Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Vyskakují ruská okna v Chrome

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
lukas_t
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 dub 2009 18:08

Vyskakují ruská okna v Chrome

#1 Příspěvek od lukas_t »

Dobrý den,

mám problém s neustále vyskakujícími okny s ruským obsahem v Chrome. Zkoušel jsem problém odstranit projetím Defenderem, něco našel, ale nepomohlo. Pak jsem zkoušel AdwCleaner, našel tři položky, odstranil jsem je. Znovu se již neobjevily. Problém ale stále trvá. Prosím o pomoc, níže přikládám logy.

Děkuji předem za pomoc.

RSIT log:

Kód: Vybrat vše

Logfile of random's system information tool 1.16 (written by random/random) 
Run by Lukáš at 2018-04-10 12:41:41
Microsoft Windows 8.1 Pro 
System drive C: has 303 GB (85%) free of 358 GB
Total RAM: 6030 MB (68% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:41:56, on 10. 4. 2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16384)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Lukáš\Desktop\adwcleaner_7.0.8.0.exe
C:\Program Files\trend micro\Lukáš_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 160.220.4.113:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe,-100 (CIJSRegister) - CANON INC. - C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 9813 bytes

====== Enumerating Processes ======

C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\dwm.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe" 
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe" 
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe" 
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe" 
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x114,0x118,0x11c,0x110,0x120,0x7ff8b577f1e8,0x7ff8b577f1f8,0x7ff8b577f208
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3104 --on-initialized-event-handle=440 --parent-handle=444 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1400,2407719291376340879,5006741616465988211,131072 --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3308 --gpu-driver-date=9-16-2013 --gpu-secondary-vendor-ids=0x10de --gpu-secondary-device-ids=0x0fe4 --service-request-channel-token=D236C72B4CC9E727FF9D3120F88DCFB4 --mojo-platform-channel-handle=1388 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" 
"C:\Windows\System32\igfxtray.exe" 
"C:\Windows\System32\hkcmd.exe" 
"C:\Windows\System32\igfxpers.exe" 
"C:\Windows\system32\igfxsrvc.exe" -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1400,2407719291376340879,5006741616465988211,131072 --service-pipe-token=439B42000D98D2CF82E57FF4BEB292D1 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=439B42000D98D2CF82E57FF4BEB292D1 --renderer-client-id=3 --mojo-platform-channel-handle=2756 /prefetch:1
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1400,2407719291376340879,5006741616465988211,131072 --service-pipe-token=506D8B22E5496144B907BA6DF2E2C3B3 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=506D8B22E5496144B907BA6DF2E2C3B3 --renderer-client-id=4 --mojo-platform-channel-handle=3104 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1400,2407719291376340879,5006741616465988211,131072 --service-pipe-token=4F01E28AA5D7470C1DD3C2BD7E3E93C3 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=4F01E28AA5D7470C1DD3C2BD7E3E93C3 --renderer-client-id=5 --mojo-platform-channel-handle=3372 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1400,2407719291376340879,5006741616465988211,131072 --service-pipe-token=EA48244817317F5E8D56D0818F5F6E5A --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=EA48244817317F5E8D56D0818F5F6E5A --renderer-client-id=6 --mojo-platform-channel-handle=3724 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1400,2407719291376340879,5006741616465988211,131072 --service-pipe-token=7252B4D4FEEE987393EFD3100D49FCAA --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=7252B4D4FEEE987393EFD3100D49FCAA --renderer-client-id=7 --mojo-platform-channel-handle=3968 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1400,2407719291376340879,5006741616465988211,131072 --service-pipe-token=7A02A4E5D6434BF65DE912DBC285DEEB --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=7A02A4E5D6434BF65DE912DBC285DEEB --renderer-client-id=12 --mojo-platform-channel-handle=5264 /prefetch:1
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe" 
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" 
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 
"C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1400,2407719291376340879,5006741616465988211,131072 --service-pipe-token=623182C902AA165DEDC3DE6BD778DBC6 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=623182C902AA165DEDC3DE6BD778DBC6 --renderer-client-id=11 --mojo-platform-channel-handle=6064 /prefetch:1
C:\Windows\system32\taskeng.exe
"C:\Program Files\Microsoft Office\Office15\MsoSync.exe" 
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe" 
"C:\Users\Lukáš\Desktop\adwcleaner_7.0.8.0.exe" 
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\Windows\system32\SearchFilterHost.exe" 0 560 564 572 65536 568 
"C:\Users\Lukáš\Desktop\RSITx64.exe" 
C:\Windows\system32\wbem\wmiprvse.exe

====== Scheduled tasks folder ======

C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-Lukas-Lukáš - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
C:\Windows\system32\tasks\ASUS Touchpad Launcher (x64) - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Microsoft Office 15 Sync Maintenance for Lukas-Lukáš Lukas - C:\Program Files\Microsoft Office\Office15\MsoSync.exe
C:\Windows\system32\tasks\User_Feed_Synchronization-{DA08C032-6169-4A3A-8D13-19E4E0EF832B} - C:\Windows\system32\msfeedssync.exe sync
C:\Windows\system32\tasks\{6C3F7F7F-F3B3-4BE8-AEA6-2A3CA11751F8} - C:\Windows\system32\pcalua.exe -a "F:\POWER - 2 - 2017\cdi.exe" -d "F:\POWER - 2 - 2017"
C:\Windows\system32\tasks\{FDE47FCA-C6D9-48A3-B539-A0F0430BD466} - C:\Windows\system32\pcalua.exe -a I:\AutoStarter.EXE -d I:\ -c /NAME=RenaultTrucks
C:\Windows\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\Windows\system32\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - rundll32.exe WSClient.dll,RefreshBannedAppsList
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent /increment
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task

=========Mozilla firefox=========

ProfilePath - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default

prefs.js - "browser.search.suggest.enabled" -  true
prefs.js - "browser.search.useDBForOrder" -  false

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.161.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.161.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL


C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\addons.json

C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions.json
Activity Stream - extension - activity-stream@mozilla.org - 
Application Update Service Helper - extension - aushelper@mozilla.org - 
Pocket - extension - firefox@getpocket.com - 
Follow-on Search Telemetry - extension - followonsearch@mozilla.com - 
Form Autofill - extension - formautofill@mozilla.org - 
Photon onboarding - extension - onboarding@mozilla.org - 
Firefox Screenshots - extension - screenshots@mozilla.org - 
Shield Recipe Client - extension - shield-recipe-client@mozilla.org - 
Web Compat - extension - webcompat@mozilla.org - 
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - 
Поиск@Mail.Ru - extension - search@mail.ru - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions\search@mail.ru.xpi
Домашняя страница Mail.Ru - extension - homepage@mail.ru - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions\homepage@mail.ru.xpi
Пульт - extension - {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi

C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\pluginreg.dat

=========Google Chrome=========

C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace 3.10
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty 0.10
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0  
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.13.5
Extension cldokedgmomhbifmiiogjjkgffhcbaec 1 Back to Backspace 1.3.0
Extension dbkidnlfklnjanneifjjojofckpcogcl 1 Lumin PDF - Beautiful PDF Editor 3.0.1
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension efaidnbmnnnibpcajpcglclefindmkaj 1 Adobe Acrobat 15.1.0.6
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky 4.2
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gmmhebkeocjpdjpmcmjcihakclgmcblb   
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.73
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf   
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.7
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.4
Extension oeopbcgkkoapgobdbedcemjljbihmemj 1 Checker Plus for Gmail™ 21.1.2.2
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6518.129.0.1
Homepage: ds:3+2+2+14+1+10+1+5+2......7+22
default_search_provider.search_url: 
C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage: 
default_search_provider.search_url: 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=


======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-17 474688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-17 188992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-10-01 391128]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-10-01 771032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-10-01 769496]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-11-07 13519432]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-11-07 1278024]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2017-10-03 500208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-09-25 132736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-08-14 4836032]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-10-09 6937216]
"kbdsprt"= []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19 587288]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-09-25 132736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2018-04-10 12:41:42 ----D---- C:\Program Files\trend micro
2018-04-10 12:41:41 ----D---- C:\rsit
2018-04-10 12:11:07 ----D---- C:\AdwCleaner
2018-04-10 12:00:24 ----D---- C:\FRST
2018-04-10 11:29:10 ----SHD---- C:\Windows\Microsoft
2018-04-08 13:55:00 ----HD---- C:\Windows\system32\CanonMF Uninstaller Information
2018-04-08 13:54:58 ----A---- C:\Windows\system32\CNCMFP48.INI
2018-04-08 13:54:58 ----A---- C:\Windows\system32\CNCLSU48b.DLL
2018-04-08 13:54:58 ----A---- C:\Windows\system32\CNCLST48b.DLL
2018-04-08 13:54:58 ----A---- C:\Windows\system32\CNCLSI48b.DLL
2018-04-08 13:54:58 ----A---- C:\Windows\system32\CNCLSD48b.DLL
2018-04-08 13:54:58 ----A---- C:\Windows\system32\CNCLSC48b.DLL
2018-04-08 13:54:57 ----A---- C:\Windows\system32\CNCL210.DLL
2018-04-08 13:54:57 ----A---- C:\Windows\system32\CNCI210.DLL
2018-04-08 13:54:57 ----A---- C:\Windows\system32\CNCE210.DLL
2018-04-08 13:54:56 ----A---- C:\Windows\system32\CNCC210.DLL
2018-04-08 13:54:40 ----D---- C:\Program Files\Canon
2018-03-21 22:30:51 ----D---- C:\Program Files (x86)\Tor Browser

====== List of files/folders modified in the last 1 month ======

2018-04-10 12:41:56 ----D---- C:\Windows\Prefetch
2018-04-10 12:41:42 ----RD---- C:\Program Files
2018-04-10 12:37:30 ----HD---- C:\ProgramData
2018-04-10 12:37:29 ----D---- C:\Windows\system32\drivers
2018-04-10 12:37:25 ----D---- C:\Windows\Temp
2018-04-10 12:24:53 ----D---- C:\Windows\Microsoft.NET
2018-04-10 12:12:44 ----RD---- C:\Program Files (x86)
2018-04-10 12:12:44 ----D---- C:\Program Files\Common Files
2018-04-10 12:12:44 ----D---- C:\Program Files (x86)\Common Files
2018-04-10 12:04:56 ----D---- C:\Windows
2018-04-10 12:00:03 ----D---- C:\Windows\system32\sru
2018-04-10 11:57:18 ----D---- C:\Program Files (x86)\DanuSoft Free Keylogger
2018-04-10 11:57:17 ----D---- C:\Windows\system32\Tasks
2018-04-10 11:46:06 ----RD---- C:\Windows\System32
2018-04-10 11:46:06 ----D---- C:\Windows\Inf
2018-04-10 11:46:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-04-10 11:41:27 ----D---- C:\Users\Lukáš\AppData\Roaming\uTorrent
2018-04-10 11:37:35 ----D---- C:\Windows\AutoKMS
2018-04-10 11:25:58 ----D---- C:\Windows\Tasks
2018-04-10 11:25:46 ----SHD---- C:\$Recycle.Bin
2018-04-10 11:25:46 ----D---- C:\Windows\SysWOW64
2018-04-10 11:25:38 ----HD---- C:\Windows\system32\GroupPolicy
2018-04-08 17:48:05 ----D---- C:\wow5.00.8R2CZECH
2018-04-08 13:56:17 ----D---- C:\Windows\twain_32
2018-04-08 13:54:59 ----D---- C:\Windows\system32\DriverStore
2018-04-08 08:51:48 ----RSD---- C:\Windows\Fonts
2018-04-05 21:02:13 ----D---- C:\Windows\system32\config
2018-04-04 09:04:16 ----SHD---- C:\System Volume Information
2018-03-11 02:25:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2014-11-07 30496]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R3 AthBTPort;@oem11.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2013-09-25 89800]
R3 ATP;@oem6.inf,%PS2.DeviceDesc%;ASUS Input Device; C:\Windows\System32\drivers\AsusTP.sys [2013-02-06 65784]
R3 BTATH_A2DP;@oem10.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2013-09-25 338120]
R3 btath_avdt;@oem10.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2013-09-25 116424]
R3 BTATH_BUS;@oem8.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\Windows\System32\drivers\btath_bus.sys [2013-09-25 34384]
R3 BTATH_HCRP;@oem13.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\Windows\System32\drivers\btath_hcrp.sys [2013-09-25 179432]
R3 BTATH_LWFLT;@oem15.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2013-09-25 77464]
R3 BTATH_RCP;@oem17.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\Windows\System32\drivers\btath_rcp.sys [2013-09-25 137928]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2013-08-22 53248]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2013-08-22 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2013-08-22 77312]
R3 dtlitescsibus;@oem27.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\System32\drivers\dtlitescsibus.sys [2017-10-02 30264]
R3 dtliteusbbus;@oem28.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\Windows\System32\drivers\dtliteusbbus.sys [2017-10-02 47672]
R3 HIDSwitch;@oem1.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\Windows\System32\drivers\AsHIDSwitch64.sys [2013-11-04 20280]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-10-01 4177920]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-11-07 3355336]
R3 IntcDAud;@oem21.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-11-07 449528]
R3 iwdbus;@oem5.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2013-08-23 26008]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport – ovladač pro řadič Qualcomm Atheros AR81xx PCI-E Ethernet; C:\Windows\system32\DRIVERS\L1C63x64.sys [2013-06-18 129224]
R3 MEIx64;@oem2.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-17 62784]
R3 NETwNe64;@netwew00.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows 8; C:\Windows\system32\DRIVERS\NETwew00.sys [2013-07-08 3344352]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-11-07 11273504]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2013-09-30 167424]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-08-22 212224]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S1 QMUdisk;tencent QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMUdisk64.sys []
S1 softaal;softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\softaal64.sys []
S2 tsnethlpx64;TsNetHlpX64.sys; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TsNetHlpX64.sys []
S3 AmUStor;@oem7.inf,%AmUStor.SvcDesc%;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2014-11-07 95232]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2013-08-22 1200128]
S3 dg_ssudbus;@oem39.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2017-05-18 131984]
S3 FTDIBUS;@oem30.inf,%SvcDesc%;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2010-08-24 72648]
S3 FTSER2K;@oem31.inf,%SvcDesc%;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2010-08-24 85320]
S3 intaud_WaveExtensible;@oem4.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2013-08-23 39320]
S3 silabser;@oem38.inf,%silabser.SvcDesc%;Silicon Labs CP210x USB to UART Bridge Driver; C:\Windows\system32\DRIVERS\silabser.sys [2017-10-10 97184]
S3 ssudmdm;@oem40.inf,%ssud.Service.Name%;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2017-05-18 166288]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-08-22 44544]
S3 usbser;@oem37.inf,%CANBus_Device.SvcDesc%;CANBus Device; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-22 33280]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2013-09-25 312448]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 CIJSRegister;@C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe,-100; C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe [2015-02-19 144464]
R2 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-08-21 920864]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2014-11-07 1889568]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-08-14 2291904]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-02 153168]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-10-01 279000]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-02 153168]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-03-04 194512]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

