VIRY.CZ

Jde o PC mého tatínka, které se chová občas podivně. např. při kliknutí na nějaký exe souborse objeví hláška v TMC chyba při vykonávání programu.

Zasílám log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Honza (administrator) on HONZA-PC (06-04-2017 14:12:25)
Running from C:\Users\Honza\Desktop
Loaded Profiles: Honza (Available Profiles: Honza)
Platform: Windows Vista (TM) Ultimate (X64) Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Space Sciences Laboratory) C:\Program Files (x86)\BOINC\boinctray.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Space Sciences Laboratory) C:\Program Files (x86)\BOINC\boincmgr.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Space Sciences Laboratory) C:\Program Files (x86)\BOINC\boinc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\ProgramData\BOINC\projects\wuprop.boinc-af.org\data_collect_v4_4.20_windows_x86_64__nci.exe
() C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
() C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(forum.viry.cz) C:\Users\Honza\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [boinctray] => C:\Program Files (x86)\BOINC\boinctray.exe [69928 2016-06-05] (Space Sciences Laboratory)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\Run: [OEXPRESS] => [X]
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\Run: [boincmgr] => C:\Program Files (x86)\BOINC\boincmgr.exe [8738088 2016-06-05] (Space Sciences Laboratory)
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [1224896 2016-10-02] (Adobe Systems Incorporated)
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\MountPoints2: {48ee1349-e2a6-11df-8fda-002215d8f7f4} - H:\VW100_Modem_Installation.exe
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\MountPoints2: {6f073e1d-21cc-11e3-afef-002215d8f7f4} - "G:\Start PC.exe"
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\MountPoints2: {85c070d9-d06e-11dd-ab26-002215d8f7f4} - F:\Setup.exe
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\MountPoints2: {c1993316-2583-11e0-804f-002215d8f7f4} - G:\setup.exe
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [50176 2006-11-02] (SpoleÄŤnost Microsoft)
Winsock: Catalog5-x64 04 C:\Windows\system32\napinsp.dll [61952 2006-11-02] (SpoleÄŤnost Microsoft)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8E9A70CB-EAFB-44FA-874F-CB49EA9BEAD2}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-ww
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN1 ... psv=&pt=tb
URLSearchHook: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> Default = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
URLSearchHook: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 - QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
URLSearchHook: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 - (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {1645A33F-0A96-4315-904E-29E188E7720E} URL = hxxp://startsear.ch/?q={searchTerms}
SearchScopes: HKLM-x32 -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> DefaultScope {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=A ... psv=&pt=tb
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> {2AEAA33B-9F6E-4E96-9D50-BC9D3E876EAE} URL = hxxp://www.google.cz/search?q={searchTerms}&rl ... {startPage}
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = hxxp://search.kikin.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: No Name -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-06] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-06] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2009-02-25] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> No Name - {6AA40521-14E7-4B1D-B1B4-98528C1388C9} - No File
Toolbar: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> No Name - {110C8480-EE32-4F39-9102-CA8502DE249E} - No File
Toolbar: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F680B28A-3AEE-4C88-93ED-45AE9215C128} hxxp://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-07-22] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-02-25] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-02-25] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-02-25] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-02-25] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-25] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Honza\AppData\Roaming\IDM\idmmzcc3 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-06] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2584406236-4270214980-3992510863-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Honza\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)

Chrome:
=======
CHR HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Honza\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKLM-x32\...\Chrome\Extension: [ehkipmcipcejliebomgjmfchgplnbmfm] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Honza\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2836296 2016-12-14] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [368744 2006-11-02] (Microsoft Corporation)
S2 IBService; C:\Program Files (x86)\Invisible Browsing\servers\IBService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 adusbser; C:\Windows\System32\DRIVERS\adusbser.sys [140160 2006-12-20] (QUALCOMM Incorporated) [File not signed]
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1061888 2007-08-17] (Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2008-12-21] ()
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-04-11] (Devguru Co., Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-03-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [67768 2017-01-17] (ESET)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [254056 2006-11-02] (SpoleÄŤnost Microsoft)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2008-12-21] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
R1 NCPro; C:\Windows\system32\drivers\MTictwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1483368 2006-11-02] (SpoleÄŤnost Microsoft)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2008-12-20] () [File not signed]
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 TVICHW64; C:\Windows\SysWOW64\Drivers\TVICHW64.SYS [13824 2005-10-09] (EnTech Taiwan) [File not signed]
U3 akd74kou; C:\Windows\System32\Drivers\akd74kou.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 ASNDIS4; \??\C:\Windows\system32\ASNDIS4.SYS [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S2 cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [X]
S3 Inspect; system32\DRIVERS\inspect.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Point64; system32\DRIVERS\point64k.sys [X]
S3 TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [X]
S3 ZDPSp60a64; System32\Drivers\ZDPSp60a64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-06 14:12 - 2017-04-06 14:12 - 00018063 _____ C:\Users\Honza\Desktop\FRST.txt
2017-04-06 14:12 - 2017-04-06 14:12 - 00000000 ____D C:\FRST
2017-04-06 14:11 - 2017-04-06 14:11 - 02424832 _____ (Farbar) C:\Users\Honza\Desktop\FRST64.exe
2017-04-06 14:11 - 2017-04-06 14:11 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Desktop\FRSTLauncher.exe
2017-04-06 13:56 - 2017-04-06 13:56 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Sun
2017-04-06 13:48 - 2017-04-06 13:48 - 18447464 _____ (Microsoft Corporation) C:\Users\Honza\Downloads\MediaCreationTool.exe
2017-04-06 13:43 - 2017-04-06 13:45 - 00000646 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník při upgradu na Windows 10.lnk
2017-04-06 13:43 - 2017-04-06 13:45 - 00000634 _____ C:\Users\Honza\Desktop\Pomocník při upgradu na Windows 10.lnk
2017-04-06 13:43 - 2017-04-06 13:43 - 00000000 ____D C:\Windows10Upgrade
2017-04-06 13:42 - 2017-04-06 13:43 - 06581904 _____ (Microsoft Corporation) C:\Users\Honza\Downloads\Windows10Upgrade24074.exe
2017-04-06 13:38 - 2017-04-06 13:38 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\Honza\Downloads\flashplayer25ppau_ha_install.exe
2017-04-06 12:59 - 2017-04-06 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-04-06 12:59 - 2017-04-06 12:59 - 00000000 ____D C:\ProgramData\ESET
2017-04-06 12:59 - 2017-04-06 12:59 - 00000000 ____D C:\Program Files\ESET
2017-04-06 12:58 - 2017-04-06 12:58 - 37687944 _____ (Opera Software) C:\Users\Honza\Downloads\Opera_36.0.2130.65_Setup (2).exe
2017-04-06 12:55 - 2017-04-06 12:56 - 37687944 _____ (Opera Software) C:\Users\Honza\Downloads\Opera_36.0.2130.65_Setup (1).exe
2017-04-06 12:49 - 2017-04-06 12:49 - 00000882 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-04-06 12:49 - 2017-04-06 12:49 - 00000870 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-04-06 12:45 - 2017-04-06 12:45 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOINC
2017-04-06 12:37 - 2017-04-06 12:38 - 37687944 _____ (Opera Software) C:\Users\Honza\Downloads\Opera_36.0.2130.65_Setup.exe
2017-04-06 10:54 - 2017-04-06 10:54 - 00000000 ____D C:\Users\Honza\AppData\Roaming\uTorrent
2017-04-03 13:18 - 2017-04-03 13:19 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Seznam Browser(50)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-27 12:22 - 2015-06-27 12:23 - 01995120 _____ C:\Users\Honza\Desktop\SV400227.JPG
2019-06-27 12:22 - 2015-06-27 12:23 - 01956423 _____ C:\Users\Honza\Desktop\SV400226.JPG
2017-04-06 13:59 - 2016-08-16 20:29 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Seznam Browser
2017-04-06 13:59 - 2015-08-17 14:34 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-04-06 13:59 - 2013-10-19 11:26 - 00000000 ____D C:\ProgramData\Oracle
2017-04-06 13:59 - 2002-01-01 04:34 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-06 13:56 - 2014-08-16 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-06 13:56 - 2013-06-23 18:54 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-06 13:55 - 2014-08-16 12:39 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-06 13:51 - 2012-12-18 07:00 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-04-06 13:45 - 2002-01-01 03:36 - 00125736 _____ C:\Users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-06 13:41 - 2007-01-09 00:18 - 00519898 _____ C:\Windows\system32\perfh005.dat
2017-04-06 13:41 - 2007-01-09 00:18 - 00103186 _____ C:\Windows\system32\perfc005.dat
2017-04-06 13:41 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\inf
2017-04-06 13:41 - 2006-11-02 14:46 - 01397340 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-06 13:38 - 2010-12-19 22:48 - 00000000 ____D C:\ProgramData\BOINC
2017-04-06 13:36 - 2013-06-08 21:02 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-04-06 13:36 - 2006-11-02 17:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-06 13:36 - 2006-11-02 17:21 - 00452944 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-06 13:36 - 2006-11-02 17:21 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-06 13:36 - 2006-11-02 17:21 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-06 13:29 - 2008-12-19 19:35 - 00002196 _____ C:\Windows\diagerr.xml
2017-04-06 13:29 - 2008-12-19 19:35 - 00001908 _____ C:\Windows\diagwrn.xml
2017-04-06 13:29 - 2006-11-02 17:40 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-06 13:06 - 2014-11-07 16:47 - 00000000 ____D C:\Users\Honza\AppData\Roaming\MPC-HC
2017-04-06 12:53 - 2013-11-18 10:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-04-06 12:45 - 2012-04-09 18:58 - 00000000 ____D C:\Program Files (x86)\BOINC
2017-04-06 12:43 - 2016-02-27 15:14 - 00000856 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-06 12:41 - 2008-12-19 20:04 - 00000000 ____D C:\Windows\Downloaded Installations
2017-04-06 12:36 - 2009-07-17 20:00 - 00000000 ____D C:\Users\Honza\AppData\Local\Adobe
2017-04-06 12:35 - 2008-12-30 21:07 - 00080896 _____ C:\Users\Honza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-06 11:33 - 2006-11-02 14:33 - 82313216 _____ C:\Windows\system32\config\software_previous
2017-04-06 11:33 - 2006-11-02 14:33 - 19853312 _____ C:\Windows\system32\config\components_previous
2017-04-06 11:33 - 2006-11-02 14:33 - 18612224 _____ C:\Windows\system32\config\system_previous
2017-04-06 11:33 - 2006-11-02 14:33 - 04718592 _____ C:\Windows\system32\config\default_previous
2017-04-06 11:33 - 2006-11-02 14:33 - 00065536 _____ C:\Windows\system32\config\sam_previous
2017-04-06 11:33 - 2006-11-02 14:33 - 00024576 _____ C:\Windows\system32\config\security_previous
2017-04-06 11:33 - 2002-01-01 03:35 - 00000000 ____D C:\Users\Honza
2017-04-06 11:32 - 2013-10-19 16:17 - 00000000 ____D C:\Users\Honza\fotky
2017-04-06 11:32 - 2012-11-21 23:08 - 00000000 ____D C:\Users\Honza\AppData\Roaming\vlc
2017-04-06 11:32 - 2009-01-03 21:13 - 00000000 ____D C:\Users\Honza\AppData\Roaming\dvdcss
2017-04-06 11:32 - 2008-12-20 10:26 - 00000000 ____D C:\Program Files (x86)\1by1
2017-04-06 11:32 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\spool
2017-04-06 11:32 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\registration
2017-03-31 21:00 - 2016-12-24 13:17 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Seznam Browser-11d07c34-5179-4d98-a93a-12c4fea71ac4

==================== Files in the root of some directories =======

2010-02-11 21:20 - 2010-02-11 07:31 - 0070230 _____ () C:\Program Files\bookmarks.adr
2013-09-23 16:29 - 2013-09-23 16:36 - 18691293 _____ () C:\Program Files\Total-Commander-POWERPACK-v7.0.exe
2009-03-09 12:11 - 2009-03-09 12:11 - 0118764 _____ () C:\Program Files (x86)\1by1_166.exe
2013-09-19 18:16 - 2013-09-19 18:39 - 64625138 _____ () C:\Program Files (x86)\CorelDRAW-Graphics-Suite-X6-CZ.rar
2013-09-19 18:18 - 2013-09-19 18:34 - 521390821 _____ () C:\Program Files (x86)\CorelDRAW-Graphics-Suite_X6_CZ_64Bit.rar
2009-01-02 15:11 - 2009-01-02 15:11 - 1099371 _____ () C:\Program Files (x86)\Katalog filmďż˝.rar
2009-01-21 16:27 - 2013-09-14 20:50 - 0000189 _____ () C:\Users\Honza\AppData\Roaming\default.rss
2012-07-06 14:49 - 2012-07-11 19:03 - 0042955 _____ () C:\Users\Honza\AppData\Roaming\kiko
2009-02-25 00:54 - 2009-02-25 00:54 - 1172472 _____ (Microsoft Corporation) C:\Users\Honza\AppData\Roaming\sh.exe
2011-02-12 14:57 - 2011-02-12 14:57 - 0000680 _____ () C:\Users\Honza\AppData\Local\d3d9caps.dat
2008-12-30 21:07 - 2017-04-06 12:35 - 0080896 _____ () C:\Users\Honza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-11 14:27 - 2012-08-11 14:27 - 0027520 _____ () C:\Users\Honza\AppData\Local\dt.dat
2012-11-15 07:34 - 2012-11-15 07:34 - 0000003 _____ () C:\Users\Honza\AppData\Local\updater.log
2013-09-26 19:29 - 2013-09-26 19:29 - 0756736 _____ () C:\Users\Honza\AppData\Local\vp_toolbar_ie.dll
2015-09-06 15:02 - 2015-09-06 15:03 - 0000000 _____ () C:\Users\Honza\AppData\Local\{284FAAF5-4031-4107-83D2-41384B1AE6C8}
2014-12-01 16:50 - 2014-12-01 16:51 - 0000000 _____ () C:\Users\Honza\AppData\Local\{748B571A-AA1E-4552-B173-EE8237D7871C}
2010-12-18 15:13 - 2010-12-18 15:13 - 0000043 ___SH () C:\ProgramData\.zreglib
2009-07-13 10:10 - 2012-05-10 19:07 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2008-12-20 11:56 - 2008-07-05 01:07 - 0000185 _____ () C:\ProgramData\licence.key

Some files in TEMP:
====================
2017-04-06 13:53 - 2017-04-06 13:53 - 0739904 _____ (Oracle Corporation) C:\Users\Honza\AppData\Local\Temp\jre-8u121-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{00E312A0-8E79-47D4-8299-8E3F1DC28057}.exe <==== ATTENTION
Task: C:\Windows\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2584406236-4270214980-3992510863-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:2398E95B [280]
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [102]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [125]

==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Honza\Desktop" je 4050 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr
"C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray
"C:\Program Files (x86)\BOINC\boinctray.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent
"C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe
C:\Windows\ehome\ehTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe -update plugin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
"C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
C:\Windows\system32\hkcmd.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
C:\Windows\system32\igfxtray.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nektra OEAPI
C:\Windows\system32\igfxpers.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl
"C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel
Režim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
Režim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG
Režim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NCProTray.lnk
C:\PROGRA~2\SEC\NATURA~1\NCPROT~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Honza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iRadio.lnk
C:\Users\Honza\AppData\Roaming\IRADIO~1\IRADIO~1.EXE -startup [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe"="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe:*:Enabled:Windows Messanger"
"C:\\Users\\Honza\\AppData\\Roaming\\sh.exe"="C:\\Users\\Honza\\AppData\\Roaming\\sh.exe:*:Enabled:Windows Messanger"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

ahoj,
1. vycisti PC s ADWCleanerom
2. doinstaluj aspon servicePack1 pre Vistu

Zdravím,
právě proto, že je PC a WIN už docela staršího data, rozhodl jsem se, že rodičům doinstaluju desítky, tudíž už bych nechtěl dávat SP1 na Visty. Přes výhodný-software jsem koupil OS, stáhnul. Media Creation Tool a jaké ale bylo moje překvapení, když mi systém oznámil toto:




Ono to asi tak jednoduché nebude, že???


zasílám log:

# AdwCleaner v6.045 - Log vytvořen 06/04/2017 v 17:38:08
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-04-04.2 [Místní]
# Operační systém : Windows (TM) Vista Ultimate (X64)
# Uživatelské jméno : Honza - HONZA-PC
# Spuštěno z : C:\Users\Honza\Downloads\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[#] Složka smazána po restartu: C:\Users\Honza\AppData\Local\DriverTuner
[#] Složka smazána po restartu: C:\Users\Honza\AppData\Local\eSupport.com
[#] Složka smazána po restartu: C:\Users\Honza\AppData\LocalLow\Conduit
[#] Složka smazána po restartu: C:\Users\Honza\AppData\LocalLow\facemoods.com
[#] Složka smazána po restartu: C:\Users\Honza\AppData\LocalLow\PriceGong
[#] Složka smazána po restartu: C:\Users\Honza\AppData\Roaming\dvdvideosoftiehelpers
[#] Složka smazána po restartu: C:\Users\Honza\AppData\Roaming\iWin
[#] Složka smazána po restartu: C:\Users\Honza\AppData\Roaming\Systweak
[#] Složka smazána po restartu: C:\ProgramData\apn
[#] Složka smazána po restartu: C:\ProgramData\Tarma Installer
[#] Složka smazána po restartu: C:\ProgramData\Winferno
[#] Složka smazána po restartu: C:\ProgramData\Application Data\apn
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Tarma Installer
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Winferno
[#] Složka smazána po restartu: C:\Users\Public\Documents\iWin
[#] Složka smazána po restartu: C:\Program Files (x86)\HDvidCodec.com
[#] Složka smazána po restartu: C:\Program Files (x86)\LSHunter.TV
[#] Složka smazána po restartu: C:\Program Files (x86)\WinZip Registry Optimizer
[#] Složka smazána po restartu: C:\Program Files (x86)\hdvidcodec.com
[#] Složka smazána po restartu: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search


***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
[-] Soubor smazán: C:\Windows\SysNative\roboot64.exe
[-] Soubor smazán: C:\Windows\SysWOW64\drivers\DRVAGENT64.SYS
[-] Soubor smazán: C:\prefs.js


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Registry Optimizer_DEFAULT


***** [ Registry ] *****

[-] Klíč smazán: HKCU\Software\5feddd8bc6fe545
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Classes\acestream
[#] Klíč smazán po restartu: HKCU\Software\Classes\acestream
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Prod.cap
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\acestream
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95289393-33EA-4F8D-B952-483415B9C955}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5350-4500-76A7-7A786E7484D7}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95289393-33EA-4F8D-B952-483415B9C955}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5350-4500-76A7-7A786E7484D7}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{95289393-33EA-4F8D-B952-483415B9C955}]
[-] Klíč smazán: HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Klíč smazán: HKU\.DEFAULT\Software\AVG Secure Search
[-] Klíč smazán: HKU\.DEFAULT\Software\Auslogics
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\1ClickDownload
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\APN PIP
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\DriverTuner
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\DriverTuner_Init
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\IGearSettings
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Softonic
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\UpToDown
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\wscontb
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\YahooPartnerToolbar
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\systweak
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Auslogics
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\AppDataLow\Software\PriceGong
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PPStream
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare.tv plugin
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\SweetIM
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\AskPartnerNetwork
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\AVG Secure Search
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\Auslogics
[#] Klíč smazán po restartu: HKCU\Software\1ClickDownload
[#] Klíč smazán po restartu: HKCU\Software\APN PIP
[#] Klíč smazán po restartu: HKCU\Software\DriverTuner
[#] Klíč smazán po restartu: HKCU\Software\DriverTuner_Init
[#] Klíč smazán po restartu: HKCU\Software\IGearSettings
[#] Klíč smazán po restartu: HKCU\Software\Softonic
[#] Klíč smazán po restartu: HKCU\Software\UpToDown
[#] Klíč smazán po restartu: HKCU\Software\wscontb
[#] Klíč smazán po restartu: HKCU\Software\YahooPartnerToolbar
[#] Klíč smazán po restartu: HKCU\Software\systweak
[#] Klíč smazán po restartu: HKCU\Software\Auslogics
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\PriceGong
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\PIP
[-] Klíč smazán: HKLM\SOFTWARE\Uniblue
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Uniblue\DriverScanner
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PPStream
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare.tv plugin
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\SweetIM
[#] Klíč smazán po restartu: [x64] HKCU\Software\1ClickDownload
[#] Klíč smazán po restartu: [x64] HKCU\Software\APN PIP
[#] Klíč smazán po restartu: [x64] HKCU\Software\DriverTuner
[#] Klíč smazán po restartu: [x64] HKCU\Software\DriverTuner_Init
[#] Klíč smazán po restartu: [x64] HKCU\Software\IGearSettings
[#] Klíč smazán po restartu: [x64] HKCU\Software\Softonic
[#] Klíč smazán po restartu: [x64] HKCU\Software\UpToDown
[#] Klíč smazán po restartu: [x64] HKCU\Software\wscontb
[#] Klíč smazán po restartu: [x64] HKCU\Software\YahooPartnerToolbar
[#] Klíč smazán po restartu: [x64] HKCU\Software\systweak
[#] Klíč smazán po restartu: [x64] HKCU\Software\Auslogics
[#] Klíč smazán po restartu: [x64] HKCU\Software\AppDataLow\Software\PriceGong
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Tarma Installer
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PPStream
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare.tv plugin
[-] Data obnovena: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
[-] Klíč smazán: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1645A33F-0A96-4315-904E-29E188E7720E}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
[-] Klíč smazán: HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
[#] Klíč smazán po restartu: [x64] HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [16238 Bajty] - [06/04/2017 17:38:08]
C:\AdwCleaner\AdwCleaner[S0].txt - [15534 Bajty] - [06/04/2017 17:35:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [16386 Bajty] ##########

No tak to sa budes musiet rozhodnut ci pokracujeme, alebo tam hodis novu instalaciu?
Ak pokracujeme, vloz log po cisteni, zajtra to dokoncime

mým původním záměrem bylo a je dostat do PC WIN 10, když to normálním způsobem nešlo, začal jsem řešit důvody, proč to nejde...

také jsem myslel, že win "oblbnu", když si stáhnu instalační balík přes tuto stránku:
https://www.microsoft.com/cs-cz/accessi ... s10upgrade
ale pro změnu mi to zase zahlásilo tuto chybu že "není platná aplikace typu Win32.

V tuto chvíli tedy spíš potřebuju dostat na PC legální nové WIN. Potíž ale je, že jsem již mimo něj a vše dělám skrz TeamViewera s mým již trošku starším tatínkem...

Zasílám log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Honza (administrator) on HONZA-PC (06-04-2017 18:10:26)
Running from C:\Users\Honza\Desktop
Loaded Profiles: Honza (Available Profiles: Honza)
Platform: Windows Vista (TM) Ultimate (X64) Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Space Sciences Laboratory) C:\Program Files (x86)\BOINC\boinctray.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Space Sciences Laboratory) C:\Program Files (x86)\BOINC\boincmgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Space Sciences Laboratory) C:\Program Files (x86)\BOINC\boinc.exe
() C:\ProgramData\BOINC\projects\wuprop.boinc-af.org\data_collect_v4_4.20_windows_x86_64__nci.exe
() C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
() C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [boinctray] => C:\Program Files (x86)\BOINC\boinctray.exe [69928 2016-06-05] (Space Sciences Laboratory)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\Run: [OEXPRESS] => [X]
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\Run: [boincmgr] => C:\Program Files (x86)\BOINC\boincmgr.exe [8738088 2016-06-05] (Space Sciences Laboratory)
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\MountPoints2: {48ee1349-e2a6-11df-8fda-002215d8f7f4} - H:\VW100_Modem_Installation.exe
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\MountPoints2: {6f073e1d-21cc-11e3-afef-002215d8f7f4} - "G:\Start PC.exe"
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\MountPoints2: {85c070d9-d06e-11dd-ab26-002215d8f7f4} - F:\Setup.exe
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\MountPoints2: {c1993316-2583-11e0-804f-002215d8f7f4} - G:\setup.exe
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [50176 2006-11-02] (Společnost Microsoft)
Winsock: Catalog5-x64 04 C:\Windows\system32\napinsp.dll [61952 2006-11-02] (Společnost Microsoft)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8E9A70CB-EAFB-44FA-874F-CB49EA9BEAD2}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-ww
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> Default = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> DefaultScope {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> {2AEAA33B-9F6E-4E96-9D50-BC9D3E876EAE} URL = hxxp://www.google.cz/search?q={searchTerms}&rl ... {startPage}
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = hxxp://search.kikin.com/search/?q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: No Name -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-06] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-06] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2009-02-25] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> No Name - {6AA40521-14E7-4B1D-B1B4-98528C1388C9} - No File
Toolbar: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> No Name - {110C8480-EE32-4F39-9102-CA8502DE249E} - No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F680B28A-3AEE-4C88-93ED-45AE9215C128} hxxp://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-07-22] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-02-25] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-02-25] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-02-25] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-02-25] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-25] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Honza\AppData\Roaming\IDM\idmmzcc3 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-06] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2584406236-4270214980-3992510863-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Honza\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ehkipmcipcejliebomgjmfchgplnbmfm] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2836296 2016-12-14] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [368744 2006-11-02] (Microsoft Corporation)
S2 IBService; C:\Program Files (x86)\Invisible Browsing\servers\IBService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 adusbser; C:\Windows\System32\DRIVERS\adusbser.sys [140160 2006-12-20] (QUALCOMM Incorporated) [File not signed]
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1061888 2007-08-17] (Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2008-12-21] ()
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-04-11] (Devguru Co., Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-03-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [67768 2017-01-17] (ESET)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [254056 2006-11-02] (Společnost Microsoft)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2008-12-21] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
R1 NCPro; C:\Windows\system32\drivers\MTictwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1483368 2006-11-02] (Společnost Microsoft)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2008-12-20] () [File not signed]
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 TVICHW64; C:\Windows\SysWOW64\Drivers\TVICHW64.SYS [13824 2005-10-09] (EnTech Taiwan) [File not signed]
U3 aldzcvvb; C:\Windows\System32\Drivers\aldzcvvb.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 ASNDIS4; \??\C:\Windows\system32\ASNDIS4.SYS [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S2 cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [X]
S3 Inspect; system32\DRIVERS\inspect.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Point64; system32\DRIVERS\point64k.sys [X]
S3 TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [X]
S3 ZDPSp60a64; System32\Drivers\ZDPSp60a64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-06 17:31 - 2017-04-06 17:38 - 00000000 ____D C:\AdwCleaner
2017-04-06 17:30 - 2017-04-06 17:30 - 04089296 _____ C:\Users\Honza\Downloads\adwcleaner_6.045.exe
2017-04-06 16:40 - 2017-04-06 16:40 - 00001983 _____ C:\Users\Honza\Downloads\smime.p7s
2017-04-06 16:40 - 2017-04-06 16:40 - 00001983 _____ C:\Users\Honza\Downloads\smime (1).p7s
2017-04-06 14:13 - 2017-04-06 14:14 - 00030336 _____ C:\Users\Honza\Desktop\Addition.txt
2017-04-06 14:12 - 2017-04-06 18:10 - 00015507 _____ C:\Users\Honza\Desktop\FRST.txt
2017-04-06 14:12 - 2017-04-06 14:12 - 00015327 _____ C:\Users\Honza\Desktop\LM.bat
2017-04-06 14:12 - 2017-04-06 14:12 - 00000000 ____D C:\FRST
2017-04-06 14:11 - 2017-04-06 14:11 - 02424832 _____ (Farbar) C:\Users\Honza\Desktop\FRST64.exe
2017-04-06 14:11 - 2017-04-06 14:11 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Desktop\FRSTLauncher.exe
2017-04-06 13:56 - 2017-04-06 13:56 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Sun
2017-04-06 13:48 - 2017-04-06 13:48 - 18447464 _____ (Microsoft Corporation) C:\Users\Honza\Downloads\MediaCreationTool.exe
2017-04-06 13:43 - 2017-04-06 17:54 - 00000646 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník při upgradu na Windows 10.lnk
2017-04-06 13:43 - 2017-04-06 17:54 - 00000634 _____ C:\Users\Honza\Desktop\Pomocník při upgradu na Windows 10.lnk
2017-04-06 13:43 - 2017-04-06 13:43 - 00000000 ____D C:\Windows10Upgrade
2017-04-06 13:42 - 2017-04-06 13:43 - 06581904 _____ (Microsoft Corporation) C:\Users\Honza\Downloads\Windows10Upgrade24074.exe
2017-04-06 13:38 - 2017-04-06 13:38 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\Honza\Downloads\flashplayer25ppau_ha_install.exe
2017-04-06 12:59 - 2017-04-06 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-04-06 12:59 - 2017-04-06 12:59 - 00000000 ____D C:\ProgramData\ESET
2017-04-06 12:59 - 2017-04-06 12:59 - 00000000 ____D C:\Program Files\ESET
2017-04-06 12:58 - 2017-04-06 12:58 - 37687944 _____ (Opera Software) C:\Users\Honza\Downloads\Opera_36.0.2130.65_Setup (2).exe
2017-04-06 12:55 - 2017-04-06 12:56 - 37687944 _____ (Opera Software) C:\Users\Honza\Downloads\Opera_36.0.2130.65_Setup (1).exe
2017-04-06 12:49 - 2017-04-06 12:49 - 00000882 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-04-06 12:49 - 2017-04-06 12:49 - 00000870 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-04-06 12:45 - 2017-04-06 12:45 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOINC
2017-04-06 12:37 - 2017-04-06 12:38 - 37687944 _____ (Opera Software) C:\Users\Honza\Downloads\Opera_36.0.2130.65_Setup.exe
2017-04-06 10:54 - 2017-04-06 10:54 - 00000000 ____D C:\Users\Honza\AppData\Roaming\uTorrent
2017-04-03 13:18 - 2017-04-03 13:19 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Seznam Browser(50)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-27 12:22 - 2015-06-27 12:23 - 01995120 _____ C:\Users\Honza\Desktop\SV400227.JPG
2019-06-27 12:22 - 2015-06-27 12:23 - 01956423 _____ C:\Users\Honza\Desktop\SV400226.JPG
2017-04-06 17:59 - 2002-01-01 04:34 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-06 17:45 - 2007-01-09 00:18 - 00519898 _____ C:\Windows\system32\perfh005.dat
2017-04-06 17:45 - 2007-01-09 00:18 - 00103186 _____ C:\Windows\system32\perfc005.dat
2017-04-06 17:45 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\inf
2017-04-06 17:45 - 2006-11-02 14:46 - 01397340 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-06 17:43 - 2010-12-19 22:48 - 00000000 ____D C:\ProgramData\BOINC
2017-04-06 17:41 - 2013-06-08 21:02 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-04-06 17:41 - 2006-11-02 17:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-06 17:41 - 2006-11-02 17:21 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-06 17:41 - 2006-11-02 17:21 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-06 17:40 - 2013-11-18 10:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-04-06 17:40 - 2006-11-02 17:40 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-06 17:30 - 2008-12-19 19:35 - 00002196 _____ C:\Windows\diagerr.xml
2017-04-06 17:30 - 2008-12-19 19:35 - 00001908 _____ C:\Windows\diagwrn.xml
2017-04-06 14:51 - 2016-07-13 12:51 - 20119128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-04-06 14:24 - 2009-07-17 20:00 - 00000000 ____D C:\Users\Honza\AppData\Local\Adobe
2017-04-06 14:18 - 2015-08-17 14:34 - 00004518 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-06 14:18 - 2012-12-18 07:00 - 00004398 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-06 14:18 - 2012-04-02 17:29 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-06 14:18 - 2011-05-14 07:59 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-06 13:59 - 2016-08-16 20:29 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Seznam Browser
2017-04-06 13:59 - 2013-10-19 11:26 - 00000000 ____D C:\ProgramData\Oracle
2017-04-06 13:56 - 2014-08-16 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-06 13:56 - 2013-06-23 18:54 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-06 13:55 - 2014-08-16 12:39 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-06 13:45 - 2002-01-01 03:36 - 00125736 _____ C:\Users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-06 13:36 - 2006-11-02 17:21 - 00452944 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-06 13:06 - 2014-11-07 16:47 - 00000000 ____D C:\Users\Honza\AppData\Roaming\MPC-HC
2017-04-06 12:45 - 2012-04-09 18:58 - 00000000 ____D C:\Program Files (x86)\BOINC
2017-04-06 12:43 - 2016-02-27 15:14 - 00000856 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-06 12:41 - 2008-12-19 20:04 - 00000000 ____D C:\Windows\Downloaded Installations
2017-04-06 12:35 - 2008-12-30 21:07 - 00080896 _____ C:\Users\Honza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-06 11:33 - 2006-11-02 14:33 - 82313216 _____ C:\Windows\system32\config\software_previous
2017-04-06 11:33 - 2006-11-02 14:33 - 19853312 _____ C:\Windows\system32\config\components_previous
2017-04-06 11:33 - 2006-11-02 14:33 - 18612224 _____ C:\Windows\system32\config\system_previous
2017-04-06 11:33 - 2006-11-02 14:33 - 04718592 _____ C:\Windows\system32\config\default_previous
2017-04-06 11:33 - 2006-11-02 14:33 - 00065536 _____ C:\Windows\system32\config\sam_previous
2017-04-06 11:33 - 2006-11-02 14:33 - 00024576 _____ C:\Windows\system32\config\security_previous
2017-04-06 11:33 - 2002-01-01 03:35 - 00000000 ____D C:\Users\Honza
2017-04-06 11:32 - 2013-10-19 16:17 - 00000000 ____D C:\Users\Honza\fotky
2017-04-06 11:32 - 2012-11-21 23:08 - 00000000 ____D C:\Users\Honza\AppData\Roaming\vlc
2017-04-06 11:32 - 2009-01-03 21:13 - 00000000 ____D C:\Users\Honza\AppData\Roaming\dvdcss
2017-04-06 11:32 - 2008-12-20 10:26 - 00000000 ____D C:\Program Files (x86)\1by1
2017-04-06 11:32 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\spool
2017-04-06 11:32 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\registration
2017-03-31 21:00 - 2016-12-24 13:17 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Seznam Browser-11d07c34-5179-4d98-a93a-12c4fea71ac4

==================== Files in the root of some directories =======

2010-02-11 21:20 - 2010-02-11 07:31 - 0070230 _____ () C:\Program Files\bookmarks.adr
2013-09-23 16:29 - 2013-09-23 16:36 - 18691293 _____ () C:\Program Files\Total-Commander-POWERPACK-v7.0.exe
2009-03-09 12:11 - 2009-03-09 12:11 - 0118764 _____ () C:\Program Files (x86)\1by1_166.exe
2013-09-19 18:16 - 2013-09-19 18:39 - 64625138 _____ () C:\Program Files (x86)\CorelDRAW-Graphics-Suite-X6-CZ.rar
2013-09-19 18:18 - 2013-09-19 18:34 - 521390821 _____ () C:\Program Files (x86)\CorelDRAW-Graphics-Suite_X6_CZ_64Bit.rar
2009-01-02 15:11 - 2009-01-02 15:11 - 1099371 _____ () C:\Program Files (x86)\Katalog film�.rar
2009-01-21 16:27 - 2013-09-14 20:50 - 0000189 _____ () C:\Users\Honza\AppData\Roaming\default.rss
2012-07-06 14:49 - 2012-07-11 19:03 - 0042955 _____ () C:\Users\Honza\AppData\Roaming\kiko
2009-02-25 00:54 - 2009-02-25 00:54 - 1172472 _____ (Microsoft Corporation) C:\Users\Honza\AppData\Roaming\sh.exe
2011-02-12 14:57 - 2011-02-12 14:57 - 0000680 _____ () C:\Users\Honza\AppData\Local\d3d9caps.dat
2008-12-30 21:07 - 2017-04-06 12:35 - 0080896 _____ () C:\Users\Honza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-11 14:27 - 2012-08-11 14:27 - 0027520 _____ () C:\Users\Honza\AppData\Local\dt.dat
2012-11-15 07:34 - 2012-11-15 07:34 - 0000003 _____ () C:\Users\Honza\AppData\Local\updater.log
2013-09-26 19:29 - 2013-09-26 19:29 - 0756736 _____ () C:\Users\Honza\AppData\Local\vp_toolbar_ie.dll
2015-09-06 15:02 - 2015-09-06 15:03 - 0000000 _____ () C:\Users\Honza\AppData\Local\{284FAAF5-4031-4107-83D2-41384B1AE6C8}
2014-12-01 16:50 - 2014-12-01 16:51 - 0000000 _____ () C:\Users\Honza\AppData\Local\{748B571A-AA1E-4552-B173-EE8237D7871C}
2010-12-18 15:13 - 2010-12-18 15:13 - 0000043 ___SH () C:\ProgramData\.zreglib
2009-07-13 10:10 - 2012-05-10 19:07 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2008-12-20 11:56 - 2008-07-05 01:07 - 0000185 _____ () C:\ProgramData\licence.key

Some files in TEMP:
====================
2017-04-06 13:53 - 2017-04-06 13:53 - 0739904 _____ (Oracle Corporation) C:\Users\Honza\AppData\Local\Temp\jre-8u121-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-06 17:47

==================== End of FRST.txt ============================

Nuz pokial viem prechod na w10 je mozny z w7 alebo w8.1, nie z Visty

aha, tak teď už rozumím té hlášce. toto jsem vůbec neřešil

Tudíž, koukněte mi, prosím do logu, zda je to lepší. adwcleaner našel snad 150 hrozeb...

Díky.

Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >> •Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Zasílám požadovaný log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Honza (07-04-2017 12:20:01) Run:1
Running from C:\Users\Honza\Desktop
Loaded Profiles: Honza (Available Profiles: Honza)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
() C:\ProgramData\BOINC\projects\wuprop.boinc-af.org\data_collect_v4_4.20_windows_x86_64__nci.exe
() C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
() C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\...\Run: [OEXPRESS] => [X]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> DefaultScope {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> {2AEAA33B-9F6E-4E96-9D50-BC9D3E876EAE} URL = hxxp://www.google.cz/search?q={searchTerms}&rl ... {startPage}
SearchScopes: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
Toolbar: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> No Name - {6AA40521-14E7-4B1D-B1B4-98528C1388C9} - No File
Toolbar: HKU\S-1-5-21-2584406236-4270214980-3992510863-1000 -> No Name - {110C8480-EE32-4F39-9102-CA8502DE249E} - No File
S3 ASNDIS4; \??\C:\Windows\system32\ASNDIS4.SYS [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S2 cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [X]
S3 Inspect; system32\DRIVERS\inspect.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Point64; system32\DRIVERS\point64k.sys [X]
S3 TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [X]
S3 ZDPSp60a64; System32\Drivers\ZDPSp60a64.sys [X]


EmptyTemp:
Reboot:
End
*****************

[3844] C:\ProgramData\BOINC\projects\wuprop.boinc-af.org\data_collect_v4_4.20_windows_x86_64__nci.exe => process closed successfully.
[3824] C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe => process closed successfully.
[2060] C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe => process closed successfully.
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OEXPRESS => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955} => key removed successfully
HKCR\Wow6432Node\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => key not found.
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2} => key removed successfully
HKCR\CLSID\{105E99FF-8B9A-4492-B155-06194B9056D2} => key not found.
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2AEAA33B-9F6E-4E96-9D50-BC9D3E876EAE} => key removed successfully
HKCR\CLSID\{2AEAA33B-9F6E-4E96-9D50-BC9D3E876EAE} => key not found.
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955} => key removed successfully
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => key not found.
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6AA40521-14E7-4B1D-B1B4-98528C1388C9} => value removed successfully
HKCR\CLSID\{6AA40521-14E7-4B1D-B1B4-98528C1388C9} => key not found.
HKU\S-1-5-21-2584406236-4270214980-3992510863-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{110C8480-EE32-4F39-9102-CA8502DE249E} => value removed successfully
HKCR\CLSID\{110C8480-EE32-4F39-9102-CA8502DE249E} => key not found.
HKLM\System\CurrentControlSet\Services\ASNDIS4 => key removed successfully
ASNDIS4 => service removed successfully
HKLM\System\CurrentControlSet\Services\blbdrive => key removed successfully
blbdrive => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz133 => key removed successfully
cpuz133 => service removed successfully
HKLM\System\CurrentControlSet\Services\Inspect => key removed successfully
Inspect => service removed successfully
HKLM\System\CurrentControlSet\Services\IpInIp => key removed successfully
IpInIp => service removed successfully
HKLM\System\CurrentControlSet\Services\Lavasoft Kernexplorer => key removed successfully
Lavasoft Kernexplorer => service removed successfully
HKLM\System\CurrentControlSet\Services\NwlnkFlt => key removed successfully
NwlnkFlt => service removed successfully
HKLM\System\CurrentControlSet\Services\NwlnkFwd => key removed successfully
NwlnkFwd => service removed successfully
HKLM\System\CurrentControlSet\Services\pccsmcfd => key removed successfully
pccsmcfd => service removed successfully
HKLM\System\CurrentControlSet\Services\Point64 => key removed successfully
Point64 => service removed successfully
HKLM\System\CurrentControlSet\Services\TVICHW32 => key removed successfully
TVICHW32 => service removed successfully
HKLM\System\CurrentControlSet\Services\ZDPSp60a64 => key removed successfully
ZDPSp60a64 => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 16871 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4080122 B
Java, Flash, Steam htmlcache => 901 B
Windows/system/drivers => 105457722 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 375797543 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 67181 B
systemprofile32 => 5105774 B
LocalService => 66228 B
LocalService => 0 B
NetworkService => 1452 B
NetworkService => 0 B
Honza => 32040245 B

RecycleBin => 0 B
EmptyTemp: => 498.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:20:10 ====

odomna vsetko
doporucujem doinstalovat SP1 + MSIE9 prip. preinstalovat na w7

Děkuji. Až budu fyzicky u PC. Ddím ten SP1. přechod na novější OS ještě jednou pořádně proberu.
Děkuji za pomoc!
Hezký den!

rado sa stalo
pekny vikend