Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o zkontrolovánní Logu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Milan15
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 17 bře 2018 12:38

Prosím o zkontrolovánní Logu

#1 Příspěvek od Milan15 »

Dobrý den, chtěl bych požádat o zkontrolování logu.V internetovém prohlížeči na mě vyskočilo že musím zaplatit pokutu Policii ČR do 48 hodin, kamarád říkal že je to virus a poradil mi toto fórum.
Děkuji za pomoc.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Gromas at 2018-03-17 12:29:46
Microsoft Windows 10 Home
System drive C: has 83 GB (26%) free of 322 GB
Total RAM: 3956 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:29:48, on 17.3.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0098)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Gromas\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\Gromas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\trend micro\Gromas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll
O4 - HKLM\..\Run: [PlaysTV] "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [BingSvc] C:\Users\Gromas\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Gromas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Discord] C:\Users\Gromas\AppData\Local\Discord\app-0.0.300\Discord.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe
O23 - Service: OO DiskImage - O&O Software GmbH - C:\Program Files\OO Software\DiskImage\oodiag.exe
O23 - Service: Plays.tv Update Service (PlaysService) (PlaysService) - Copyright (c) 2017 Plays.tv, LLC - C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 9823 bytes

======Listing Processes======








c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\WINDOWS\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
dashost.exe {45b3a9b2-d333-4c6f-8a7dbcb0e0c531e5}
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\WINDOWS\SysWOW64\PnkBstrA.exe
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv

C:\WINDOWS\System32\vds.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files\OO Software\DiskImage\oodiag.exe"
C:\WINDOWS\System32\vdsldr.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
"C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe" /s "NS" /m "C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s upnphost
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s fdPHost
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s Browser

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"fontdrvhost.exe"
"dwm.exe"
atieclxx
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s NcdAutoSetup
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe" /c /a /s UserSession2
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"ctfmon.exe"
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\OO Software\DiskImage\ooditray.exe"
AvastUI.exe /nogui
"C:\Users\Gromas\AppData\Local\Microsoft\BingSvc\BingSvc.exe"
"C:\Users\Gromas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\Mozilla Firefox\firefox.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7736.0.794980490\641627996" -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" "C:\Users\Gromas\AppData\LocalLow\Mozilla\Temp-{454f0a0c-5671-4104-afe2-37424753b6a7}" 7736 "\\.\pipe\gecko-crash-server-pipe.7736" gpu
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7736.3.1629190977\1112036661" -childID 1 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{454f0a0c-5671-4104-afe2-37424753b6a7}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 7736 "\\.\pipe\gecko-crash-server-pipe.7736" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7736.13.691872903\1706817843" -childID 2 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{454f0a0c-5671-4104-afe2-37424753b6a7}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 7736 "\\.\pipe\gecko-crash-server-pipe.7736" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7736.20.1129902975\592551110" -childID 3 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{454f0a0c-5671-4104-afe2-37424753b6a7}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 7736 "\\.\pipe\gecko-crash-server-pipe.7736" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7736.27.1290341714\656288021" -childID 4 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{454f0a0c-5671-4104-afe2-37424753b6a7}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 7736 "\\.\pipe\gecko-crash-server-pipe.7736" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7736.34.949409756\1043469173" -childID 5 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{454f0a0c-5671-4104-afe2-37424753b6a7}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 7736 "\\.\pipe\gecko-crash-server-pipe.7736" tab
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\system32\AUDIODG.EXE 0x700
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
"C:\Users\Gromas\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Security Scan for Gromas.job - C:\PROGRA~2\NORTON~2\Engine\431~1.3\Nss.exe /scan-quick /scheduled

=========Mozilla firefox=========

ProfilePath - C:\Users\Gromas\AppData\Roaming\Mozilla\Firefox\Profiles\1bb803kw.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 29.0.0.113 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 29.0.0.113 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10 1042744]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10 798008]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10 1042744]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10 798008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-09-29 630168]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-10-28 8312352]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-07-22 323072]
"OODITRAY.EXE"=C:\Program Files\OO Software\DiskImage\ooditray.exe [2013-09-09 4986672]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-02-14 243496]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-01-07 3951280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"=C:\Users\Gromas\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2016-03-31 144008]
"OneDrive"=C:\Users\Gromas\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-03-07 1559200]
"Discord"=C:\Users\Gromas\AppData\Local\Discord\app-0.0.300\Discord.exe [2018-01-08 57821176]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-10-06 27832264]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PlaysTV"=C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [2017-12-12 51416]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-11-04 767176]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2018-03-17 12:23:31 ----D---- C:\rsit
2018-03-17 12:23:31 ----D---- C:\Program Files\trend micro
2018-03-02 15:13:11 ----A---- C:\WINDOWS\system32\aswBoot.exe
2018-02-26 01:15:04 ----D---- C:\ProgramData\ATI
2018-02-26 01:12:02 ----D---- C:\ProgramData\Microsoft OneDrive
2018-02-26 00:56:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-26 00:44:42 ----D---- C:\ProgramData\USOShared
2018-02-26 00:38:12 ----D---- C:\Users\Gromas\AppData\Roaming\ATI
2018-02-26 00:38:11 ----SD---- C:\Users\Gromas\AppData\Roaming\Microsoft
2018-02-26 00:37:21 ----A---- C:\WINDOWS\SYSWOW64\PrintConfig.dll
2018-02-26 00:35:15 ----AS---- C:\WINDOWS\bootstat.dat
2018-02-26 00:34:33 ----D---- C:\WINDOWS\Prefetch
2018-02-26 00:33:40 ----D---- C:\WINDOWS\system32\SleepStudy
2018-02-26 00:33:36 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-26 00:32:55 ----SHD---- C:\Recovery
2018-02-26 00:28:13 ----D---- C:\Windows.old
2018-02-25 20:50:41 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT64x86.SYS
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswStm.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswRdr2.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswKbd.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswfeeb69fa3268423c.tmp
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswe3283d0adec5eddb.tmp
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswc301fec532bb06de.tmp
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswbuniva.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswbloga.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswbidsha.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswbidsdrivera.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswArPot.sys
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\aswa23ade25770500a3.tmp
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\asw7f09ac8cc1ffc9b3.tmp
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\asw6ade186a1e3533f2.tmp
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\asw697f13a0bfc7393e.tmp
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\asw66c66f0cd527db87.tmp
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\asw51a440cd37b853a3.tmp
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\asw3d4e4b758d7fc60e.tmp
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\asw21b80cf5407219f7.tmp
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\asw11d8fa83411dc439.tmp
2018-02-25 20:50:40 ----A---- C:\WINDOWS\system32\drivers\asw 93e6d42799f656d.tmp
2018-02-25 20:49:31 ----D---- C:\Program Files\Common Files\SpeechEngines
2018-02-25 20:40:07 ----D---- C:\WINDOWS\system32\Microsoft
2018-02-25 20:40:07 ----D---- C:\WINDOWS\ServiceProfiles
2018-02-25 20:34:35 ----D---- C:\WINDOWS\SYSWOW64\XPSViewer
2018-02-25 20:34:20 ----D---- C:\Program Files\Reference Assemblies
2018-02-25 20:34:20 ----D---- C:\Program Files\MSBuild
2018-02-25 20:34:20 ----D---- C:\Program Files (x86)\Reference Assemblies
2018-02-25 20:34:20 ----D---- C:\Program Files (x86)\MSBuild
2018-02-25 20:30:04 ----A---- C:\WINDOWS\SYSWOW64\TsWpfWrp.exe
2018-02-25 20:30:02 ----A---- C:\WINDOWS\SYSWOW64\PresentationNative_v0300.dll
2018-02-25 20:30:02 ----A---- C:\WINDOWS\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-02-25 20:29:42 ----A---- C:\WINDOWS\system32\TsWpfWrp.exe
2018-02-25 20:29:41 ----A---- C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-02-25 20:29:41 ----A---- C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-02-25 20:27:49 ----A---- C:\WINDOWS\SYSWOW64\NlsLexicons0009.dll
2018-02-25 20:27:49 ----A---- C:\WINDOWS\SYSWOW64\NlsData0009.dll
2018-02-25 20:27:49 ----A---- C:\WINDOWS\system32\prm0009.dll
2018-02-25 20:27:47 ----A---- C:\WINDOWS\system32\NlsLexicons0009.dll
2018-02-25 20:27:47 ----A---- C:\WINDOWS\system32\NlsData0009.dll
2018-02-25 18:49:36 ----DC---- C:\WINDOWS\Panther
2018-02-24 13:15:09 ----D---- C:\WINDOWS\UpdateAssistant
2018-02-16 23:45:56 ----A---- C:\WINDOWS\system32\osrss.dll
2018-01-12 17:05:23 ----AD---- C:\Program Files\rempl
2018-01-05 04:54:58 ----A---- C:\WINDOWS\system32\drivers\aswHdsKe.sys
2018-01-05 04:54:58 ----A---- C:\WINDOWS\system32\drivers\asw2a3f50b5b6ae07c7.tmp

======List of files/folders modified in the last 3 months======

2018-03-17 12:28:18 ----D---- C:\WINDOWS\Temp
2018-03-17 12:23:31 ----RD---- C:\Program Files
2018-03-17 11:51:03 ----D---- C:\WINDOWS\system32\sru
2018-03-17 07:43:06 ----D---- C:\WINDOWS\AppReadiness
2018-03-17 06:00:01 ----D---- C:\WINDOWS\system32\LogFiles
2018-03-17 01:12:35 ----RD---- C:\WINDOWS\Microsoft.NET
2018-03-17 01:11:50 ----D---- C:\WINDOWS\Logs
2018-03-16 18:40:50 ----D---- C:\Users\Gromas\AppData\Roaming\Skype
2018-03-16 18:39:32 ----D---- C:\Users\Gromas\AppData\Roaming\PlaysTV
2018-03-16 10:07:16 ----D---- C:\WINDOWS\DeliveryOptimization
2018-03-16 10:06:41 ----HD---- C:\Program Files\WindowsApps
2018-03-16 09:42:53 ----D---- C:\Users\Gromas\AppData\Roaming\vlc
2018-03-14 22:51:26 ----SHD---- C:\System Volume Information
2018-03-14 01:14:30 ----D---- C:\WINDOWS\SysWOW64
2018-03-14 01:14:27 ----D---- C:\WINDOWS\system32\Tasks
2018-03-14 01:14:17 ----D---- C:\WINDOWS\system32\Macromed
2018-03-14 01:14:15 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2018-03-13 21:31:55 ----D---- C:\WINDOWS\system32\config
2018-03-13 18:48:38 ----D---- C:\WINDOWS\CbsTemp
2018-03-13 18:48:34 ----D---- C:\WINDOWS\WinSxS
2018-03-13 18:48:20 ----D---- C:\WINDOWS\system32\catroot2
2018-03-13 18:47:51 ----D---- C:\WINDOWS\system32\MRT
2018-03-13 18:43:22 ----D---- C:\WINDOWS\debug
2018-03-13 18:43:04 ----AC---- C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 18:42:46 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-03-12 17:34:19 ----D---- C:\WINDOWS\System32
2018-03-11 08:07:13 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-03-11 08:07:12 ----D---- C:\WINDOWS\INF
2018-03-06 15:08:15 ----D---- C:\WINDOWS\LiveKernelReports
2018-03-02 22:09:11 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2018-03-02 15:13:52 ----D---- C:\WINDOWS\system32\drivers
2018-03-01 02:29:02 ----D---- C:\WINDOWS\rescache
2018-02-28 15:42:46 ----D---- C:\WINDOWS\system32\restore
2018-02-28 03:33:30 ----RD---- C:\WINDOWS\assembly
2018-02-27 17:00:52 ----D---- C:\WINDOWS\system32\WDI
2018-02-27 03:14:07 ----D---- C:\Windows
2018-02-26 15:05:28 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2018-02-26 03:06:21 ----D---- C:\WINDOWS\appcompat
2018-02-26 01:15:04 ----HD---- C:\ProgramData
2018-02-26 01:01:36 ----HD---- C:\$GetCurrent
2018-02-26 00:59:35 ----D---- C:\Program Files\windows nt
2018-02-26 00:57:50 ----D---- C:\WINDOWS\SoftwareDistribution
2018-02-26 00:57:43 ----D---- C:\WINDOWS\Tasks
2018-02-26 00:55:55 ----D---- C:\WINDOWS\Registration
2018-02-26 00:55:06 ----SD---- C:\ProgramData\Microsoft
2018-02-26 00:55:04 ----D---- C:\WINDOWS\system32\wbem
2018-02-26 00:54:56 ----RSD---- C:\WINDOWS\media
2018-02-26 00:51:24 ----D---- C:\WINDOWS\system32\DriverStore
2018-02-26 00:44:43 ----D---- C:\ProgramData\USOPrivate
2018-02-26 00:44:14 ----D---- C:\WINDOWS\system32\CodeIntegrity
2018-02-26 00:42:05 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2018-02-26 00:39:19 ----SHD---- C:\WINDOWS\Installer
2018-02-26 00:38:59 ----AD---- C:\Program Files\ATI Technologies
2018-02-26 00:38:29 ----AD---- C:\Program Files (x86)\ATI Technologies
2018-02-26 00:38:11 ----RD---- C:\Users
2018-02-26 00:37:21 ----D---- C:\WINDOWS\system32\Sysprep
2018-02-26 00:36:32 ----D---- C:\AMD
2018-02-26 00:35:33 ----D---- C:\WINDOWS\SYSWOW64\RTCOM
2018-02-26 00:32:14 ----D---- C:\WINDOWS\system32\Recovery
2018-02-26 00:28:29 ----D---- C:\WINDOWS\system32\Tasks_Migrated
2018-02-26 00:28:28 ----RSD---- C:\WINDOWS\Fonts
2018-02-26 00:28:28 ----D---- C:\WINDOWS\SYSWOW64\vbox
2018-02-26 00:28:28 ----D---- C:\WINDOWS\SYSWOW64\migration
2018-02-26 00:28:28 ----D---- C:\WINDOWS\SYSWOW64\IME
2018-02-26 00:28:28 ----D---- C:\WINDOWS\SYSWOW64\en-US
2018-02-26 00:28:28 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2018-02-26 00:28:28 ----D---- C:\WINDOWS\system32\WinBioDatabase
2018-02-26 00:28:28 ----D---- C:\WINDOWS\system32\drivers\etc
2018-02-26 00:28:28 ----AD---- C:\WINDOWS\SYSWOW64\Adobe
2018-02-26 00:28:27 ----D---- C:\WINDOWS\system32\zh-HK
2018-02-26 00:28:27 ----D---- C:\WINDOWS\system32\vbox
2018-02-26 00:28:27 ----D---- C:\WINDOWS\system32\SPReview
2018-02-26 00:28:27 ----D---- C:\WINDOWS\system32\spool
2018-02-26 00:28:19 ----D---- C:\WINDOWS\system32\oem
2018-02-26 00:28:19 ----D---- C:\WINDOWS\system32\migration
2018-02-26 00:28:19 ----D---- C:\WINDOWS\system32\IME
2018-02-26 00:28:19 ----D---- C:\WINDOWS\system32\EventProviders
2018-02-26 00:28:19 ----D---- C:\WINDOWS\system32\en-US
2018-02-26 00:28:19 ----D---- C:\WINDOWS\system32\drivers\cs-CZ
2018-02-26 00:28:18 ----D---- C:\WINDOWS\system32\cs-CZ
2018-02-26 00:28:18 ----D---- C:\WINDOWS\schemas
2018-02-26 00:28:18 ----D---- C:\WINDOWS\ShellNew
2018-02-26 00:28:16 ----SHD---- C:\Program Files\Windows Sidebar
2018-02-26 00:28:16 ----SHD---- C:\Program Files (x86)\Windows Sidebar
2018-02-26 00:28:16 ----RD---- C:\Program Files (x86)
2018-02-26 00:28:16 ----D---- C:\Program Files\Common Files\microsoft shared
2018-02-26 00:28:16 ----D---- C:\Program Files\Common Files
2018-02-26 00:28:16 ----D---- C:\Program Files (x86)\Microsoft.NET
2018-02-26 00:28:16 ----D---- C:\Program Files (x86)\Common Files
2018-02-26 00:28:16 ----AD---- C:\Program Files\UNP
2018-02-26 00:28:15 ----AD---- C:\Program Files\AMD
2018-02-26 00:28:10 ----D---- C:\WINDOWS\Setup
2018-02-25 21:04:21 ----RASH---- C:\BOOTSECT.BAK
2018-02-25 21:04:08 ----SHD---- C:\Boot
2018-02-25 20:51:05 ----D---- C:\WINDOWS\SYSWOW64\drivers\UMDF
2018-02-25 20:50:45 ----D---- C:\WINDOWS\system32\oobe
2018-02-25 20:49:50 ----D---- C:\WINDOWS\ehome
2018-02-25 20:49:36 ----D---- C:\Program Files (x86)\Windows Mail
2018-02-25 20:49:32 ----D---- C:\Program Files\Windows Mail
2018-02-25 20:49:31 ----D---- C:\Program Files\Synaptics
2018-02-25 20:49:31 ----D---- C:\Program Files\Realtek
2018-02-25 20:49:31 ----D---- C:\Program Files\Microsoft Games
2018-02-25 20:49:29 ----D---- C:\Program Files\Common Files\ATI Technologies
2018-02-25 20:34:35 ----D---- C:\WINDOWS\SYSWOW64\MUI
2018-02-25 20:34:35 ----D---- C:\WINDOWS\system32\MUI
2018-02-25 20:27:58 ----D---- C:\WINDOWS\OCR
2018-02-25 18:33:26 ----A---- C:\WINDOWS\progress.ini
2018-02-25 18:21:29 ----D---- C:\Windows10Upgrade
2018-02-16 15:09:57 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-16 15:09:57 ----AD---- C:\Program Files\Mozilla Firefox
2018-02-03 20:29:59 ----D---- C:\Users\Gromas\AppData\Roaming\TS3Client
2018-01-09 15:08:30 ----D---- C:\Users\Gromas\AppData\Roaming\discord
2018-01-06 19:41:21 ----A---- C:\WINDOWS\system32\MpSigStub.exe
2017-12-26 14:23:47 ----D---- C:\Users\Gromas\AppData\Roaming\Identities
2017-12-21 15:08:41 ----SD---- C:\WINDOWS\UpdateAssistantV2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [2018-03-02 199440]
R0 aswblog;aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [2018-03-02 343752]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [2018-03-02 57680]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2018-03-02 84368]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2018-03-02 380528]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-09-29 56728]
R0 oodisr;O&O DiskImage Snapshot/Restore Driver; C:\WINDOWS\system32\DRIVERS\oodisr.sys [2013-09-09 116936]
R0 oodisrh;oodisrh; C:\WINDOWS\system32\DRIVERS\oodisrh.sys [2013-09-09 41160]
R0 oodivd;O&O DiskImage Virtual Devices Driver; C:\WINDOWS\system32\DRIVERS\oodivd.sys [2013-09-09 255688]
R0 oodivdh;oodivdh; C:\WINDOWS\system32\DRIVERS\oodivdh.sys [2013-09-09 44744]
R1 aswArPot;aswArPot; C:\WINDOWS\system32\drivers\aswArPot.sys [2018-03-02 196648]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [2018-03-02 227504]
R1 aswHdsKe;aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [2018-03-02 215320]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2017-09-08 41832]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2018-03-02 110328]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2018-03-02 1026696]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2018-03-02 460520]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2017-12-14 59800]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2017-09-29 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-09-29 8192]
R1 MpKslc423d343;MpKslc423d343; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4BD31D94-D5A4-4136-BDA9-59A5D3672D4D}\MpKslc423d343.sys [2018-02-26 58120]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2018-03-02 146656]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2018-03-02 205976]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2017-09-29 384000]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2017-09-29 43520]
R3 AgereSoftModem;@mdmags64.inf,%FullProductName%;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\agrsm64.sys [2017-09-29 1146880]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-12-16 21648880]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-12-16 674288]
R3 AtiHDAudioService;@oem0.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWT6.sys [2015-05-28 102912]
R3 BCM43XX;@netbc64.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 – ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [2017-09-29 7585280]
R3 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\BASHDefs\20171108.001\BHDrvx64.sys [2017-10-11 1872024]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-09-29 60312]
R3 ccSet_NS;NS Settings Manager; C:\WINDOWS\system32\drivers\NSx64\1605020.00F\ccSetx64.sys [2015-07-11 173808]
R3 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2017-10-19 508056]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2017-10-19 158360]
R3 HECIx64;@oem22.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface; C:\WINDOWS\System32\drivers\HECIx64.sys [2009-09-18 56344]
R3 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\IPSDefs\20171113.001\IDSvia64.sys [2017-10-13 1056920]
R3 Impcd;Impcd; C:\WINDOWS\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2009-10-28 2018080]
R3 k57nd60a;@netk57a.inf,%SvcDispName%;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\WINDOWS\System32\drivers\k57nd60a.sys [2017-09-29 446464]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2016-01-07 42664]
R3 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\WINDOWS\system32\drivers\NSx64\1605020.00F\SRTSPX64.SYS [2015-07-11 50936]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2017-09-29 37784]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-09-29 357272]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-09-29 123800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-09-29 103320]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-09-29 63520]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2017-09-29 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2017-09-29 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2017-09-29 39832]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2017-09-29 118168]
S1 lpsport;lpsport; C:\WINDOWS\system32\drivers\lpsport.sys [2018-02-14 61304]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-09-29 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-09-29 18432]
S3 aswHwid;aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [2018-03-02 46968]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-09-29 39424]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2017-09-29 122368]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-09-29 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-09-29 50584]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2017-09-29 73112]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2017-09-29 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-09-29 1723288]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-09-29 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2017-09-29 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-09-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-09-29 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-09-29 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-09-29 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2017-09-29 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-09-29 39424]
S3 invdimm;@invdimm.inf,%invdimm.SvcDesc%;Microsoft iNVDIMM device driver; C:\WINDOWS\System32\drivers\invdimm.sys [2017-09-29 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2017-09-29 26112]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2017-09-29 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-09-29 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-09-29 55840]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-09-29 842648]
S3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20171112.048\ENG64.SYS [2017-10-13 138880]
S3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20171112.048\EX64.SYS [2017-10-13 2152064]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2017-09-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-09-29 132608]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-09-29 88576]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2017-09-29 100352]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2017-09-29 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2017-09-29 936856]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2017-09-29 103936]
S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMIVX.sys [2009-06-24 205472]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2017-09-29 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-09-30 56216]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\WINDOWS\system32\drivers\NSx64\1605020.00F\SRTSP64.SYS [2015-07-11 926448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2015-12-16 255472]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-02-14 300600]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 CDPUserSvc_1a97fb74;Uživatelská služba platformy připojených zařízení_1a97fb74; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-23 268824]
R2 NS;Norton Security; C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe [2015-07-16 282016]
R2 OneSyncSvc_1a97fb74;Hostitel synchronizace_1a97fb74; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 OO DiskImage;OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [2013-09-09 6258480]
R2 PlaysService;Plays.tv Update Service (PlaysService); C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [2017-12-12 55000]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\syswow64\PnkBstrA.exe [2017-02-05 75136]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2017-12-14 519152]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-02-14 7564512]
R3 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-26 154440]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-07-18 317408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-14 272384]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DevicesFlowUserSvc_1a97fb74;Tok zařízení_1a97fb74; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-09-29 85504]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2017-09-28 43648]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-26 154440]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService_1a97fb74;Služba zasílání zpráv_1a97fb74; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-02-10 194512]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PimIndexMaintenanceSvc_1a97fb74;Data kontaktů_1a97fb74; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc_1a97fb74;PrintWorkflow_1a97fb74; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2017-09-29 1288704]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2017-12-14 956416]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o zkontrolovánní Logu

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Milan15
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 17 bře 2018 12:38

Re: Prosím o zkontrolovánní Logu

#3 Příspěvek od Milan15 »

Děkuji, posílám log po použítí AdwCleaneru.

# AdwCleaner 7.0.8.0 - Logfile created on Sat Mar 17 15:18:55 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1121 B] - [2018/3/17 15:17:58]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o zkontrolovánní Logu

#4 Příspěvek od Rudy »

Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Milan15
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 17 bře 2018 12:38

Re: Prosím o zkontrolovánní Logu

#5 Příspěvek od Milan15 »

Posílám log Addition, log FRST v příloze (má příliš mnoho znaků).

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Gromas (17-03-2018 19:13:29)
Running from C:\Users\Gromas\Desktop
Windows 10 Home Version 1709 16299.248 (X64) (2018-02-26 00:02:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3004829638-1244398265-2620027606-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3004829638-1244398265-2620027606-503 - Limited - Disabled)
Gromas (S-1-5-21-3004829638-1244398265-2620027606-1000 - Administrator - Enabled) => C:\Users\Gromas
Guest (S-1-5-21-3004829638-1244398265-2620027606-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3004829638-1244398265-2620027606-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3004829638-1244398265-2620027606-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.23 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
ATI AVIVO64 Codecs (HKLM\...\{E4E8CCFD-621C-E05A-47FB-AB96E4F5CB50}) (Version: 10.11.0.41111 - ATI Technologies Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Broadcom Gigabit Integrated Controller (HKLM\...\{F2205345-FA8D-474F-A2D9-FB31DB9663DF}) (Version: 12.32.02 - Broadcom Corporation)
Broadcom Wireless LAN Driver Installation Program for Windows7 (HKLM-x32\...\{88410D8F-8529-492B-B556-2394A29B811B}) (Version: 5.60.18.8 - Broadcom)
ccc-core-static (HKLM-x32\...\{6D863265-A79F-9214-9F2A-C4D1FC8FDFF6}) (Version: 2009.1111.2327.42077 - Název společnosti:) Hidden
Discord (HKU\S-1-5-21-3004829638-1244398265-2620027606-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
Foxit PhantomPDF Standard (HKLM-x32\...\{86848256-DF08-4F3D-A32D-37151AA16510}) (Version: 7.3.4.311 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3004829638-1244398265-2620027606-1000\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.1.6648 - Mozilla)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.2.15 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.3.1.3 - Symantec Corporation)
O&O DiskImage Professional (HKLM\...\{56F8EF3C-D9A0-4728-95D5-DC05A72931F5}) (Version: 7.81.6 - O&O Software GmbH)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.27.5-r125535-release - Plays.tv, LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Sada Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Software Bluetooth WIDCOMM (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{E345A108-D9E8-456B-9550-435132D5C9CE}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}) (Version: 1.11.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Win10 PrivacyFix (HKLM-x32\...\{EFF218A1-EBF1-4EE2-8BAE-86D0E04B4F0F}_is1) (Version: 1.2 - Abelssoft)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Wolfenstein - Enemy Territory (HKLM-x32\...\Wolfenstein - Enemy Territory) (Version: 2.60b - ACTIVISION)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-02] (AVAST Software)
ShellIconOverlayIdentifiers: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\OO Software\DiskImage\oodishi.dll [2013-09-09] (O&O Software GmbH)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-02] (AVAST Software)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2016-03-09] (Foxit Software Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2015-08-31] (Foxit Software Inc.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\NavShExt.dll [2015-07-16] (Symantec Corporation)
ContextMenuHandlers2: [OODIDismount] -> {5B036813-4E35-4421-ADCB-E06925C7A7ED} => C:\Program Files\OO Software\DiskImage\oodishd.dll [2013-09-09] (O&O Software GmbH)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\NavShExt.dll [2015-07-16] (Symantec Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-02] (AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-02] (AVAST Software)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\NavShExt.dll [2015-07-16] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05F83AB5-2926-48D6-8856-4E7BEFDDCAD5} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1084DDEA-2725-40E9-8C43-8A85D20C9119} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1E1A7A0C-01E3-40DD-9384-64EC34CD48E0} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1ED935CE-BACF-4C71-9640-73D5C7142548} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {29C746D2-D3FA-40DA-8AAF-CF7807BB3899} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {2FC7F2EF-FDCC-40EA-B7CE-2080026BCD6E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4942F594-5B4D-4CB9-AA28-7104BC8EBC32} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player NPAPI Notifier" /ENABLE
Task: {4942F594-5B4D-4CB9-AA28-7104BC8EBC32} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {4942F594-5B4D-4CB9-AA28-7104BC8EBC32} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {4942F594-5B4D-4CB9-AA28-7104BC8EBC32} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {4942F594-5B4D-4CB9-AA28-7104BC8EBC32} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\Norton Security Scan for Gromas" /ENABLE
Task: {4942F594-5B4D-4CB9-AA28-7104BC8EBC32} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\Norton WSC Integration" /ENABLE
Task: {4942F594-5B4D-4CB9-AA28-7104BC8EBC32} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3004829638-1244398265-2620027606-1000" /ENABLE
Task: {4942F594-5B4D-4CB9-AA28-7104BC8EBC32} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\SafeZone scheduled Autoupdate 1458998094" /ENABLE
Task: {4942F594-5B4D-4CB9-AA28-7104BC8EBC32} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\{036AD1BB-35D0-42FE-801B-AAC804753884}" /ENABLE
Task: {4942F594-5B4D-4CB9-AA28-7104BC8EBC32} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\{EEBFC97F-922D-428E-A34A-243B36B50992}" /ENABLE
Task: {4942F594-5B4D-4CB9-AA28-7104BC8EBC32} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {4B1C3132-19D5-468B-92A1-1029530C3E4B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-02] (AVAST Software)
Task: {58554D2E-45CE-4615-AC64-7B6607064DB9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5BB700F6-0C6C-49C1-A58B-E63CB9F7810D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5E5BF957-6D4B-420C-BEB3-9ADB09EA1EF0} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {62F9A2D2-DD04-4849-A6B0-797C4FCD60F7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {665C35B6-9B3C-41CA-B9A3-9AD35EC7E22A} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {66E98474-18CB-4D24-B98D-243386109A82} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6B44CCCC-61F6-4219-803F-A3AAF2909772} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-26] (Google Inc.)
Task: {6E7FBB72-8081-42B0-9B0F-C15F387D35CD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {6EA2490F-9ED0-44DD-AB7B-26C111960EF0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {840C9946-B740-4A79-B024-85EDF218880D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88B92544-E7DE-4F51-9ED6-E767F7AE5D53} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9D6815C4-7E37-4A3D-B58E-ED5813010B7B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A77A1E29-E4E4-4CE7-BB2E-580162093467} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A988E3AD-62CF-4224-BA79-5B08A9A864C5} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0022DEF-7EB6-4038-B5B2-A262EA1F5BB4} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0185914-E1FD-4A9C-817A-F2963BED2EB6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {B3F4DCAC-20E6-4995-A285-73DE62FABDC6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B5C56F88-5A84-423A-829D-CA0714B09C1B} - System32\Tasks\Norton Security Scan for Gromas => C:\Program Files (x86)\Norton Security Scan\Engine\4.3.1.3\Nss.exe [2015-10-16] (Symantec Corporation)
Task: {BA73C7A2-6999-44DA-B52B-09DDA6F567F9} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {BF7D4A31-3A3B-4F2E-8561-CC92AADBB8D2} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {C1716045-0B1D-4863-A71D-8747C79624ED} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C8120DBA-404E-4DFE-9891-BFC1333B23B2} - System32\Tasks\SafeZone scheduled Autoupdate 1458998094 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {D67FC0A6-6CAB-4F02-91C8-865DF8ACC696} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DC56158A-8A83-4789-8359-2DE3DBA66127} - System32\Tasks\{036AD1BB-35D0-42FE-801B-AAC804753884} => C:\Windows\system32\pcalua.exe -a "F:\Zálohování\O & O DiskImage Professional Edition 7\OODiskImage7Pro32Enu_chip_full.exe" -d "F:\Zálohování\O & O DiskImage Professional Edition 7"
Task: {EA1B99DA-46AF-43F8-A556-54733084F1B7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-10] (AVAST Software)
Task: {EECEB0F0-14CF-45D6-968D-0C398B1FCA24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {F5A4193F-F5E7-4709-85DA-97275A9B4418} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {F5D7BB3A-32C9-499C-843B-B82A150AC3F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-26] (Google Inc.)
Task: {F7DF25E9-24C8-4AC4-AFBB-0B8CC57EFDBF} - System32\Tasks\{EEBFC97F-922D-428E-A34A-243B36B50992} => C:\Windows\system32\pcalua.exe -a "D:\Zálohování\O&O DiskImage 6 Professional\waik_install.exe" -d "D:\Zálohování\O&O DiskImage 6 Professional"
Task: {F8464A32-8645-4F62-9D5F-41DBAD419306} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {F9983250-FDA8-4C61-AFE9-955785E042F7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FF1DDD6F-08B3-4D2E-9A47-C532F9B22BFB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Norton Security Scan for Gromas.job => C:\PROGRA~2\NORTON~2\Engine\431~1.3\Nss.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-05 09:38 - 2017-02-05 09:54 - 000075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-09-09 15:36 - 2013-09-09 15:36 - 000069936 _____ () C:\Program Files\OO Software\DiskImage\oodiagpsx64.dll
2018-03-03 17:08 - 2018-02-10 05:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-03 17:09 - 2018-02-10 05:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-16 10:04 - 2018-03-16 10:05 - 000173568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 15:15 - 2018-03-09 15:15 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-01 00:57 - 2018-03-01 01:01 - 000477696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-03-01 00:57 - 2018-03-01 01:01 - 059575808 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 03:50 - 2017-10-05 03:51 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-02-17 16:04 - 2018-02-17 16:05 - 000010240 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-03-01 00:57 - 2018-03-01 01:01 - 003741184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-14 15:44 - 2017-12-14 15:45 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-03-01 00:57 - 2018-03-01 01:00 - 015986688 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-03-01 00:57 - 2018-03-01 01:01 - 003592704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-03-01 00:57 - 2018-03-01 01:00 - 003231232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-03-01 00:57 - 2018-03-01 01:01 - 001369088 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-01-31 15:12 - 2018-01-31 15:12 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-01 00:57 - 2018-03-01 01:01 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-02-17 16:04 - 2018-02-17 16:05 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-03-01 00:57 - 2018-03-01 01:01 - 000628736 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-03-01 00:57 - 2018-03-01 01:01 - 000152064 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\SKU.dll
2018-03-16 10:04 - 2018-03-16 10:05 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-16 10:04 - 2018-03-16 10:05 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-16 10:04 - 2018-03-16 10:05 - 022044160 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-16 10:04 - 2018-03-16 10:05 - 002559488 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-12 21:22 - 2017-12-12 21:22 - 000033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 000103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 000111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2017-12-12 21:22 - 2017-12-12 21:22 - 000041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 000405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2017-12-12 21:22 - 2017-12-12 21:22 - 000173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 001934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 000077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 001780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 000505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 003812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2018-03-02 15:12 - 2018-03-02 15:12 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-02 15:12 - 2018-03-02 15:12 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-02 15:12 - 2018-03-02 15:12 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-02 15:11 - 2018-03-02 15:11 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-07-25 15:54 - 000002803 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.msftncsi.com
127.0.0.1 pre.footprintpredict.com
127.0.0.1 cs1.wpc.v0cdn.net
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 az361816.vo.msecnd.net
127.0.0.1 az512334.vo.msecnd.net
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nsatc.net
127.0.0.1 compatexchange.cloudapp.net
127.0.0.1 corp.sts.microsoft.com
127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com
127.0.0.1 df.telemetry.microsoft.com
127.0.0.1 diagnostics.support.microsoft.com
127.0.0.1 fe2.update.microsoft.com.akadns.net
127.0.0.1 feedback.microsoft-hohm.com
127.0.0.1 feedback.search.microsoft.com
127.0.0.1 feedback.windows.com
127.0.0.1 i1.services.social.microsoft.com
127.0.0.1 i1.services.social.microsoft.com.nsatc.net
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 preview.msn.com
127.0.0.1 rad.msn.com
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 sls.update.microsoft.com.akadns.net
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3004829638-1244398265-2620027606-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C28D3C22-43D4-4F74-B717-D081AF8337AC}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{987BBD0C-6ED9-4F2E-83D0-96235E778999}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{26FA40C4-3B2F-448C-8E96-6ADD520235CF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E6CA2139-B06F-4D37-B5E7-EA54E437FEB5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4B054CDE-7FFD-43FF-9F68-64C83433C6AF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{316A32DB-A761-42BE-8129-AE1935B4FB33}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{67564281-F641-4134-80FF-31DB8836E894}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{21784AF2-6DF5-4001-AA46-51B1239949B1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{FCE6434B-519D-409C-ACA9-150360FEC6A0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{F1CB13D7-E28F-4723-8C34-9E14874C5AC3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{D14AB299-8222-4B68-9951-817B20B5D7FA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{F0A7D3FC-C640-4ABD-A576-4DCDB72CD33D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CF3C88D9-EE08-4CBE-90D3-679A8333F131}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B5727243-1B8E-49D0-808E-7519072A6C0E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4D1703F3-500C-47AF-B4A6-5A7274A5F11C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{36884D6D-8021-4732-A708-AF2CE59CC891}D:\hry\wolfenstein - enemy territory\et.exe] => (Allow) D:\hry\wolfenstein - enemy territory\et.exe
FirewallRules: [UDP Query User{429D598D-AC5E-4921-A939-8F02EA666DC0}D:\hry\wolfenstein - enemy territory\et.exe] => (Allow) D:\hry\wolfenstein - enemy territory\et.exe
FirewallRules: [{DC180AC4-2FAF-49B8-8B64-4F742F03DA90}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{33D980C5-E89B-4E25-A13F-74E533906647}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{85C278E2-AC06-4388-9F60-2FD5CA73EEE8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-03-2018 16:41:56 Windows Update
10-03-2018 20:39:09 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Přílohy
FRST.zip
(19.16 KiB) Staženo 31 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o zkontrolovánní Logu

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
U3 idsvc; no ImagePath
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
Task: {6EA2490F-9ED0-44DD-AB7B-26C111960EF0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DC56158A-8A83-4789-8359-2DE3DBA66127} - System32\Tasks\{036AD1BB-35D0-42FE-801B-AAC804753884} => C:\Windows\system32\pcalua.exe -a "F:\Zálohování\O & O DiskImage Professional Edition 7\OODiskImage7Pro32Enu_chip_full.exe" -d "F:\Zálohování\O & O DiskImage Professional Edition 7"
Task: {F7DF25E9-24C8-4AC4-AFBB-0B8CC57EFDBF} - System32\Tasks\{EEBFC97F-922D-428E-A34A-243B36B50992} => C:\Windows\system32\pcalua.exe -a "D:\Zálohování\O&O DiskImage 6 Professional\waik_install.exe" -d "D:\Zálohování\O&O DiskImage 6 Professional"

EmptyTemp:
Hosts:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:
Velikost slozky "C:\Users\Gromas\Desktop" je 3185 MB.
To je příliš mnoho a může to způsobovat zpomalení startu systému. Vytvořte v C:\Users\Gromas novo složku, do níž přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.

V PC jsou 2 antiviry (Norton a Avast). Jeden z nich odinstalujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Milan15
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 17 bře 2018 12:38

Re: Prosím o zkontrolovánní Logu

#7 Příspěvek od Milan15 »

Posílám fixlog.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Gromas (18-03-2018 14:08:17) Run:1
Running from C:\Users\Gromas\Desktop
Loaded Profiles: Gromas (Available Profiles: Gromas)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
U3 idsvc; no ImagePath
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
Task: {6EA2490F-9ED0-44DD-AB7B-26C111960EF0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DC56158A-8A83-4789-8359-2DE3DBA66127} - System32\Tasks\{036AD1BB-35D0-42FE-801B-AAC804753884} => C:\Windows\system32\pcalua.exe -a "F:\Z�lohov�n�\O & O DiskImage Professional Edition 7\OODiskImage7Pro32Enu_chip_full.exe" -d "F:\Z�lohov�n�\O & O DiskImage Professional Edition 7"
Task: {F7DF25E9-24C8-4AC4-AFBB-0B8CC57EFDBF} - System32\Tasks\{EEBFC97F-922D-428E-A34A-243B36B50992} => C:\Windows\system32\pcalua.exe -a "D:\Z�lohov�n�\O&O DiskImage 6 Professional\waik_install.exe" -d "D:\Z�lohov�n�\O&O DiskImage 6 Professional"

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"HKLM\System\CurrentControlSet\Services\idsvc" => removed successfully
idsvc => service removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EA2490F-9ED0-44DD-AB7B-26C111960EF0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EA2490F-9ED0-44DD-AB7B-26C111960EF0}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC56158A-8A83-4789-8359-2DE3DBA66127}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC56158A-8A83-4789-8359-2DE3DBA66127}" => removed successfully
C:\WINDOWS\System32\Tasks\{036AD1BB-35D0-42FE-801B-AAC804753884} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{036AD1BB-35D0-42FE-801B-AAC804753884}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7DF25E9-24C8-4AC4-AFBB-0B8CC57EFDBF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7DF25E9-24C8-4AC4-AFBB-0B8CC57EFDBF}" => removed successfully
C:\WINDOWS\System32\Tasks\{EEBFC97F-922D-428E-A34A-243B36B50992} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EEBFC97F-922D-428E-A34A-243B36B50992}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31200087 B
Java, Flash, Steam htmlcache => 54456 B
Windows/system/drivers => 1057499 B
Edge => 1967244 B
Chrome => 844412734 B
Firefox => 384638609 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 9084 B
NetworkService => 73734 B
Gromas => 110696108 B

RecycleBin => 14418321891 B
EmptyTemp: => 14.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-03-2018 14:23:34)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 14:23:34 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o zkontrolovánní Logu

#8 Příspěvek od Rudy »

OK, smazaáno. Ještě by bylo dobré vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět