.txt
2017-03-09 12:22 - 2017-03-09 12:22 - 00000000 ____D C:\Users\w9a93e10\AppData\Local\Coldmay
2017-03-09 12:06 - 2017-03-09 12:29 - 00000000 ____D C:\Users\w9a93e10\AppData\Local\Google
2017-03-08 22:13 - 2017-03-09 21:14 - 00000000 ____D C:\Program Files (x86)\reports
2017-03-08 22:13 - 2017-03-09 21:08 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-03-08 22:13 - 2017-03-09 17:51 - 00000273 _____ C:\Users\Public\Documents\temp.dat
2017-03-08 22:07 - 2017-03-08 22:09 - 00000000 ____D C:\AdwCleaner
2017-03-08 22:05 - 2017-03-08 22:05 - 04031440 _____ C:\Users\zdrahal\Downloads\adwcleaner_6.044.exe
2017-03-08 21:46 - 2017-03-09 22:06 - 00000000 ____D C:\FRST
2017-03-08 21:44 - 2017-03-08 21:44 - 00112640 _____ (forum.viry.cz) C:\Users\zdrahal\Desktop\FRSTLauncher.exe
2017-03-08 21:43 - 2017-03-08 21:44 - 02423808 _____ (Farbar) C:\Users\zdrahal\Desktop\FRST64.exe
2017-03-08 21:21 - 2017-03-08 21:21 - 00000000 ____D C:\Program Files (x86)\58C067C0_cacayima
2017-03-08 08:30 - 2017-03-08 08:30 - 00941183 _____ C:\Users\zdrahal\Desktop\Protokoll_Suche.zip
2017-03-08 08:30 - 2017-03-08 08:30 - 00000000 ____D C:\Users\zdrahal\Desktop\Protokoll_Suche
2017-03-07 23:45 - 2017-03-07 23:45 - 00000000 ____D C:\Program Files (x86)\58BF3816_cacayima
2017-03-07 21:55 - 2017-03-07 21:55 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215 (1).pdf
2017-03-07 21:45 - 2017-03-07 21:45 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-07 10:45 - 2017-03-07 10:45 - 07605801 _____ C:\Users\zdrahal\Desktop\SIEMENS S120 Servo overview2 080414.pdf
2017-03-07 10:36 - 2017-03-07 10:36 - 12977206 _____ C:\Users\zdrahal\Desktop\enman_sinamics-v6-4_2015_en.pdf
2017-03-06 23:14 - 2017-03-06 23:17 - 287000681 _____ C:\Users\zdrahal\Downloads\dTest-komplet-2015.rar
2017-03-06 22:10 - 2017-03-08 21:21 - 00002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-08 21:21 - 00002005 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Firefox
2017-03-06 22:10 - 2017-03-06 22:10 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Firefox
2017-03-06 22:08 - 2017-03-09 21:14 - 00044312 _____ C:\Program Files (x86)\metadata
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Coldmay
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\ProgramData\Apple
2017-03-06 22:08 - 2017-03-06 22:08 - 00000000 ____D C:\Program Files (x86)\Coldmay
2017-03-04 22:12 - 2011-04-06 18:21 - 273165554 _____ C:\Users\zdrahal\Desktop\Garage_5_4_2011.avi
2017-03-04 12:24 - 2017-03-04 12:24 - 14876943 _____ C:\Users\zdrahal\Downloads\IBb_HLAVNI_VYKRES.pdf
2017-03-04 12:24 - 2017-03-04 12:24 - 01044234 _____ C:\Users\zdrahal\Downloads\UZEMNI_PLAN_OOP.pdf
2017-03-03 23:29 - 2017-03-03 23:29 - 00000000 ____D C:\Users\zdrahal\Documents\aMule Downloads
2017-03-03 13:07 - 2017-03-03 14:47 - 00000000 ___SD C:\Users\zdrahal\Documents\SharePoint – koncepty
2017-03-03 10:42 - 2017-03-03 10:36 - 30757680 _____ C:\Users\zdrahal\Downloads\simotics-low-voltage-motors-catalog-d81-1-en-2016.zip
2017-03-03 10:30 - 2017-03-03 10:30 - 13982950 _____ C:\Users\zdrahal\Downloads\sinamics-projektierungshandbuch-lv-de.pdf
2017-03-02 23:12 - 2017-03-02 23:14 - 213929163 _____ C:\Users\zdrahal\Downloads\sw_20170127_631_U_5.16_371_gdb_pn_user.zip
2017-03-02 22:32 - 2017-03-02 22:32 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\U3
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-02 20:19 - 2017-03-08 21:21 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-02 20:19 - 2017-03-02 20:19 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Kyubey
2017-03-02 20:16 - 2017-03-02 20:16 - 00000000 ____D C:\WINDOWS\SysWOW64\{C5C16BF2-3257-4498-A5C2-DFDF85D7E259}
2017-03-01 10:17 - 2017-03-01 10:17 - 00000000 ____D C:\WINDOWS\Quest Resource Updating Agent
2017-03-01 07:13 - 2017-03-01 07:13 - 02610081 _____ C:\Users\zdrahal\Downloads\osm-uderu-hodin (1).mobi
2017-02-27 22:31 - 2017-02-27 22:31 - 25971958 _____ C:\Users\zdrahal\Downloads\Visingr---Zbraně-21.-století.pdf
2017-02-26 21:49 - 2017-02-26 21:50 - 106616851 _____ C:\Users\zdrahal\Downloads\S4A.zip
2017-02-26 21:35 - 2017-02-26 21:36 - 27926619 _____ C:\Users\zdrahal\Downloads\Dějiny národního hospodářství.pdf
2017-02-25 23:39 - 2017-02-25 23:39 - 00614385 _____ C:\Users\zdrahal\Desktop\Bezpecnost_Evropy.pdf
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Apowersoft
2017-02-25 22:59 - 2017-02-25 22:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Apowersoft
2017-02-25 22:58 - 2017-02-25 22:58 - 01226104 _____ (Apowersoft Ltd. ) C:\Users\zdrahal\Downloads\apowersoft-online-launcher.exe
2017-02-24 23:31 - 2017-02-24 23:39 - 1134763162 _____ C:\Users\zdrahal\Downloads\Hotel-of-the-Damned-(2016)en.mkv
2017-02-24 14:23 - 2017-02-24 14:23 - 00000000 ____D C:\export
2017-02-23 07:20 - 2017-02-23 07:20 - 00000000 ____D C:\WINDOWS\audit
2017-02-22 22:24 - 2017-02-22 22:28 - 427098090 _____ C:\Users\zdrahal\Downloads\Chéri---Michelle-Pfeiffer,-Rupert-Friend,-Kathy-Bates,-Felicity-Jones-2009-cz-dab.avi
2017-02-22 15:14 - 2017-02-22 15:14 - 00047958 _____ C:\Users\zdrahal\Downloads\Pohyb_13892487911_na_uctu_2000302534.pdf
2017-02-22 09:07 - 2017-02-22 12:57 - 00000000 ____D C:\Users\zdrahal\Desktop\UL_CSA
2017-02-21 12:57 - 2017-02-21 12:57 - 00277532 _____ C:\Users\zdrahal\Downloads\Statement-20170215.pdf
2017-02-20 23:37 - 2017-02-20 23:37 - 36092047 _____ C:\Users\zdrahal\Desktop\Werner Leonhard-Control of Electrical Drives-Springer (2001).pdf
2017-02-20 23:10 - 2017-02-20 23:11 - 16219691 _____ C:\Users\zdrahal\Downloads\Czech.zip
2017-02-20 23:03 - 2017-02-20 23:03 - 00321525 _____ C:\Users\zdrahal\Downloads\024269.pdf
2017-02-19 23:03 - 2017-02-19 23:25 - 00000000 ____D C:\Program Files (x86)\Age of Empires II HD
2017-02-19 22:30 - 2017-02-19 22:33 - 391288316 _____ C:\Users\zdrahal\Downloads\Steel-Panthers-World-At-War.rar
2017-02-18 11:48 - 2017-02-18 11:48 - 00033475 _____ C:\Users\zdrahal\Downloads\F_2834911317.pdf
2017-02-18 01:00 - 2017-02-18 01:11 - 1483778946 _____ C:\Users\zdrahal\Downloads\The.Night.Watchman.2016.DVDRip.XviD.AC3-EVO.avi
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Jujubee S_A_
2017-02-16 23:57 - 2017-02-16 23:57 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-02-16 23:05 - 2017-03-01 21:03 - 00000000 ____D C:\Users\zdrahal\Desktop\Ila
2017-02-16 22:22 - 2017-02-16 22:22 - 00135903 _____ C:\Users\zdrahal\Downloads\vybor_zapis_15_01_20115.pdf
2017-02-16 20:16 - 2017-02-16 20:16 - 00212342 _____ C:\Users\zdrahal\Downloads\Seznam vlastníků bytů.pdf
2017-02-16 14:47 - 2017-02-16 14:47 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-16 14:47 - 2017-02-16 14:47 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 13:13 - 2017-02-15 13:13 - 01035943 _____ C:\Users\zdrahal\Desktop\IEC 60034-14_2017_draft.pdf
2017-02-15 08:07 - 2017-03-08 22:09 - 00001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-15 08:07 - 2017-03-08 22:09 - 00001150 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-15 08:07 - 2017-02-15 08:07 - 00003948 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-15 08:07 - 2017-02-15 08:07 - 00003696 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-12 23:34 - 2017-02-12 23:46 - 705433141 _____ C:\Users\zdrahal\Downloads\Cherry-Tree-CZ-Titulky-Horor,-Irsko,-2015....ID--154291.mkv
2017-02-12 14:31 - 2017-02-12 15:54 - 00000000 ____D C:\Users\zdrahal\Desktop\1MB1 vývody
2017-02-12 13:18 - 2017-03-02 22:21 - 00000000 ____D C:\Users\zdrahal\Desktop\backups
2017-02-12 11:29 - 2017-02-12 11:29 - 00000000 ____D C:\Users\zdrahal\Downloads\backups
2017-02-12 11:09 - 2017-02-12 11:11 - 00000000 ____D C:\Program Files (x86)\Wsuiedfuloing
2017-02-12 10:53 - 2017-02-12 10:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\zdrahal\Downloads\hijackthis.exe
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\rsit
2017-02-12 09:57 - 2017-02-12 09:57 - 00000000 ____D C:\Program Files\trend micro
2017-02-12 09:42 - 2017-02-12 11:10 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Ckafoy
2017-02-12 09:41 - 2017-02-12 09:41 - 00006100 _____ C:\WINDOWS\System32\Tasks\Qerzitainckeriward Launcher
2017-02-12 09:41 - 2017-02-12 09:41 - 00000000 ____D C:\Program Files (x86)\Qerzitainckeriward Launcher
2017-02-11 22:34 - 2017-02-12 10:38 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-11 22:34 - 2017-02-11 23:11 - 00003438 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-02-11 22:34 - 2017-02-11 22:39 - 00000000 ____D C:\Program Files\żěŃą
2017-02-11 22:29 - 2017-02-11 22:29 - 00006056 _____ C:\WINDOWS\System32\Tasks\Sterberph Controls
2017-02-11 22:28 - 2017-02-12 11:57 - 00000000 ____D C:\Program Files (x86)\Pejghtkerrodom
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-11 22:27 - 2017-02-11 22:27 - 00003140 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-11 22:25 - 2017-02-11 22:26 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\cryptolib

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 22:06 - 2016-11-29 18:16 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\Skype
2017-03-09 22:06 - 2015-10-08 21:14 - 00000405 _____ C:\WINDOWS\SMSCFG.INI
2017-03-09 22:05 - 2016-06-01 09:38 - 00000000 __SHD C:\Users\zdrahal\IntelGraphicsProfiles
2017-03-09 22:05 - 2009-07-14 06:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-09 21:23 - 2016-06-01 11:10 - 00000000 ____D C:\Users\zdrahal\Desktop\H
2017-03-09 21:23 - 2009-07-14 04:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-09 21:23 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-03-09 21:22 - 2016-09-22 08:12 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-09 17:10 - 2016-05-13 15:06 - 00011091 _____ C:\WINDOWS\cfgall.ini
2017-03-09 17:02 - 2015-10-08 21:12 - 00008400 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-03-09 13:53 - 2012-08-29 10:23 - 00883936 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-09 13:53 - 2012-08-29 10:23 - 00222930 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-09 13:53 - 2012-08-29 10:13 - 00864066 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-09 13:53 - 2012-08-29 10:13 - 00215712 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-09 13:53 - 2009-07-14 06:13 - 03244726 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-09 13:53 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-09 13:53 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-09 13:53 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\inf
2017-03-09 13:46 - 2016-06-01 09:38 - 00007728 __RSH C:\Users\zdrahal\ntuser.pol
2017-03-09 13:46 - 2016-06-01 09:38 - 00000000 ____D C:\Users\zdrahal
2017-03-09 12:54 - 2016-06-01 09:39 - 00000000 ____D C:\Users\zdrahal\Tracing
2017-03-09 12:48 - 2009-07-14 06:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-03-09 12:43 - 2016-05-16 07:55 - 00000000 __SHD C:\Users\w9a93e10\IntelGraphicsProfiles
2017-03-09 12:43 - 2016-05-16 07:55 - 00000000 ____D C:\Users\w9a93e10\Tracing
2017-03-09 12:12 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-03-09 12:11 - 2016-05-14 00:28 - 00000000 ____D C:\Intel
2017-03-09 12:06 - 2016-05-16 07:55 - 00147776 _____ C:\Users\w9a93e10\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-09 12:06 - 2016-05-16 07:55 - 00007728 __RSH C:\Users\w9a93e10\ntuser.pol
2017-03-09 12:06 - 2016-05-16 07:55 - 00000000 ____D C:\Users\w9a93e10
2017-03-08 23:44 - 2016-06-01 21:41 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\uTorrent
2017-03-08 23:44 - 2016-06-01 20:38 - 00000000 ____D C:\Users\zdrahal\AppData\Roaming\vlc
2017-03-08 22:09 - 2016-06-01 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simocalc
2017-03-08 22:09 - 2016-06-01 09:39 - 00000979 _____ C:\Users\zdrahal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-08 21:20 - 2016-11-17 00:26 - 00000000 ____D C:\Users\zdrahal\AppData\LocalLow\Mozilla
2017-03-08 08:33 - 2016-05-13 15:03 - 00000000 ____D C:\Temp
2017-03-07 11:54 - 2016-10-17 14:59 - 00000000 ____D C:\Users\zdrahal\AppData\Local\ElevatedDiagnostics
2017-03-07 07:50 - 2016-06-01 15:06 - 00000000 ____D C:\Smart
2017-03-06 11:19 - 2016-06-01 20:56 - 00451584 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2017-03-01 12:24 - 2012-08-28 15:14 - 00158296 __RSH C:\ProgramData\ntuser.pol
2017-02-24 09:53 - 2017-01-02 20:55 - 00000000 ____D C:\Users\zdrahal\Desktop\clo
2017-02-23 13:09 - 2016-06-01 11:10 - 00000000 ____D C:\Users\zdrahal\Desktop\VYKAZOVÁNÍ
2017-02-19 23:33 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-15 20:10 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-15 08:07 - 2016-09-05 07:06 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-12 22:34 - 2016-06-01 12:28 - 00000000 ____D C:\2_VECI
2017-02-12 13:18 - 2016-05-16 09:27 - 00000000 ____D C:\Program Files (x86)\CRService
2017-02-12 10:50 - 2016-10-21 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 10:05 - 2016-09-05 19:46 - 00000000 ____D C:\Users\zdrahal\AppData\Local\Google
2017-02-11 22:33 - 2015-10-08 11:15 - 03276772 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2017-03-09 22:07 - 2017-03-09 22:07 - 7680000 _____ () C:\Program Files (x86)\GUTC024.tmp
2017-03-06 22:08 - 2017-03-09 21:14 - 0044312 _____ () C:\Program Files (x86)\metadata
2017-03-08 22:13 - 2017-03-09 21:08 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2016-06-01 22:15 - 2016-06-01 22:15 - 0000001 _____ () C:\Users\zdrahal\AppData\Local\llftool.4.40.agreement
2016-06-01 22:18 - 2016-06-01 22:18 - 0000019 _____ () C:\Users\zdrahal\AppData\Local\llftool.license
2017-03-09 22:05 - 2017-03-09 22:05 - 0000004 ____H () C:\ProgramData\cm-lock

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================

SIZER for Siemens Drives (HKLM-x32\...\{53FDD695-AE45-42A8-994D-EA9B714C4761}) (Version: 3.15 - Siemens AG)
SIZER for Siemens Drives Product Database (x32 Version: 1.1 - Siemens AG) Hidden

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\zdrahal\Desktop" je 1459 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Smazáno. Nastala nějaká změna?

Dobrý den, situace se zlepšila. Děkuji. Akorát při spouštění prohlížeče Google Chrome automaticky najíždí domovská stránka http://www.youndoo.com nebo
http://www.luckystarting.com , ač mám nastavenou domovskou stránku google.com.

OK. Ještě vyčistíme prohlížeče. Udělejte následující skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.