-----------------EOF-----------------

ADW cleaner log:

Kód: Vybrat vše

# AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 10 10:42:00 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-04-10.1
# Running on Windows 8.1 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [4456 B] - [2018/4/10 10:12:49]
C:/AdwCleaner/AdwCleaner[C1].txt - [1450 B] - [2018/4/10 10:27:0]
C:/AdwCleaner/AdwCleaner[S0].txt - [4872 B] - [2018/4/10 10:12:20]
C:/AdwCleaner/AdwCleaner[S1].txt - [1292 B] - [2018/4/10 10:16:1]
C:/AdwCleaner/AdwCleaner[S2].txt - [1215 B] - [2018/4/10 10:29:59]


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########
FRST log:

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Lukáš (administrator) on LUKAS (10-04-2018 12:43:41)
Running from C:\Users\Lukáš\Desktop
Loaded Profiles: Lukáš & UpdatusUser (Available Profiles: Lukáš & UpdatusUser)
Platform: Windows 8.1 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2014-11-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2014-11-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2017-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS)
HKLM-x32\...\Run: [kbdsprt] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-320204181-1198334412-3825561417-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-14] (Disc Soft Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2014-11-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2014-11-07] (NVIDIA Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-320204181-1198334412-3825561417-1001] => 160.220.4.113:80
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{B0CFB684-2F15-4BBB-B105-4817BE469DD2}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-320204181-1198334412-3825561417-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-320204181-1198334412-3825561417-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-320204181-1198334412-3825561417-1001 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-17] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fe91evbz.default
FF ProfilePath: C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default [2018-04-10]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> ds:3+2+2+14+1+10+1+5+2......7+22
CHR StartupUrls: Default -> "hxxp://www.igoogle.com/","hxxp://mail.ru/cnt/10445?gp=855100"
CHR Profile: C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default [2018-04-10]
CHR Extension: (Prezentace) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Dokumenty) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-02]
CHR Extension: (YouTube) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-02]
CHR Extension: (Adblock Plus) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-26]
CHR Extension: (Back to Backspace) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldokedgmomhbifmiiogjjkgffhcbaec [2017-10-02]
CHR Extension: (Lumin PDF - Beautiful PDF Editor) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkidnlfklnjanneifjjojofckpcogcl [2017-10-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-02]
CHR Extension: (Tabulky) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2018-03-29]
CHR Extension: (Gmail) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-02]
CHR Extension: (Chrome Media Router) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-24]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 CIJSRegister; C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe [144464 2015-02-19] (CANON INC.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-02-06] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-10-02] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-10-02] (Disc Soft Ltd)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\softaal64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TsNetHlpX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-10 12:43 - 2018-04-10 12:43 - 000016147 _____ C:\Users\Lukáš\Desktop\FRST.txt
2018-04-10 12:41 - 2018-04-10 12:42 - 000000000 ____D C:\rsit
2018-04-10 12:41 - 2018-04-10 12:41 - 001329152 _____ C:\Users\Lukáš\Desktop\RSITx64.exe
2018-04-10 12:41 - 2018-04-10 12:41 - 000000000 ____D C:\Program Files\trend micro
2018-04-10 12:11 - 2018-04-10 12:42 - 000000000 ____D C:\AdwCleaner
2018-04-10 12:10 - 2018-04-10 12:11 - 008222496 _____ (Malwarebytes) C:\Users\Lukáš\Desktop\adwcleaner_7.0.8.0.exe
2018-04-10 12:00 - 2018-04-10 12:43 - 000000000 ____D C:\FRST
2018-04-10 11:59 - 2018-04-10 12:00 - 002403328 _____ (Farbar) C:\Users\Lukáš\Desktop\FRST64.exe
2018-04-10 11:39 - 2018-04-10 11:39 - 000000270 __RSH C:\Users\Lukáš\ntuser.pol
2018-04-10 11:27 - 2018-04-10 11:52 - 000000000 ____D C:\Users\Lukáš\AppData\Local\etdctrl
2018-04-10 11:25 - 2018-04-10 11:25 - 000004376 __RSH C:\ProgramData\ntuser.pol
2018-04-09 20:18 - 2018-04-09 20:19 - 000000000 ____D C:\Users\Lukáš\Desktop\unc
2018-04-08 21:45 - 2018-04-08 21:45 - 000000032 _____ C:\Users\Lukáš\Desktop\tisk.txt
2018-04-08 13:55 - 2018-04-08 13:55 - 000000000 ___HD C:\Windows\system32\CanonMF Uninstaller Information
2018-04-08 13:54 - 2018-04-08 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2018-04-08 13:54 - 2018-04-08 13:54 - 000000000 ____D C:\Program Files\Canon
2018-04-08 13:54 - 2014-03-04 10:52 - 000394240 _____ (CANON INC.) C:\Windows\system32\CNCC210.DLL
2018-04-08 13:54 - 2014-03-04 10:52 - 000152576 _____ (CANON INC.) C:\Windows\system32\CNCE210.DLL
2018-04-08 13:54 - 2014-03-04 10:52 - 000136704 _____ (CANON INC.) C:\Windows\system32\CNCL210.DLL
2018-04-08 13:54 - 2014-03-04 10:52 - 000132096 _____ (CANON INC.) C:\Windows\system32\CNCLSD48b.DLL
2018-04-08 13:54 - 2014-03-04 10:52 - 000118272 _____ (CANON INC.) C:\Windows\system32\CNCLSI48b.DLL
2018-04-08 13:54 - 2014-03-04 10:52 - 000118272 _____ (CANON INC.) C:\Windows\system32\CNCI210.DLL
2018-04-08 13:54 - 2014-03-04 10:52 - 000105472 _____ (CANON INC.) C:\Windows\system32\CNCLST48b.DLL
2018-04-08 13:54 - 2014-03-04 10:52 - 000090624 _____ (CANON INC.) C:\Windows\system32\CNCLSC48b.DLL
2018-04-08 13:54 - 2014-03-04 10:52 - 000083968 _____ (CANON INC.) C:\Windows\system32\CNCLSU48b.DLL
2018-04-08 13:54 - 2014-02-03 19:19 - 000000431 _____ C:\Windows\system32\CNCMFP48.INI
2018-03-25 10:52 - 2018-04-10 12:39 - 000004946 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Lukas-Lukáš Lukas
2018-03-24 10:39 - 2018-03-24 10:39 - 003276316 _____ C:\Users\Lukáš\Desktop\navod_locust_l750_unc.pdf
2018-03-21 22:31 - 2018-03-23 17:00 - 000001081 _____ C:\Users\Lukáš\Desktop\Tor.lnk
2018-03-21 22:30 - 2018-03-27 21:12 - 000000000 ____D C:\Program Files (x86)\Tor Browser

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-10 12:43 - 2017-10-02 21:31 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-320204181-1198334412-3825561417-1001
2018-04-10 12:38 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-10 11:57 - 2018-01-05 00:13 - 000000000 ____D C:\Program Files (x86)\DanuSoft Free Keylogger
2018-04-10 11:47 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-04-10 11:46 - 2013-09-30 06:20 - 001745984 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-10 11:46 - 2013-09-30 05:57 - 000739924 _____ C:\Windows\system32\perfh005.dat
2018-04-10 11:46 - 2013-09-30 05:57 - 000151610 _____ C:\Windows\system32\perfc005.dat
2018-04-10 11:46 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2018-04-10 11:41 - 2017-10-02 22:11 - 000000000 ____D C:\Users\Lukáš\AppData\Roaming\uTorrent
2018-04-10 11:39 - 2017-10-02 21:20 - 000000000 ____D C:\Users\Lukáš
2018-04-10 11:38 - 2013-08-22 16:44 - 005040688 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-10 11:37 - 2017-10-03 08:24 - 000000000 ____D C:\Windows\AutoKMS
2018-04-10 11:25 - 2013-08-22 17:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-04-10 07:11 - 2017-10-02 21:27 - 000003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA08C032-6169-4A3A-8D13-19E4E0EF832B}
2018-04-09 21:57 - 2018-01-07 16:53 - 000000000 ____D C:\Users\Lukáš\AppData\LocalLow\Mozilla
2018-04-08 17:48 - 2015-05-08 23:40 - 000000000 ____D C:\wow5.00.8R2CZECH
2018-04-08 11:59 - 2017-11-28 15:55 - 000000132 _____ C:\Users\Lukáš\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2018-04-08 09:02 - 2017-10-02 21:21 - 000000000 ____D C:\Users\Lukáš\AppData\Local\Packages
2018-04-02 21:12 - 2017-10-03 10:54 - 000000000 ____D C:\Users\Lukáš\Desktop\kupni_smlouvy
2018-03-23 15:21 - 2017-10-02 21:51 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 15:21 - 2017-10-02 21:51 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-19 10:55 - 2017-10-02 21:37 - 000000000 ____D C:\Users\UpdatusUser
2018-03-13 08:49 - 2018-02-23 01:58 - 000000000 ____D C:\Users\Lukáš\Desktop\BAZOS
2018-03-11 02:25 - 2018-01-07 16:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2017-11-28 15:55 - 2018-04-08 11:59 - 000000132 _____ () C:\Users\Lukáš\AppData\Roaming\Adobe Formát PNG CS5 – předvolby

Some files in TEMP:
====================
2018-04-10 11:23 - 2018-04-10 11:23 - 002311864 _____ () C:\Users\Lukáš\AppData\Local\Temp\6iHt6o3TdhIg.exe
2017-11-01 07:47 - 2017-11-01 07:48 - 001856576 _____ (Oracle Corporation) C:\Users\Lukáš\AppData\Local\Temp\jre-8u151-windows-au.exe
2018-01-17 09:26 - 2018-01-17 09:26 - 001864256 _____ (Oracle Corporation) C:\Users\Lukáš\AppData\Local\Temp\jre-8u161-windows-au.exe
2018-04-10 11:27 - 2018-04-10 11:29 - 056688640 _____ () C:\Users\Lukáš\AppData\Local\Temp\lwkBeCxkBQ3C.exe
2018-04-10 11:29 - 2018-04-10 11:29 - 011632640 _____ () C:\Users\Lukáš\AppData\Local\Temp\pPKtE8cPxdHc.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION

LastRegBack: 2018-04-09 06:41

==================== End of FRST.txt ============================
FRST log ,,ADDITION":

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Lukáš (10-04-2018 12:44:18)
Running from C:\Users\Lukáš\Desktop
Windows 8.1 Pro (X64) (2017-10-02 19:20:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-320204181-1198334412-3825561417-500 - Administrator - Disabled)
Guest (S-1-5-21-320204181-1198334412-3825561417-501 - Limited - Disabled)
Lukáš (S-1-5-21-320204181-1198334412-3825561417-1001 - Administrator - Enabled) => C:\Users\Lukáš
UpdatusUser (S-1-5-21-320204181-1198334412-3825561417-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{01097D6A-8EC6-476D-A336-2B2596C39175}) (Version: 3.9.142.62248 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.9.142.62248 - Alcor Micro Corp.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.0.1 - ASUS)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
Balíček ovladače systému Windows - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Balíček ovladače systému Windows - Ross-Tech HIDClass  (01/05/2014 6.3.0.3) (HKLM\...\3A9B09BBD4F12A76FBBD3A428729660930BA5F13) (Version: 01/05/2014 6.3.0.3 - Ross-Tech)
Balíček ovladače systému Windows - Ross-Tech USB Driver Package (05/12/2014 2.10.00) (HKLM\...\88B02C4BD09AA7910C55C4E74BE8F036244B5CF9) (Version: 05/12/2014 2.10.00 - Ross-Tech)
Balíček ovladače systému Windows - Silicon Laboratories Inc. (silabser) Ports  (09/27/2017 6.7.5.1893) (HKLM\...\3C57DA61F41601ACF85CC77F740AA00672E0BCD7) (Version: 09/27/2017 6.7.5.1893 - Silicon Laboratories Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.71.1081 - AB Team, d.o.o.)
BurnAware Free 10.5 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon MF210 Series (HKLM\...\{14824AB4-17F5-4909-80AB-A7E24743A47C}) (Version: 4.5.0.0 - CANON INC.)
Canon MG6800 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6800_series) (Version: 1.00 - Canon Inc.)
Consult V4 RenaultTrucks (HKLM-x32\...\Consult V4 RenaultTrucks) (Version:  - )
Consult VIN (HKLM-x32\...\Consult VIN) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
Diagnosis v5.0.0.6 (HKLM-x32\...\Software_mind-IT_Diagnosis_DriverSetup) (Version: 5.0.0.6 - mind-IT)
ECU Simulator Config (HKU\S-1-5-21-320204181-1198334412-3825561417-1001\...\{AC4684EF-23CB-48D6-BAAB-8781A954BEDC}) (Version: 1.5 - IMSAPP)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Microsoft Access 2000 SR-1 Runtime (HKLM-x32\...\{004F0409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 58.0.2 (x64 cs)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
MProg 3.0a (HKLM-x32\...\MProg 3.0a) (Version:  - )
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
NVIDIA Ovladače grafiky 326.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.83 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
OBD Data Changer (HKLM-x32\...\{2F0CAB65-1637-4B42-8B9A-3401A1960676}) (Version: 1.1 - LIANGHUNG)
Ovládací panel NVIDIA 326.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 326.83 - NVIDIA Corporation) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.2.2750 - Jan Fiala)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6886 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Spyrix Free Keylogger 9.0.5 (HKLM-x32\...\Spyrix Free Keylogger_is1) (Version: 9.0.5 - Spyrix Security Inc.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
USB Disk Storage Format Tool 5.3 (HKLM\...\USB Disk Storage Format Tool_is1) (Version:  - Authorsoft Corporation)
VCDS Release 17.1.3 (HKLM-x32\...\VCDS Release) (Version: 17.1.3 - Ross-Tech)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_CZ_is1) (Version: 17.0.1.1 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-320204181-1198334412-3825561417-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-01-01] ()
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2013-09-25] (Qualcomm®Atheros®)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2013-09-25] (Qualcomm®Atheros®)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-10-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-08-21] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-320204181-1198334412-3825561417-1001: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files (x86)\PSPad editor\pspshellx64.dll [2014-11-02] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03D65028-915A-4458-AF8D-45AE16F9FD4C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Lukas-Lukáš Lukas => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {0AC33F25-331D-4288-B59E-3618E68B4A8B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {0F09C276-0B52-4E9B-9095-3112DD64CD79} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {2392703E-EECA-4592-ABAE-DF75E0C0B819} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-02] (Google Inc.)
Task: {33954270-B049-4A4E-83FD-3CBA34996EBB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-02] (Google Inc.)
Task: {42985E32-2B30-4A5E-9CD8-E263872A9071} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {4E4E03DB-9AD9-49B1-B75D-4317B5C11BE2} - System32\Tasks\AdobeAAMUpdater-1.0-Lukas-Lukáš => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2017-10-03] (Adobe Systems Incorporated)
Task: {50FD4295-21E8-4756-BE9F-5594FBD6C5AD} - System32\Tasks\{FDE47FCA-C6D9-48A3-B539-A0F0430BD466} => C:\Windows\system32\pcalua.exe -a I:\AutoStarter.EXE -d I:\ -c /NAME=RenaultTrucks
Task: {57951B6F-3BEC-4344-9E38-958DA79B9C09} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {6766F02C-6E7D-455E-9CB5-F0977BBE3903} - System32\Tasks\{6C3F7F7F-F3B3-4BE8-AEA6-2A3CA11751F8} => C:\Windows\system32\pcalua.exe -a "F:\POWER - 2 - 2017\cdi.exe" -d "F:\POWER - 2 - 2017"
Task: {7F20B57D-4B42-46FA-B15C-6BB187510E30} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-02-06] (AsusTek)
Task: {BF584E17-11E2-4855-A8FE-112CE2D53127} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-10-02 21:36 - 2014-11-07 13:44 - 000013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2017-10-03 15:06 - 2007-08-08 00:08 - 000094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2018-03-23 15:21 - 2018-03-20 08:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-23 15:21 - 2018-03-20 08:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2013-09-25 03:04 - 2013-09-25 03:04 - 000011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 03:01 - 2013-09-25 03:01 - 000086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-10-01 13:02 - 2013-10-01 13:02 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-25 03:08 - 2013-09-25 03:08 - 000012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-320204181-1198334412-3825561417-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lukáš\Pictures\darkwood_floor_1920x1200.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F26B3841-25B5-45CB-8F6C-469492CD0F92}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1DE390D4-A491-42BA-A77B-424403E77F00}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F6A44A66-9FCF-4D23-8F8F-7A15005AA2FF}] => (Allow) C:\Program Files (x86)\utorrent\utorrent.exe
FirewallRules: [{501A006F-F786-40B3-8E1A-D62959464CC5}] => (Allow) C:\Program Files (x86)\utorrent\utorrent.exe
FirewallRules: [TCP Query User{0B10671E-C1E5-42EA-9257-2DECA4E48C0F}C:\users\lukáš\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lukáš\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{B87756A2-B678-41AC-8C3A-34C98BBBA12C}C:\users\lukáš\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lukáš\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{2142B287-BD02-4041-9B3F-4D750B1A07B8}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [TCP Query User{753A8BC4-A601-4337-ABCE-E2A8DC4DF754}C:\program files (x86)\ivecopower\app\mysql\bin\mysqld.exe] => (Allow) C:\program files (x86)\ivecopower\app\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{61CCF80D-D81A-40CD-A9CF-6E8B176BC4F3}C:\program files (x86)\ivecopower\app\mysql\bin\mysqld.exe] => (Allow) C:\program files (x86)\ivecopower\app\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{FCCB1EF0-8127-40AC-BABB-1D66FDC3AC78}C:\program files (x86)\ivecopower\cdi.exe] => (Allow) C:\program files (x86)\ivecopower\cdi.exe
FirewallRules: [UDP Query User{40E18EE9-697E-407D-9E77-C46389619353}C:\program files (x86)\ivecopower\cdi.exe] => (Allow) C:\program files (x86)\ivecopower\cdi.exe
FirewallRules: [{1B1D92BB-7C51-4D21-9DA9-3A54C30043AA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4E031A04-B32F-4817-AF5E-A4727BB5B751}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{55E9B864-14E1-477B-AE7F-3A9B1F0D5ED4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AEF7542C-1062-41C9-B13D-0532A6546F34}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{FE082122-4254-4079-AF7C-E4529BE80AE4}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{F7AD4131-64CE-420E-9AD5-AFC3C0D010C7}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{C21CEF58-B8EB-42A6-816C-6535C9CD63A3}] => (Allow) C:\Program Files\Zoner\Photo Studio 17\Program32\MediaServer.exe
FirewallRules: [TCP Query User{D40DB198-6E6A-42DD-947E-7090B46C607D}C:\users\lukáš\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Allow) C:\users\lukáš\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [UDP Query User{6202F331-E6FE-49AB-9067-91747EACA832}C:\users\lukáš\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Allow) C:\users\lukáš\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [{4D92BB7C-33AA-43CD-90DC-C21A103A8F1C}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{BACAF22C-C04D-419B-A687-57A52E6275CE}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{D5AA5CA9-5B15-4D08-87DA-DCC12FE0A9B3}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{016D67AC-7314-4B6C-8C42-2DA293E149EC}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{C22434AF-6C07-4E06-94CB-F0E50B9101A6}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{F7AD02E5-25C3-42CC-BEBF-9F63CD321262}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [TCP Query User{44C91360-5DF3-419C-8A4E-4F9C27AF8D57}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{2302C8A4-443D-46AF-8A6B-BB8FD3DF1701}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{C7E10013-6B2D-46F6-B5F6-D94F891779DF}C:\program files (x86)\ivecopower\app\mysql\bin\mysqld.exe] => (Allow) C:\program files (x86)\ivecopower\app\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{4A8A1573-E909-4874-A16B-594C1F0DF1F3}C:\program files (x86)\ivecopower\app\mysql\bin\mysqld.exe] => (Allow) C:\program files (x86)\ivecopower\app\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{3BCAE594-0F39-40A9-89A9-2AA9EA04218F}C:\program files (x86)\ivecopower\cdi.exe] => (Allow) C:\program files (x86)\ivecopower\cdi.exe
FirewallRules: [UDP Query User{0307B0A7-FBC5-4D7D-AACB-559516BF528D}C:\program files (x86)\ivecopower\cdi.exe] => (Allow) C:\program files (x86)\ivecopower\cdi.exe
FirewallRules: [{0BBB61DF-2605-4E59-86EA-A374DBD548D6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3482D4D8-43B1-4226-9A03-7FC8697EA04C}] => (Allow) LPort=2869
FirewallRules: [{57C65830-24C8-4441-898A-432A368D5B93}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{3A484085-3150-40C6-B2DE-C680E4E80AB8}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [UDP Query User{A6D9EAA9-19E7-42CC-91A1-EBC979A1C463}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [{63A624D7-5BB4-4430-8FB4-DB9755A2F239}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{150DC7EC-2F88-4DAC-9AC2-08F9DA8C09C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{331250B6-4A07-4CA1-B2BB-95188FEA4796}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2F1FAF3D-56E4-4DA3-B351-DD4D2A3CB0B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-03-2018 13:06:47 Naplánovaný kontrolní bod
26-03-2018 09:37:22 Naplánovaný kontrolní bod
04-04-2018 09:04:06 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2018 12:39:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/10/2018 12:39:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/10/2018 12:28:38 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/10/2018 12:28:36 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/10/2018 12:26:11 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generování kontextu aktivace pro c:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll na řádku 3.
Hodnota MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version v prvku assemblyIdentity je neplatná.

Error: (04/10/2018 12:25:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll se nezdařilo.
Závislé sestavení Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (04/10/2018 12:25:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll se nezdařilo.
Závislé sestavení Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (04/10/2018 12:25:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll se nezdařilo.
Závislé sestavení Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.


System errors:
=============
Error: (04/10/2018 12:38:12 PM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Místní adaptér nepodporuje důležitý stav řadiče úspory energie. Minimální požadovaná podporovaná maska stavu je 0x1f7fffff, aktuální hodnota je 0x1f3fffff.  Funkce úspory energie bude vypnuta.

Error: (04/10/2018 12:27:34 PM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Místní adaptér nepodporuje důležitý stav řadiče úspory energie. Minimální požadovaná podporovaná maska stavu je 0x1f7fffff, aktuální hodnota je 0x1f3fffff.  Funkce úspory energie bude vypnuta.

Error: (04/10/2018 12:26:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (04/10/2018 12:26:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/10/2018 12:26:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Update Service Daemon byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/10/2018 12:26:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (04/10/2018 12:26:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Czech Canon IJ Scan Utility register event byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/10/2018 12:26:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2018-04-10 11:55:25.274
Description: 
Prohledávání Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767
Název: HackTool:MSIL/AutoKMS
ID: 2147711767
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\ProgramData\Malwarebytes\MBAMService\43d5b43e-3ca5-11e8-9359-6817293dffad;file:_C:\ProgramData\Malwarebytes\MBAMService\44cc9a24-3ca5-11e8-8f0a-6817293dffad
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Verze podpisu: AV: 1.265.366.0, AS: 1.265.366.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-10 11:55:16.629
Description: 
Prohledávání Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767
Název: HackTool:MSIL/AutoKMS
ID: 2147711767
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\ProgramData\Malwarebytes\MBAMService\43d5b43e-3ca5-11e8-9359-6817293dffad
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Verze podpisu: AV: 1.265.366.0, AS: 1.265.366.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-10 11:42:47.789
Description: 
Prohledávání Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Lukáš\Desktop\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\KMSpico Install\KMSpico_setup.exe;file:_C:\Users\Lukáš\Desktop\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\KMSpico Install\UnInstall_Service.cmd;file:_C:\Users\Lukáš\Desktop\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\Portable\cert\installAll.cmd
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: Lukas\Lukáš
Název procesu: C:\Windows\explorer.exe
Verze podpisu: AV: 1.265.366.0, AS: 1.265.366.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-10 11:42:45.586
Description: 
Prohledávání Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\LUK~1\AppData\Local\Temp\Rar$DRa0.325\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\KMSpico Install\KMSpico_setup.exe;file:_C:\Users\LUK~1\AppData\Local\Temp\Rar$DRa0.325\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\KMSpico Install\UnInstall_Service.cmd;file:_C:\Users\LUK~1\AppData\Local\Temp\Rar$DRa0.325\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\Portable\Auto (Run as Admin).cmd;file:_C:\Users\LUK~1\AppData\Local\Temp\Rar$DRa0.325\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\Portable\cert\installAll.cmd;file:_C:\Users\Lukáš\AppData\Local\Temp\Rar$DRa0.325\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\KMSpico Install\KMSpico_setup.exe;file:_C:\Users\Lukáš\AppData\Local\Temp\Rar$DRa0.325\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\KMSpico Install\UnInstall_Service.cmd;file:_C
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: Lukas\Lukáš
Název procesu: C:\Program Files\WinRAR\WinRAR.exe
Verze podpisu: AV: 1.265.366.0, AS: 1.265.366.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-10 11:42:38.555
Description: 
Prohledávání Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767
Název: HackTool:MSIL/AutoKMS
ID: 2147711767
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\LUK~1\AppData\Local\Temp\Rar$DRa0.325\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\Portable\AutoPico.exe;file:_C:\Users\LUK~1\AppData\Local\Temp\Rar$DRa0.325\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\Portable\KMSELDI.exe;file:_C:\Users\Lukáš\AppData\Local\Temp\Rar$DRa0.325\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\Portable\AutoPico.exe;file:_C:\Users\Lukáš\AppData\Local\Temp\Rar$DRa0.325\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\Portable\KMSELDI.exe;file:_C:\Users\Lukáš\Desktop\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\Portable\KMSELDI.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: Lukas\Lukáš
Název procesu: C:\Windows\System32\SearchProtocolHost.exe
Verze podpisu: AV: 1.265.366.0, AS: 1.265.366.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-10 11:10:34.486
Description: 
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba 
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2018-03-27 20:30:13.273
Description: 
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba 
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2018-03-15 12:46:29.370
Description: 
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba 
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2018-03-03 10:49:13.789
Description: 
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba 
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2018-02-22 10:50:46.884
Description: 
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba 
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 32%
Total physical RAM: 6029.72 MB
Available physical RAM: 4048.41 MB
Total Virtual: 6989.72 MB
Available Virtual: 4933.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:349.15 GB) (Free:296.07 GB) NTFS
Drive d: () (Fixed) (Total:349.15 GB) (Free:235.05 GB) NTFS

\\?\Volume{0e92e4cf-a7a6-11e7-8250-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 90B5931B)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=349.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=349.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vyskakují ruská okna v Chrome

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

lukas_t
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 dub 2009 18:08

Re: Vyskakují ruská okna v Chrome

#3 Příspěvek od lukas_t »

Dobrý den, log z Adw cleaneru jsem vkládal výše. Nic nenajde. Pro úplnost jsem to projel ještě jednou...

Kód: Vybrat vše

# AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 10 11:22:16 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 8.1 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [4456 B] - [2018/4/10 10:12:49]
C:/AdwCleaner/AdwCleaner[C1].txt - [1450 B] - [2018/4/10 10:27:0]
C:/AdwCleaner/AdwCleaner[S0].txt - [4872 B] - [2018/4/10 10:12:20]
C:/AdwCleaner/AdwCleaner[S1].txt - [1292 B] - [2018/4/10 10:16:1]
C:/AdwCleaner/AdwCleaner[S2].txt - [1215 B] - [2018/4/10 10:29:59]
C:/AdwCleaner/AdwCleaner[S3].txt - [1283 B] - [2018/4/10 10:42:1]
C:/AdwCleaner/AdwCleaner[S4].txt - [1350 B] - [2018/4/10 10:59:38]
C:/AdwCleaner/AdwCleaner[S5].txt - [1418 B] - [2018/4/10 11:22:6]


########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vyskakují ruská okna v Chrome

#4 Příspěvek od Rudy »

OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions\search@mail.ru.xpi
C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions\homepage@mail.ru.xpi
C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi
C:\Windows\AutoKMS

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]/64
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

:commands
[Purity]
[EmptyTemp]
[Emptyflash]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

lukas_t
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 dub 2009 18:08

Re: Vyskakují ruská okna v Chrome

#5 Příspěvek od lukas_t »

Log OTM:

Kód: Vybrat vše

All processes killed
========== FILES ==========
File/Folder C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions\search@mail.ru.xpi not found.
File/Folder C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions\homepage@mail.ru.xpi not found.
File/Folder C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi not found.
C:\Windows\AutoKMS folder moved successfully.
========== REGISTRY ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lukáš
->Temp folder emptied: 380790191 bytes
->Temporary Internet Files folder emptied: 90791542 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51121572 bytes
->Google Chrome cache emptied: 438764519 bytes
->Flash cache emptied: 1083 bytes
 
User: Luk釟
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1721576 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15694157 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 1141 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 934,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Lukáš
->Flash cache emptied: 0 bytes
 
User: Luk釟
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 04102018_162238

Files moved on Reboot...
C:\Users\Lukáš\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\Lukáš\AppData\Local\Temp\JETB754.tmp not found!
C:\Users\Lukáš\AppData\Local\Temp\~DF76ACAAFE6EFF5ADD.TMP moved successfully.
C:\Users\Lukáš\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\Windows\temp\FD4F869C-ED24-4AAF-B752-F0203E1B479517d0.1d3d0aecb25d455\nisfull.vdm scheduled to be moved on reboot.

Registry entries deleted on Reboot...



Log RSIT:

Kód: Vybrat vše

Logfile of random's system information tool 1.16 (written by random/random) 
Run by Lukáš at 2018-04-10 16:27:19
Microsoft Windows 8.1 Pro 
System drive C: has 304 GB (85%) free of 358 GB
Total RAM: 6030 MB (71% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:27:22, on 10. 4. 2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16384)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\trend micro\Lukáš_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 160.220.4.113:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe,-100 (CIJSRegister) - CANON INC. - C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 9593 bytes

====== Enumerating Processes ======

C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\dwm.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe" 
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe" 
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe" 
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\Windows\system32\SearchFilterHost.exe" 0 556 560 568 65536 564 
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe" 
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe" 
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" 
"C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe"
"C:\Windows\System32\igfxtray.exe" 
"C:\Windows\system32\igfxsrvc.exe" -Embedding
"C:\Windows\System32\hkcmd.exe" 
"C:\Windows\System32\igfxpers.exe" 
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX3
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe" 
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" 
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x10c,0x110,0x114,0x108,0x118,0x7ff9d3a1f1e8,0x7ff9d3a1f1f8,0x7ff9d3a1f208
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3680 --on-initialized-event-handle=468 --parent-handle=472 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1360,12077927175293298613,15788150991182592268,131072 --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3308 --gpu-driver-date=9-16-2013 --gpu-secondary-vendor-ids=0x10de --gpu-secondary-device-ids=0x0fe4 --service-request-channel-token=663A557F32C3F9BF5DAADA7DAB22035A --mojo-platform-channel-handle=1384 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1360,12077927175293298613,15788150991182592268,131072 --service-pipe-token=2B9E4D6A2475A79DAE3D3D983DED9D1A --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=2B9E4D6A2475A79DAE3D3D983DED9D1A --renderer-client-id=3 --mojo-platform-channel-handle=2520 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1360,12077927175293298613,15788150991182592268,131072 --service-pipe-token=56DE5D62C147B42CC639D4451DAC43B2 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=56DE5D62C147B42CC639D4451DAC43B2 --renderer-client-id=4 --mojo-platform-channel-handle=2916 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1360,12077927175293298613,15788150991182592268,131072 --service-pipe-token=682485FD7F6009FF931464051F85B451 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=682485FD7F6009FF931464051F85B451 --renderer-client-id=5 --mojo-platform-channel-handle=2980 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1360,12077927175293298613,15788150991182592268,131072 --service-pipe-token=63B3ADCBF587E767FB130B33C1B9F55E --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=63B3ADCBF587E767FB130B33C1B9F55E --renderer-client-id=6 --mojo-platform-channel-handle=3208 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1360,12077927175293298613,15788150991182592268,131072 --service-pipe-token=4C29C2965955E87E98358CFFC1BA5BAF --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=4C29C2965955E87E98358CFFC1BA5BAF --renderer-client-id=7 --mojo-platform-channel-handle=3456 /prefetch:1
C:\Windows\system32\taskeng.exe
"C:\Program Files\Microsoft Office\Office15\MsoSync.exe" 
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1360,12077927175293298613,15788150991182592268,131072 --service-pipe-token=80EEE3D1E4EE79FDA077F2CD9F6A16AB --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=80EEE3D1E4EE79FDA077F2CD9F6A16AB --renderer-client-id=12 --mojo-platform-channel-handle=6128 /prefetch:1
"C:\Users\Lukáš\Desktop\RSITx64.exe" 
"C:\Program Files\Windows Media Player\wmpnetwk.exe"

====== Scheduled tasks folder ======

C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-Lukas-Lukáš - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
C:\Windows\system32\tasks\ASUS Touchpad Launcher (x64) - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
C:\Windows\system32\tasks\AutoKMS - C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Microsoft Office 15 Sync Maintenance for Lukas-Lukáš Lukas - C:\Program Files\Microsoft Office\Office15\MsoSync.exe
C:\Windows\system32\tasks\User_Feed_Synchronization-{DA08C032-6169-4A3A-8D13-19E4E0EF832B} - C:\Windows\system32\msfeedssync.exe sync
C:\Windows\system32\tasks\{6C3F7F7F-F3B3-4BE8-AEA6-2A3CA11751F8} - C:\Windows\system32\pcalua.exe -a "F:\POWER - 2 - 2017\cdi.exe" -d "F:\POWER - 2 - 2017"
C:\Windows\system32\tasks\{FDE47FCA-C6D9-48A3-B539-A0F0430BD466} - C:\Windows\system32\pcalua.exe -a I:\AutoStarter.EXE -d I:\ -c /NAME=RenaultTrucks
C:\Windows\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\Windows\system32\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - rundll32.exe WSClient.dll,RefreshBannedAppsList
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent /increment
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task

=========Mozilla firefox=========

ProfilePath - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default

prefs.js - "browser.search.suggest.enabled" -  true
prefs.js - "browser.search.useDBForOrder" -  false

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.161.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.161.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL


C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\addons.json

C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions.json
Activity Stream - extension - activity-stream@mozilla.org - 
Application Update Service Helper - extension - aushelper@mozilla.org - 
Pocket - extension - firefox@getpocket.com - 
Follow-on Search Telemetry - extension - followonsearch@mozilla.com - 
Form Autofill - extension - formautofill@mozilla.org - 
Photon onboarding - extension - onboarding@mozilla.org - 
Firefox Screenshots - extension - screenshots@mozilla.org - 
Shield Recipe Client - extension - shield-recipe-client@mozilla.org - 
Web Compat - extension - webcompat@mozilla.org - 
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - 
Поиск@Mail.Ru - extension - search@mail.ru - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions\search@mail.ru.xpi
Домашняя страница Mail.Ru - extension - homepage@mail.ru - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions\homepage@mail.ru.xpi
Пульт - extension - {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi

C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\fe91evbz.default\pluginreg.dat

=========Google Chrome=========

C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace 3.10
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty 0.10
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0  
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.13.5
Extension cldokedgmomhbifmiiogjjkgffhcbaec 1 Back to Backspace 1.3.0
Extension dbkidnlfklnjanneifjjojofckpcogcl 1 Lumin PDF - Beautiful PDF Editor 3.0.1
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension efaidnbmnnnibpcajpcglclefindmkaj 1 Adobe Acrobat 15.1.0.6
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky 4.2
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gmmhebkeocjpdjpmcmjcihakclgmcblb   
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.73
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf   
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.7
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.4
Extension oeopbcgkkoapgobdbedcemjljbihmemj 1 Checker Plus for Gmail™ 21.1.2.2
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6518.129.0.1
Homepage: ds:3+2+2+14+1+10+1+5+2......7+22
default_search_provider.search_url: 
C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage: 
default_search_provider.search_url: 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=


======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-17 474688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-17 188992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-10-01 391128]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-10-01 771032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-10-01 769496]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-11-07 13519432]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-11-07 1278024]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2017-10-03 500208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-09-25 132736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-08-14 4836032]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-10-09 6937216]
"kbdsprt"= []
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-09-25 132736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33794927.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\91940180.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\33794927.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\91940180.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2018-04-10 16:22:38 ----D---- C:\_OTM
2018-04-10 15:57:37 ----D---- C:\Users\Lukáš\AppData\Roaming\system32
2018-04-10 15:37:02 ----D---- C:\KVRT_Data
2018-04-10 12:41:42 ----D---- C:\Program Files\trend micro
2018-04-10 12:41:41 ----D---- C:\rsit
2018-04-10 12:11:07 ----D---- C:\AdwCleaner
2018-04-10 12:00:24 ----D---- C:\FRST
2018-04-10 11:29:10 ----SHD---- C:\Windows\Microsoft
2018-04-08 13:55:00 ----HD---- C:\Windows\system32\CanonMF Uninstaller Information
2018-04-08 13:54:58 ----A---- C:\Windows\system32\CNCMFP48.INI
2018-04-08 13:54:58 ----A---- C:\Windows\system32\CNCLSU48b.DLL
2018-04-08 13:54:58 ----A---- C:\Windows\system32\CNCLST48b.DLL
2018-04-08 13:54:58 ----A---- C:\Windows\system32\CNCLSI48b.DLL
2018-04-08 13:54:58 ----A---- C:\Windows\system32\CNCLSD48b.DLL
2018-04-08 13:54:58 ----A---- C:\Windows\system32\CNCLSC48b.DLL
2018-04-08 13:54:57 ----A---- C:\Windows\system32\CNCL210.DLL
2018-04-08 13:54:57 ----A---- C:\Windows\system32\CNCI210.DLL
2018-04-08 13:54:57 ----A---- C:\Windows\system32\CNCE210.DLL
2018-04-08 13:54:56 ----A---- C:\Windows\system32\CNCC210.DLL
2018-04-08 13:54:40 ----D---- C:\Program Files\Canon
2018-03-21 22:30:51 ----D---- C:\Program Files (x86)\Tor Browser

====== List of files/folders modified in the last 1 month ======

2018-04-10 16:26:06 ----D---- C:\Windows\Prefetch
2018-04-10 16:24:08 ----D---- C:\Windows\Temp
2018-04-10 16:24:04 ----D---- C:\Windows
2018-04-10 16:20:01 ----D---- C:\Windows\Inf
2018-04-10 16:19:16 ----D---- C:\Windows\system32\drivers
2018-04-10 16:18:48 ----RD---- C:\Windows\System32
2018-04-10 16:06:39 ----D---- C:\Windows\system32\Tasks
2018-04-10 16:05:18 ----D---- C:\Users\Lukáš\AppData\Roaming\uTorrent
2018-04-10 16:00:01 ----D---- C:\Windows\system32\sru
2018-04-10 13:18:32 ----D---- C:\Windows\Microsoft.NET
2018-04-10 12:41:42 ----RD---- C:\Program Files
2018-04-10 12:40:25 ----D---- C:\Windows\system32\wdi
2018-04-10 12:37:30 ----HD---- C:\ProgramData
2018-04-10 12:12:44 ----RD---- C:\Program Files (x86)
2018-04-10 12:12:44 ----D---- C:\Program Files\Common Files
2018-04-10 12:12:44 ----D---- C:\Program Files (x86)\Common Files
2018-04-10 11:57:18 ----D---- C:\Program Files (x86)\DanuSoft Free Keylogger
2018-04-10 11:46:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-04-10 11:25:58 ----D---- C:\Windows\Tasks
2018-04-10 11:25:46 ----SHD---- C:\$Recycle.Bin
2018-04-10 11:25:46 ----D---- C:\Windows\SysWOW64
2018-04-10 11:25:38 ----HD---- C:\Windows\system32\GroupPolicy
2018-04-08 17:48:05 ----D---- C:\wow5.00.8R2CZECH
2018-04-08 13:56:17 ----D---- C:\Windows\twain_32
2018-04-08 13:54:59 ----D---- C:\Windows\system32\DriverStore
2018-04-08 08:51:48 ----RSD---- C:\Windows\Fonts
2018-04-05 21:02:13 ----D---- C:\Windows\system32\config
2018-04-04 09:04:16 ----SHD---- C:\System Volume Information
2018-03-11 02:25:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2014-11-07 30496]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R3 AthBTPort;@oem11.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2013-09-25 89800]
R3 ATP;@oem6.inf,%PS2.DeviceDesc%;ASUS Input Device; C:\Windows\System32\drivers\AsusTP.sys [2013-02-06 65784]
R3 BTATH_A2DP;@oem10.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2013-09-25 338120]
R3 btath_avdt;@oem10.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2013-09-25 116424]
R3 BTATH_BUS;@oem8.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\Windows\System32\drivers\btath_bus.sys [2013-09-25 34384]
R3 BTATH_HCRP;@oem13.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\Windows\System32\drivers\btath_hcrp.sys [2013-09-25 179432]
R3 BTATH_LWFLT;@oem15.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2013-09-25 77464]
R3 BTATH_RCP;@oem17.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\Windows\System32\drivers\btath_rcp.sys [2013-09-25 137928]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2013-08-22 53248]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2013-08-22 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2013-08-22 77312]
R3 dtlitescsibus;@oem27.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\System32\drivers\dtlitescsibus.sys [2017-10-02 30264]
R3 dtliteusbbus;@oem28.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\Windows\System32\drivers\dtliteusbbus.sys [2017-10-02 47672]
R3 HIDSwitch;@oem1.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\Windows\System32\drivers\AsHIDSwitch64.sys [2013-11-04 20280]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-10-01 4177920]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-11-07 3355336]
R3 IntcDAud;@oem21.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-11-07 449528]
R3 iwdbus;@oem5.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2013-08-23 26008]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport – ovladač pro řadič Qualcomm Atheros AR81xx PCI-E Ethernet; C:\Windows\system32\DRIVERS\L1C63x64.sys [2013-06-18 129224]
R3 MEIx64;@oem2.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-17 62784]
R3 NETwNe64;@netwew00.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows 8; C:\Windows\system32\DRIVERS\NETwew00.sys [2013-07-08 3344352]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-11-07 11273504]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2013-09-30 167424]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-08-22 212224]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S1 QMUdisk;tencent QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMUdisk64.sys []
S1 softaal;softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\softaal64.sys []
S2 tsnethlpx64;TsNetHlpX64.sys; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TsNetHlpX64.sys []
S3 AmUStor;@oem7.inf,%AmUStor.SvcDesc%;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2014-11-07 95232]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2013-08-22 1200128]
S3 dg_ssudbus;@oem39.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2017-05-18 131984]
S3 FTDIBUS;@oem30.inf,%SvcDesc%;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2010-08-24 72648]
S3 FTSER2K;@oem31.inf,%SvcDesc%;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2010-08-24 85320]
S3 intaud_WaveExtensible;@oem4.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2013-08-23 39320]
S3 silabser;@oem38.inf,%silabser.SvcDesc%;Silicon Labs CP210x USB to UART Bridge Driver; C:\Windows\system32\DRIVERS\silabser.sys [2017-10-10 97184]
S3 ssudmdm;@oem40.inf,%ssud.Service.Name%;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2017-05-18 166288]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-08-22 44544]
S3 usbser;@oem37.inf,%CANBus_Device.SvcDesc%;CANBus Device; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-22 33280]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2013-09-25 312448]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 CIJSRegister;@C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe,-100; C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe [2015-02-19 144464]
R2 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-08-21 920864]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2014-11-07 1889568]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-08-14 2291904]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-02 153168]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-10-01 279000]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-02 153168]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-03-04 194512]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vyskakují ruská okna v Chrome

#6 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

lukas_t
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 dub 2009 18:08

Re: Vyskakují ruská okna v Chrome

#7 Příspěvek od lukas_t »

Přijde mi, že je zatím klid. Pokud něco zpozoruji napíši. Každopádně moc děkuji za pomoc.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vyskakují ruská okna v Chrome

#8 Příspěvek od Rudy »

OK, napište, nechám to tu zatím otevřené. Nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět