Zdravím, prosím o kontrolu logu, tady je RSIT log:
info.txt logfile of random's system information tool 1.10 2017-08-27 11:24:49
======MBR======
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9AAF6E8AFC00008020210007DF130C000800000020030000A3140D07EFFFFF002803003020273A00EFFFFF27EFFFFF00502A3A00080E000000000000000000000000000000000055AA
======Uninstall list======
Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->"C:\Program Files (x86)\InstallShield Installation Information\{A8200008-BE06-4C26-BB8D-717FE18F74B7}\setup.exe" -runfromtemp -l0x0005 -removeonly
7 Mages-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/446590
Adobe Acrobat Reader DC - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Adobe Flash Player 26 NPAPI-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_Plugin.exe -maintain plugin
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824237067}
Adobe Shockwave Player 12.2-->"C:\WINDOWS\SysWOW64\Adobe\Shockwave 12\uninstaller.exe"
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
ASUS Wireless Router RT-G32 Manuals-->"C:\Program Files (x86)\InstallShield Installation Information\{50AD5FCF-7712-462F-A3A9-4B8679B2BA2F}\setup.exe" -runfromtemp -l0x0005 -removeonly
ASUS Wireless Router RT-G32 Utilities v2.0.13.0(EU)-->"C:\Program Files (x86)\InstallShield Installation Information\{9E171988-C35B-4DFC-BA73-18BBA68778AF}\setup.exe" -runfromtemp -l0x0005 -removeonly
Avast Free Antivirus-->C:\Program Files\Alwil Software\Avast5\Setup\Instup.exe /control_panel
BulletStorm-->MsiExec.exe /I{45410935-B52C-468A-A836-0D1000018201}
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
Ekonomický systém Money S3-->C:\Program Files (x86)\CIGLER SOFTWARE\Common Files\Money S3\Setup\Uninst.exe
Empire: Total War-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10500
Etherlords-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E2729A36-33EB-4094-9759-2C7A666DE296}\Setup.exe" -l0x5
ffdshow [rev 2280] [2008-11-02]-->"C:\Program Files (x86)\ffdshow\unins000.exe"
Fish Fillets-->C:\PROGRA~2\Fillets\UNWISE.EXE C:\PROGRA~2\Fillets\INSTALL.LOG
Football Manager 2016-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/378120
GOG Galaxy-->"C:\Program Files (x86)\GOG Galaxy\unins000.exe"
Google Earth Plug-in-->MsiExec.exe /I{57BB4801-61C8-4E74-9672-2160728A461E}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
greenstreet Picture Browser-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\greenstreet\UnPicb.isu
Gwent-->"C:\Program Files (x86)\GOG Galaxy\Games\Gwent\unins000.exe"
Hearthstone-->"C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enGB --uid=hs_beta --displayname="Hearthstone"
ImageMixer 3 SE Ver.6 Transfer Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{3A2AD071-AABD-4712-A43E-11D06BAA661D}\Setup.exe" -runfromtemp -l0x0009UNINSTALL -removeonly
ImageMixer 3 SE Ver.6 Video Tools-->"C:\Program Files (x86)\InstallShield Installation Information\{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}\Setup.exe" -runfromtemp -l0x0009UNINSTALL -removeonly
Java(TM) 6 Update 24 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416024FF}
Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Landi 2003 - jazykový kurz-->C:\Windows\lmunin2.exe Landi 2003 - jazykový kurz
Lexmark 1200 Series-->C:\Program Files (x86)\Lexmark 1200 Series\Install\x64\Uninst.exe
MergeModule_x64-->MsiExec.exe /I{12DCC5A7-0100-4433-B4FF-217A3C5DC83B}
MergeModule_x86-->MsiExec.exe /I{DD7721BB-CF1C-4DC9-AD87-8D5FB75413B7}
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe /I{B44F3823-52DD-45CA-A916-8B320778715D}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 4.6.1 (CSY)-->MsiExec.exe /X{3C38CA01-7933-31E7-A1F6-EAA1DF9BEDF3}
Microsoft .NET Framework 4.6.1-->MsiExec.exe /X{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}
Microsoft ASP.NET MVC 4 Runtime-->MsiExec.exe /X{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64)-->MsiExec.exe /I{25E80DAA-FD87-DCE5-202C-CC02F6673002}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)-->MsiExec.exe /X{41785C66-90F2-40CE-8CB5-1C94BFC97280}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0405-1000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-007A-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {0B7A4B67-2A38-42B1-9857-662FAB361E08}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {FDF9A959-241A-4662-A8DE-7DED9C22D160}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030-->"C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030-->MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005-->"C:\ProgramData\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005-->"C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212-->"C:\ProgramData\Package Cache\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}\VC_redist.x64.exe" /uninstall
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212-->"C:\ProgramData\Package Cache\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24212-->MsiExec.exe /X{F20396E5-D84E-3505-A7A8-7358F0155F6C}
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24212-->MsiExec.exe /X{FAAD7243-0141-3987-AA2F-E56B20F80E41}
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24212-->MsiExec.exe /X{844ECB74-9B63-3D5C-958C-30BD23F19EE4}
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24212-->MsiExec.exe /X{37B55901-995A-3650-80B1-BBFD047E2911}
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
Microsoft XNA Framework Redistributable 4.0-->MsiExec.exe /I{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}
Mozilla Firefox 55.0.3 (x86 cs)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NCSOFT Game Launcher-->C:\Program Files (x86)\NCWest\NCLauncher\Uninstall.exe
NVIDIA 3D Vision Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly
NVIDIA GeForce Experience 3.0.7.34-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
NVIDIA Ovladač 3D Vision 368.39-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Ovladač HD audia 1.3.34.14-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA Ovladač řídící jednotky 3D Vision 364.44-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA Ovladače grafiky 368.39-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Systémový software PhysX 9.16.0318-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
OCCT Perestroika 3.1.0-->"C:\Program Files (x86)\OCCT\unins000.exe"
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení-->MsiExec.exe /I{B6190387-0036-4BEB-8D74-A0AFC5F14706}
PlayMemories Home-->MsiExec.exe /X{4F95DC94-A29D-41F6-AF34-15AA0D666186}
PMB_ModeEditor-->MsiExec.exe /I{E95982CA-945F-41F2-B156-A603897AB242}
PMB_ServiceUploader-->MsiExec.exe /I{2CA3C685-339C-4C61-B12C-FAD81A872651}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
RollerCoaster Tycoon 3 Platinum-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\setup.exe" -l0x9 -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Drive Software-->C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DF2F5DAC-93D7-434B-96B1-EAF4D891AD24}
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B7727B4D-5EA3-4C11-9D30-15E47616DCAF}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition -->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {BF11577A-6876-45AA-86C9-2BA4CFB8B019}
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BF11577A-6876-45AA-86C9-2BA4CFB8B019}
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6B4A3804-666A-4DD8-84A7-B97701416784}
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {36842896-D83B-4C92-8261-6312B7DEB562}
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4C1BE82B-9AC0-4AB9-B76D-5467131955E1}
Security Update for Microsoft Office 2007 suites (KB2881067) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {08F2015D-61E9-4252-9355-AB8D15C73C96}
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FC572B0C-6356-46CC-A01E-CCCEC4340BF5}
Security Update for Microsoft Office 2007 suites (KB2956110) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {488CDF0A-098C-4CF5-8552-DA5F2F7B7829}
Security Update for Microsoft Office 2007 suites (KB2984938) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E359D786-B101-4545-B8AB-8652323CF3CA}
Security Update for Microsoft Office 2007 suites (KB2984943) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {800D1A82-D1B0-4ED4-89B4-C666B570ABA5}
Security Update for Microsoft Office 2007 suites (KB2986253) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1EBDB402-7B61-4224-994D-6882DC69F493}
Security Update for Microsoft Office 2007 suites (KB3085549) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8D2CDFAB-0079-43CC-A289-2F7A67F0A4DE}
Security Update for Microsoft Office 2007 suites (KB3114442) 32-Bit Edition -->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {69E0CBF6-BBD9-43F8-86DD-13B247CC26BE}
Security Update for Microsoft Office 2007 suites (KB3118301) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F4139440-5426-4C6F-909B-F71CEB1071B1}
Security Update for Microsoft Office 2007 suites (KB3118396) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B73E5AF4-40C6-4EA9-8F57-CFA70CC72BD6}
Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F774C8A-B1CE-486C-A64E-EA96AE48B813}
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3127889) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B2FAD7E1-67F9-435D-98BD-A77DBF4E1381}
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3127948) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B730F010-3FCF-4E80-8A5A-C1DBEC0CF55A}
Security Update for Microsoft Office Excel 2007 (KB3118395) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D6D8EAE4-5B61-4784-81DE-E41DAD350847}
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
Security Update for Microsoft Office InfoPath 2007 (KB3114426) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {26C5C75F-E1FD-4F95-AA29-CA221C3AFEEE}
Security Update for Microsoft Office OneNote 2007 (KB3114456) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E0F25378-0690-4F53-998A-F5D63412BBD7}
Security Update for Microsoft Office Outlook 2007 (KB3118303) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A46489A-5B4C-4674-A90D-F6282EB179C3}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office PowerPoint 2007 (KB3114744) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D414541A-BC49-43A8-966B-C5AF19738562}
Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {724051CF-E09E-4F84-9946-F5014AB7389B}
Security Update for Microsoft Office Visio Viewer 2007 (KB2596915) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7FE99CC2-FBE5-422F-A6FB-49E0D8AFE919}
Security Update for Microsoft Office Word 2007 (KB3127949) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AC398EF7-4790-4CA7-94EE-447A0B24B301}
SES Driver-->MsiExec.exe /I{D8CC254C-C671-4664-9A38-FA368D1E2C97}
Sid Meier's Civilization V-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/8930
SmartSound Common Data-->"C:\Program Files (x86)\InstallShield Installation Information\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}\setup.exe" -runfromtemp -l0x0409 -removeonly
SmartSound Common Data-->MsiExec.exe /I{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}
SmartSound Quicktracks 5-->"C:\Program Files (x86)\InstallShield Installation Information\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}\setup.exe" -runfromtemp -l0x0409 -removeonly
SmartSound Quicktracks 5-->MsiExec.exe /I{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}
SopCast 3.0.3-->C:\Program Files (x86)\SopCast\uninst.exe
StarCraft II-->"C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=s2_engb --displayname="StarCraft II"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
System Requirements Lab-->MsiExec.exe /I{92482FB3-C05B-41C6-89E7-75D985602A6E}
THE SETTLERS - Vzestup říše (všechny produkty)-->"C:\Program Files (x86)\InstallShield Installation Information\{A8200008-BE06-4C26-BB8D-717FE18F74B7}\setup.exe" -runfromtemp -l0x0005 -removeonly
Titan Quest Immortal Throne-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x5 -removeonly
Titan Quest-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x5 -removeonly
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3}
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}
Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7C3337E5-1294-4270-A64F-DCEF812159E5}
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {A030537D-0034-46AD-A730-B1119786F607}
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3115461) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8C829BE5-F60C-417A-89E3-9A1B427320F2}
Veetle TV-->C:\Program Files (x86)\Veetle\UninstallVeetleTV.exe
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Vulkan Run Time Libraries 1.0.11.1-->C:\Program Files (x86)\VulkanRT\1.0.11.1\UninstallVulkanRT.exe
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
WD SmartWare-->MsiExec.exe /X{07179D37-D5FE-4373-90D9-A25B992EFB3E}
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)-->rundll32.exe C:\PROGRA~1\DIFX\04518C~1\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\wdcsam.inf_amd64_neutral_782a203832146fb2\wdcsam.inf
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live Family Safety-->MsiExec.exe /I{553BB3BD-7A2A-4E5E-9B2F-2D14DC70093A}
Windows Live Family Safety-->MsiExec.exe /X{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}
Windows Live Fotogalerie-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C454280F-3C3E-4929-B60E-9E6CED5717E7}
Windows Live Mesh-->MsiExec.exe /I{80E8C65A-8F70-4585-88A2-ABC54BABD576}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live Messenger-->MsiExec.exe /X{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe /I{3921492E-82D2-4180-8124-E347AD2F2DB4}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{AB78C965-5C67-409B-8433-D7B5BDB12073}
Windows Live Writer-->MsiExec.exe /X{4264C020-850B-4F08-ACBE-98205D9C336C}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR 5.40 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->"C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enGB --uid=wow_engb --displayname="World of Warcraft"
======System event log======
Computer Name: oem-PC
Event Code: 50037
Message: Služba klienta DHCPv4 je zastavena. Hodnota příznaku vypnutí: 1
Record Number: 5
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20160427065943.447435-000
Event Type: Informace
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: oem-PC
Event Code: 6005
Message: Služba Event Log byla spuštěna.
Record Number: 4
Source Name: EventLog
Time Written: 20160617175701.943543-000
Event Type: Informace
User:
Computer Name: oem-PC
Event Code: 6009
Message: Microsoft (R) Windows (R) 10.00. 10586 Multiprocessor Free.
Record Number: 3
Source Name: EventLog
Time Written: 20160617175701.943543-000
Event Type: Informace
User:
Computer Name: oem-PC
Event Code: 6011
Message: Název tohoto počítače v systémech DNS a NetBIOS byl změněn z WIN-N46IBRCFCOH na OEM-PC.
Record Number: 2
Source Name: EventLog
Time Written: 20160617175701.943543-000
Event Type: Informace
User:
Computer Name: oem-PC
Event Code: 51047
Message: Služba klienta DHCPv6 je zastavena. Hodnota příznaku vypnutí: 1
Record Number: 1
Source Name: Microsoft-Windows-DHCPv6-Client
Time Written: 20160427065943.446320-000
Event Type: Informace
User: NT AUTHORITY\LOCAL SERVICE
=====Application event log=====
Computer Name: oem-PC
Event Code: 1033
Message: Zásady budou vyloučeny, protože jsou definovány jen s atributem Pouze přepsat.
Názvy zásad=(Telnet-Client-EnableTelnetClient) (TiffIFilterLicensing-EnableTiffIFilter) (WindowsAnytimeUpgrade-CanUpgrade)
ID aplikace=55c92734-d682-4d71-983e-d6ec3f16059f
ID SKU=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8
Record Number: 5
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20160617175756.256106-000
Event Type: Informace
User:
Computer Name: oem-PC
Event Code: 1034
Message: Byla nalezena duplicitní definice zásady. Název zásady=Security-SPP-WriteWauMarker Priorita=500
Record Number: 4
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20160617175754.787354-000
Event Type: Informace
User:
Computer Name: oem-PC
Event Code: 5615
Message: Služba WMI (Windows Management Instrumentation) byla úspěšně spuštěna.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20160617175712.077999-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: oem-PC
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.
Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20160617175702.854608-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: OEM-PC
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20160617175702.287266-000
Event Type: Informace
User:
=====Security event log=====
Computer Name: oem-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: OEM-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Informace o přihlášení:
Typ přihlášení: 5
Omezený režim správce: -
Virtuální účet: Ne
Token se zvýšeným oprávněním: Ano
Úroveň zosobnění: Zosobnění
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
ID propojeného přihlášení: 0x0
Název účtu v síti: -
Doména účtu v síti: -
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x2ac
Název procesu: C:\WINDOWS\System32\services.exe
Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě: -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (jenom NTLM): -
Délka klíče: 0
Tato událost je vygenerována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole předmětu označují účet v místním systému, který si vyžádal přihlášení. Obvykle se jedná o službu, například serverovou službu, nebo o místní proces, například Winlogon.exe nebo Services.exe.
Pole typu přihlášení označuje druh přihlášení, které proběhlo. Nejčastější typy jsou 2 (interaktivní) a 3 (síťové).
Pole Nové přihlášení označují účet, pro který bylo vytvořeno nové přihlášení, tj. přihlášený účet.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují pomocné služby, které se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje dílčí protokol z protokolů NTLM, který byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 48828
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20170128093427.970792-000
Event Type: Úspěšný audit
User:
Computer Name: oem-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 48827
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20170128091928.031067-000
Event Type: Úspěšný audit
User:
Computer Name: oem-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: OEM-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Informace o přihlášení:
Typ přihlášení: 5
Omezený režim správce: -
Virtuální účet: Ne
Token se zvýšeným oprávněním: Ano
Úroveň zosobnění: Zosobnění
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
ID propojeného přihlášení: 0x0
Název účtu v síti: -
Doména účtu v síti: -
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x2ac
Název procesu: C:\WINDOWS\System32\services.exe
Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě: -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (jenom NTLM): -
Délka klíče: 0
Tato událost je vygenerována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole předmětu označují účet v místním systému, který si vyžádal přihlášení. Obvykle se jedná o službu, například serverovou službu, nebo o místní proces, například Winlogon.exe nebo Services.exe.
Pole typu přihlášení označuje druh přihlášení, které proběhlo. Nejčastější typy jsou 2 (interaktivní) a 3 (síťové).
Pole Nové přihlášení označují účet, pro který bylo vytvořeno nové přihlášení, tj. přihlášený účet.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují pomocné služby, které se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje dílčí protokol z protokolů NTLM, který byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 48826
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20170128091928.031054-000
Event Type: Úspěšný audit
User:
Computer Name: oem-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 48825
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20170128084927.878747-000
Event Type: Úspěšný audit
User:
Computer Name: oem-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: OEM-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Informace o přihlášení:
Typ přihlášení: 5
Omezený režim správce: -
Virtuální účet: Ne
Token se zvýšeným oprávněním: Ano
Úroveň zosobnění: Zosobnění
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
ID propojeného přihlášení: 0x0
Název účtu v síti: -
Doména účtu v síti: -
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x2ac
Název procesu: C:\WINDOWS\System32\services.exe
Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě: -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (jenom NTLM): -
Délka klíče: 0
Tato událost je vygenerována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole předmětu označují účet v místním systému, který si vyžádal přihlášení. Obvykle se jedná o službu, například serverovou službu, nebo o místní proces, například Winlogon.exe nebo Services.exe.
Pole typu přihlášení označuje druh přihlášení, které proběhlo. Nejčastější typy jsou 2 (interaktivní) a 3 (síťové).
Pole Nové přihlášení označují účet, pro který bylo vytvořeno nové přihlášení, tj. přihlášený účet.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují pomocné služby, které se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje dílčí protokol z protokolů NTLM, který byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 48824
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20170128084927.878736-000
Event Type: Úspěšný audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0503
"FP_NO_HOST_CHECK"=NO
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Zdravim 
Tento log mi toho moc nerekne, chtelo by to ten druhy, co RSIT vytvoril
Tento log mi toho moc nerekne, chtelo by to ten druhy, co RSIT vytvoril
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Tady je správný log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by oem at 2017-08-27 11:24:42
Microsoft Windows 10 Home
System drive C: has 78 GB (16%) free of 476 GB
Total RAM: 4094 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:46, on 27.8.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0672)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\oem\AppData\Roaming\ACEStream\engine\ace_engine.exe
C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\oem\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Users\oem\AppData\Roaming\ACEStream\updater\ace_update.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\oem.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [ACEStream] C:\Users\oem\AppData\Roaming\ACEStream\engine\ace_engine.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [BingSvc] C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\oem\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GalaxyClient] C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.6.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Wireless Controller Service - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12493 bytes
======Listing Processes======
winlogon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session -first
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\svchost.exe -k iissvcs
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem"
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe"
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe"
"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe"
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe"
"C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe"
dashost.exe {c1d8f0ab-fefe-410d-a91b4030237c2b2f}
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
sihost.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -l 3 -c
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Explorer.EXE
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe"
"C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
AvastUI.exe /nogui
"C:\Users\oem\AppData\Roaming\ACEStream\engine\ace_engine.exe"
"C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe"
"C:\Users\oem\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" /SysAutoRun
"C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe"
"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe"
"C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe" /runWithoutUpdating
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe"
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-lang=cs_CZ" "-cachedir=C:\Users\oem\AppData\Local\Steam\htmlcache" "-steampid=5412" "-buildid=1500335472" "-steamid=0" "-clientui=C:\Program Files (x86)\Steam\clientui" --disable-spell-checking --disable-out-of-process-pac --enable-blink-features=ResizeObserver --disable-smooth-scrolling --disable-gpu-compositing --disable-gpu --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe" --type=gpu-process --channel="1036.0.466446248\733537728" --no-sandbox --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,13,25,54,69 --gpu-vendor-id=0x10de --gpu-device-id=0x0dc4 --gpu-driver-vendor=NVIDIA --gpu-driver-version=10.18.13.5382 --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --mojo-platform-channel-handle=2084 /prefetch:2
"C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe"
"C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe" --type=renderer --enable-smooth-scrolling --js-flags=--expose-gc --no-sandbox --primordial-pipe-token=03AE7BD2244EA09F729EA58AB47105CE --lang=en-US --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --disable-spell-checking --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="1036.1.293806472\1396957752" --mojo-platform-channel-handle=2424 /prefetch:1
"C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe" --type=renderer --enable-smooth-scrolling --js-flags=--expose-gc --no-sandbox --primordial-pipe-token=2A111091452D759DCBF4828ECFFF623D --lang=en-US --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --disable-spell-checking --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="1036.2.1655284762\33167854" --mojo-platform-channel-handle=2656 /prefetch:1
"fontdrvhost.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\Users\oem\AppData\Roaming\ACEStream\engine\..\updater\ace_update.exe
"C:\Program Files (x86)\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.0.109308165\918290393" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 3860 "\\.\pipe\gecko-crash-server-pipe.3860" gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.3.188853908\1621546957" -childID 1 -isForBrowser -intPrefs 5:50|6:-1|28:1000|33:20|34:10|43:128|44:10000|49:0|51:400|52:1|53:0|54:0|59:0|60:120|61:120|91:2|92:1|106:5000|117:0|119:0|130:10000|142:-1|147:128|148:10000|149:0|155:24|156:32768|158:0|159:0|167:5|171:1048576|172:100|173:5000|175:600|177:1|186:1|190:0|200:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|35:1|36:0|37:0|38:0|41:1|42:1|45:0|46:0|47:0|48:0|50:0|55:1|56:1|57:0|58:1|62:1|63:1|64:0|65:1|66:1|67:0|68:1|71:0|72:0|75:1|76:1|80:1|81:1|82:1|83:0|85:0|86:0|87:1|88:0|93:1|94:0|100:0|105:0|108:1|109:1|112:1|114:1|118:0|121:1|124:1|125:1|131:0|132:0|133:1|135:0|141:0|143:1|144:0|145:1|146:0|153:0|154:0|157:1|160:0|162:1|164:1|165:0|170:0|174:1|179:0|180:0|181:0|182:1|183:0|184:0|185:1|188:0|192:0|193:0|194:1|195:1|196:0|197:1|198:1|199:1|201:0|202:0|204:0|212:1|213:1|214:0|215:0|216:0| -stringPrefs "3:7;release|134:3;1.0|151:332; ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵ ‐’․‧ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|152:8;moderate|187:38;{c4f51e2b-21f5-473f-a897-704c3b571eb6}|" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 3860 "\\.\pipe\gecko-crash-server-pipe.3860" tab
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe15_ Global\UsGthrCtrlFltPipeMssGthrPipe15 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 620 624 632 8192 628
"C:\Users\oem\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default
prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31, wrc@avast.com:7.0.1426, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.151 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19]
"Description"=Veetle TV Core
"Path"=C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files (x86)\Veetle\Player\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.151 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\extensions\
battlefieldheroespatcher@ea.com
bingsearch.full@microsoft.com
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\searchplugins\
firmycz.xml
mapycz.xml
zbocz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Pro [2012-12-30 6527128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Pro [2012-12-30 6527128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Pro [2012-12-30 6527128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Pro [2012-12-30 6527128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Pro [2012-12-30 6527128]
"lxczbmgr.exe"=C:\Pro [2012-12-30 6527128]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2016-09-30 1844280]
"AvastUI.exe"=C:\Pro [2012-12-30 6527128]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Pro [2012-12-30 6527128]
"ACEStream"=C:\Users\oem\AppData\Roaming\ACEStream\engine\ace_engine.exe [2014-09-25 27904]
"CCleaner Monitoring"=C:\Pro [2012-12-30 6527128]
"BingSvc"=C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-12 144008]
"OneDrive"=C:\Users\oem\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-07-25 1536208]
"GalaxyClient"=C:\Pro [2012-12-30 6527128]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Pro [2012-12-30 6527128]
"PMBVolumeWatcher"=C:\Pro [2012-12-30 6527128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ImageMixer 3 SE Camera Monitor Ver.6.lnk - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Pro [2012-12-30 6527128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-08-27 11:24:42 ----D---- C:\rsit
2017-08-27 09:26:44 ----D---- C:\ProgramData\SWCUTemp
2017-08-04 17:47:02 ----D---- C:\Users\oem\AppData\Roaming\Sony Corporation
2017-08-04 17:42:37 ----D---- C:\Program Files (x86)\Sony
2017-08-04 17:40:22 ----D---- C:\ProgramData\Sony Corporation
======List of files/folders modified in the last 1 month======
2017-08-27 11:24:45 ----D---- C:\WINDOWS\Prefetch
2017-08-27 11:24:44 ----D---- C:\Program Files\trend micro
2017-08-27 11:24:33 ----D---- C:\WINDOWS\Temp
2017-08-27 11:10:00 ----D---- C:\WINDOWS\system32\sru
2017-08-27 09:27:04 ----D---- C:\WINDOWS\system32\Macromed
2017-08-27 09:27:01 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-08-27 09:26:44 ----HD---- C:\ProgramData
2017-08-27 09:11:53 ----AD---- C:\Program Files (x86)\Steam
2017-08-27 09:09:10 ----D---- C:\ProgramData\NVIDIA
2017-08-27 09:08:21 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-27 09:08:21 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2017-08-27 09:08:20 ----D---- C:\WINDOWS
2017-08-27 09:08:16 ----D---- C:\WINDOWS\system32\drivers
2017-08-26 21:17:52 ----D---- C:\WINDOWS\AppReadiness
2017-08-26 13:24:26 ----HD---- C:\Program Files\WindowsApps
2017-08-26 13:22:05 ----D---- C:\WINDOWS\SoftwareDistribution
2017-08-26 10:33:31 ----D---- C:\WINDOWS\Microsoft.NET
2017-08-26 06:46:30 ----D---- C:\WINDOWS\INF
2017-08-26 06:46:20 ----D---- C:\WINDOWS\Logs
2017-08-25 15:41:40 ----SHD---- C:\System Volume Information
2017-08-25 12:30:26 ----AD---- C:\Program Files (x86)\GOG Galaxy
2017-08-24 21:19:50 ----D---- C:\Users\oem\AppData\Roaming\vlc
2017-08-11 16:11:01 ----SHD---- C:\WINDOWS\Installer
2017-08-11 16:10:58 ----D---- C:\WINDOWS\system32\Tasks
2017-08-11 16:09:19 ----D---- C:\WINDOWS\SysWOW64
2017-08-10 13:40:14 ----AD---- C:\Program Files (x86)\StarCraft II
2017-08-10 13:36:41 ----RD---- C:\Program Files (x86)
2017-08-10 13:21:47 ----D---- C:\Program Files (x86)\Battle.net
2017-08-09 16:11:04 ----D---- C:\WINDOWS\system32\config
2017-08-08 20:09:25 ----D---- C:\WINDOWS\System32
2017-08-08 20:09:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-08 20:08:13 ----D---- C:\Users\oem\AppData\Roaming\.ACEStream
2017-08-06 15:35:10 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [2017-07-21 198976]
R0 aswblog;aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [2017-07-21 343288]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [2017-07-21 57728]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2017-07-16 84392]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2017-07-16 361336]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [2017-07-21 320008]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2017-07-16 41800]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2017-07-16 110352]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2017-08-13 1015880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2017-07-16 585608]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-06-17 87552]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2017-08-13 146704]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2017-07-16 198768]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-06-05 88480]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-06-05 46400]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2015-10-30 47616]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2015-10-30 78848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2010-07-28 2445672]
R3 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2016-06-17 175616]
R3 NVHDA;@oem8.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2016-06-03 141256]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2015-08-29 11151488]
R3 nvvad_WaveExtensible;@oem6.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2016-09-30 47672]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-30 589824]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys []
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys []
S0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys []
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-24 834544]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys []
S3 aswHwid;aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [2017-07-16 46984]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-04-27 117248]
S3 fssfltr;fssfltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2011-05-13 48488]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-11-01 25640]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-10-25 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\WINDOWS\system32\drivers\ioqos.sys [2015-10-30 26624]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Pro [2012-12-30 6527128]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2015-10-30 930656]
S3 ScreamBAudioSvc;ScreamBee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio64.sys [2012-07-31 38992]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Pro [2012-12-30 6527128]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 avast! Antivirus;Avast Antivirus; C:\Pro [2012-12-30 6527128]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2016-06-17 26624]
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Pro [2012-12-30 6527128]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service; C:\Pro [2012-12-30 6527128]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2015-08-07 937592]
R2 OneSyncSvc_2bae1;Hostitel synchronizace_2bae1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Pro [2012-12-30 6527128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Pro [2012-12-30 6527128]
R3 aswbIDSAgent;aswbIDSAgent; C:\Pro [2012-12-30 6527128]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 Steam Client Service;Steam Client Service; C:\Pro [2012-12-30 6527128]
S2 gupdate;Služba Google Update (gupdate); C:\Pro [2012-12-30 6527128]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_18ab0ef;Hostitel synchronizace_18ab0ef; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3232b;Hostitel synchronizace_3232b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_327ec;Hostitel synchronizace_327ec; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_32e7a;Hostitel synchronizace_32e7a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3792d471;Hostitel synchronizace_3792d471; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_38b6eff1;Hostitel synchronizace_38b6eff1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_46494;Hostitel synchronizace_46494; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_49d4a24;Hostitel synchronizace_49d4a24; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_8f21e39;Hostitel synchronizace_8f21e39; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_9c809;Hostitel synchronizace_9c809; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_b5cb7a7;Hostitel synchronizace_b5cb7a7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_c6071f2;Hostitel synchronizace_c6071f2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_fad768a6;Hostitel synchronizace_fad768a6; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-27 272384]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-10-30 51376]
S3 BEService;BattlEye Service; C:\Pro [2012-12-30 6527128]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-23 43696]
S3 fsssvc;Windows Live Family Safety Service; C:\Pro [2012-12-30 6527128]
S3 GalaxyClientService;GalaxyClientService; C:\Pro [2012-12-30 6527128]
S3 GalaxyCommunication;GalaxyCommunication; C:\Pro [2012-12-30 6527128]
S3 gupdatem;Služba Google Update (gupdatem); C:\Pro [2012-12-30 6527128]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_18ab0ef;Služba zasílání zpráv_18ab0ef; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_2bae1;Služba zasílání zpráv_2bae1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3232b;Služba zasílání zpráv_3232b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_327ec;Služba zasílání zpráv_327ec; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_32e7a;Služba zasílání zpráv_32e7a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3792d471;Služba zasílání zpráv_3792d471; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_38b6eff1;Služba zasílání zpráv_38b6eff1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_49d4a24;Služba zasílání zpráv_49d4a24; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_8f21e39;Služba zasílání zpráv_8f21e39; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_9c809;Služba zasílání zpráv_9c809; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_b5cb7a7;Služba zasílání zpráv_b5cb7a7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_c6071f2;Služba zasílání zpráv_c6071f2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_fad768a6;Služba zasílání zpráv_fad768a6; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Pro [2012-12-30 6527128]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Pro [2012-12-30 6527128]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Pro [2012-12-30 6527128]
S3 odserv;Microsoft Office Diagnostics Service; C:\Pro [2012-12-30 6527128]
S3 ose;Office Source Engine; C:\Pro [2012-12-30 6527128]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_18ab0ef;Data kontaktů_18ab0ef; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_2bae1;Data kontaktů_2bae1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_3232b;Data kontaktů_3232b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_327ec;Data kontaktů_327ec; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_32e7a;Data kontaktů_32e7a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_3792d471;Data kontaktů_3792d471; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_38b6eff1;Data kontaktů_38b6eff1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_49d4a24;Data kontaktů_49d4a24; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_8f21e39;Data kontaktů_8f21e39; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_9c809;Data kontaktů_9c809; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_b5cb7a7;Data kontaktů_b5cb7a7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_c6071f2;Data kontaktů_c6071f2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_fad768a6;Data kontaktů_fad768a6; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-09-07 1297408]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S4 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by oem at 2017-08-27 11:24:42
Microsoft Windows 10 Home
System drive C: has 78 GB (16%) free of 476 GB
Total RAM: 4094 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:46, on 27.8.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0672)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\oem\AppData\Roaming\ACEStream\engine\ace_engine.exe
C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\oem\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Users\oem\AppData\Roaming\ACEStream\updater\ace_update.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\oem.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [ACEStream] C:\Users\oem\AppData\Roaming\ACEStream\engine\ace_engine.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [BingSvc] C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\oem\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GalaxyClient] C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.6.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Wireless Controller Service - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12493 bytes
======Listing Processes======
winlogon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session -first
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\svchost.exe -k iissvcs
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem"
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe"
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe"
"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe"
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe"
"C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe"
dashost.exe {c1d8f0ab-fefe-410d-a91b4030237c2b2f}
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
sihost.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -l 3 -c
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Explorer.EXE
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe"
"C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
AvastUI.exe /nogui
"C:\Users\oem\AppData\Roaming\ACEStream\engine\ace_engine.exe"
"C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe"
"C:\Users\oem\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" /SysAutoRun
"C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe"
"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe"
"C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe" /runWithoutUpdating
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe"
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-lang=cs_CZ" "-cachedir=C:\Users\oem\AppData\Local\Steam\htmlcache" "-steampid=5412" "-buildid=1500335472" "-steamid=0" "-clientui=C:\Program Files (x86)\Steam\clientui" --disable-spell-checking --disable-out-of-process-pac --enable-blink-features=ResizeObserver --disable-smooth-scrolling --disable-gpu-compositing --disable-gpu --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe" --type=gpu-process --channel="1036.0.466446248\733537728" --no-sandbox --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,13,25,54,69 --gpu-vendor-id=0x10de --gpu-device-id=0x0dc4 --gpu-driver-vendor=NVIDIA --gpu-driver-version=10.18.13.5382 --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --mojo-platform-channel-handle=2084 /prefetch:2
"C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe"
"C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe" --type=renderer --enable-smooth-scrolling --js-flags=--expose-gc --no-sandbox --primordial-pipe-token=03AE7BD2244EA09F729EA58AB47105CE --lang=en-US --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --disable-spell-checking --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="1036.1.293806472\1396957752" --mojo-platform-channel-handle=2424 /prefetch:1
"C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe" --type=renderer --enable-smooth-scrolling --js-flags=--expose-gc --no-sandbox --primordial-pipe-token=2A111091452D759DCBF4828ECFFF623D --lang=en-US --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --disable-spell-checking --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="1036.2.1655284762\33167854" --mojo-platform-channel-handle=2656 /prefetch:1
"fontdrvhost.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\Users\oem\AppData\Roaming\ACEStream\engine\..\updater\ace_update.exe
"C:\Program Files (x86)\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.0.109308165\918290393" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 3860 "\\.\pipe\gecko-crash-server-pipe.3860" gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="3860.3.188853908\1621546957" -childID 1 -isForBrowser -intPrefs 5:50|6:-1|28:1000|33:20|34:10|43:128|44:10000|49:0|51:400|52:1|53:0|54:0|59:0|60:120|61:120|91:2|92:1|106:5000|117:0|119:0|130:10000|142:-1|147:128|148:10000|149:0|155:24|156:32768|158:0|159:0|167:5|171:1048576|172:100|173:5000|175:600|177:1|186:1|190:0|200:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|35:1|36:0|37:0|38:0|41:1|42:1|45:0|46:0|47:0|48:0|50:0|55:1|56:1|57:0|58:1|62:1|63:1|64:0|65:1|66:1|67:0|68:1|71:0|72:0|75:1|76:1|80:1|81:1|82:1|83:0|85:0|86:0|87:1|88:0|93:1|94:0|100:0|105:0|108:1|109:1|112:1|114:1|118:0|121:1|124:1|125:1|131:0|132:0|133:1|135:0|141:0|143:1|144:0|145:1|146:0|153:0|154:0|157:1|160:0|162:1|164:1|165:0|170:0|174:1|179:0|180:0|181:0|182:1|183:0|184:0|185:1|188:0|192:0|193:0|194:1|195:1|196:0|197:1|198:1|199:1|201:0|202:0|204:0|212:1|213:1|214:0|215:0|216:0| -stringPrefs "3:7;release|134:3;1.0|151:332; ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵ ‐’․‧ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|152:8;moderate|187:38;{c4f51e2b-21f5-473f-a897-704c3b571eb6}|" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 3860 "\\.\pipe\gecko-crash-server-pipe.3860" tab
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe15_ Global\UsGthrCtrlFltPipeMssGthrPipe15 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 620 624 632 8192 628
"C:\Users\oem\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default
prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31, wrc@avast.com:7.0.1426, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.151 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19]
"Description"=Veetle TV Core
"Path"=C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files (x86)\Veetle\Player\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.151 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\extensions\
battlefieldheroespatcher@ea.com
bingsearch.full@microsoft.com
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\searchplugins\
firmycz.xml
mapycz.xml
zbocz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Pro [2012-12-30 6527128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Pro [2012-12-30 6527128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Pro [2012-12-30 6527128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Pro [2012-12-30 6527128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Pro [2012-12-30 6527128]
"lxczbmgr.exe"=C:\Pro [2012-12-30 6527128]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2016-09-30 1844280]
"AvastUI.exe"=C:\Pro [2012-12-30 6527128]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Pro [2012-12-30 6527128]
"ACEStream"=C:\Users\oem\AppData\Roaming\ACEStream\engine\ace_engine.exe [2014-09-25 27904]
"CCleaner Monitoring"=C:\Pro [2012-12-30 6527128]
"BingSvc"=C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-12 144008]
"OneDrive"=C:\Users\oem\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-07-25 1536208]
"GalaxyClient"=C:\Pro [2012-12-30 6527128]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Pro [2012-12-30 6527128]
"PMBVolumeWatcher"=C:\Pro [2012-12-30 6527128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ImageMixer 3 SE Camera Monitor Ver.6.lnk - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Pro [2012-12-30 6527128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-08-27 11:24:42 ----D---- C:\rsit
2017-08-27 09:26:44 ----D---- C:\ProgramData\SWCUTemp
2017-08-04 17:47:02 ----D---- C:\Users\oem\AppData\Roaming\Sony Corporation
2017-08-04 17:42:37 ----D---- C:\Program Files (x86)\Sony
2017-08-04 17:40:22 ----D---- C:\ProgramData\Sony Corporation
======List of files/folders modified in the last 1 month======
2017-08-27 11:24:45 ----D---- C:\WINDOWS\Prefetch
2017-08-27 11:24:44 ----D---- C:\Program Files\trend micro
2017-08-27 11:24:33 ----D---- C:\WINDOWS\Temp
2017-08-27 11:10:00 ----D---- C:\WINDOWS\system32\sru
2017-08-27 09:27:04 ----D---- C:\WINDOWS\system32\Macromed
2017-08-27 09:27:01 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-08-27 09:26:44 ----HD---- C:\ProgramData
2017-08-27 09:11:53 ----AD---- C:\Program Files (x86)\Steam
2017-08-27 09:09:10 ----D---- C:\ProgramData\NVIDIA
2017-08-27 09:08:21 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-27 09:08:21 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2017-08-27 09:08:20 ----D---- C:\WINDOWS
2017-08-27 09:08:16 ----D---- C:\WINDOWS\system32\drivers
2017-08-26 21:17:52 ----D---- C:\WINDOWS\AppReadiness
2017-08-26 13:24:26 ----HD---- C:\Program Files\WindowsApps
2017-08-26 13:22:05 ----D---- C:\WINDOWS\SoftwareDistribution
2017-08-26 10:33:31 ----D---- C:\WINDOWS\Microsoft.NET
2017-08-26 06:46:30 ----D---- C:\WINDOWS\INF
2017-08-26 06:46:20 ----D---- C:\WINDOWS\Logs
2017-08-25 15:41:40 ----SHD---- C:\System Volume Information
2017-08-25 12:30:26 ----AD---- C:\Program Files (x86)\GOG Galaxy
2017-08-24 21:19:50 ----D---- C:\Users\oem\AppData\Roaming\vlc
2017-08-11 16:11:01 ----SHD---- C:\WINDOWS\Installer
2017-08-11 16:10:58 ----D---- C:\WINDOWS\system32\Tasks
2017-08-11 16:09:19 ----D---- C:\WINDOWS\SysWOW64
2017-08-10 13:40:14 ----AD---- C:\Program Files (x86)\StarCraft II
2017-08-10 13:36:41 ----RD---- C:\Program Files (x86)
2017-08-10 13:21:47 ----D---- C:\Program Files (x86)\Battle.net
2017-08-09 16:11:04 ----D---- C:\WINDOWS\system32\config
2017-08-08 20:09:25 ----D---- C:\WINDOWS\System32
2017-08-08 20:09:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-08 20:08:13 ----D---- C:\Users\oem\AppData\Roaming\.ACEStream
2017-08-06 15:35:10 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [2017-07-21 198976]
R0 aswblog;aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [2017-07-21 343288]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [2017-07-21 57728]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2017-07-16 84392]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2017-07-16 361336]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [2017-07-21 320008]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2017-07-16 41800]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2017-07-16 110352]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2017-08-13 1015880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2017-07-16 585608]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-06-17 87552]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2017-08-13 146704]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2017-07-16 198768]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-06-05 88480]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-06-05 46400]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2015-10-30 47616]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2015-10-30 78848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2010-07-28 2445672]
R3 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2016-06-17 175616]
R3 NVHDA;@oem8.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2016-06-03 141256]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2015-08-29 11151488]
R3 nvvad_WaveExtensible;@oem6.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2016-09-30 47672]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-30 589824]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys []
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys []
S0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys []
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-24 834544]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys []
S3 aswHwid;aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [2017-07-16 46984]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-04-27 117248]
S3 fssfltr;fssfltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2011-05-13 48488]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-11-01 25640]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-10-25 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\WINDOWS\system32\drivers\ioqos.sys [2015-10-30 26624]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Pro [2012-12-30 6527128]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2015-10-30 930656]
S3 ScreamBAudioSvc;ScreamBee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio64.sys [2012-07-31 38992]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Pro [2012-12-30 6527128]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 avast! Antivirus;Avast Antivirus; C:\Pro [2012-12-30 6527128]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2016-06-17 26624]
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Pro [2012-12-30 6527128]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service; C:\Pro [2012-12-30 6527128]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2015-08-07 937592]
R2 OneSyncSvc_2bae1;Hostitel synchronizace_2bae1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Pro [2012-12-30 6527128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Pro [2012-12-30 6527128]
R3 aswbIDSAgent;aswbIDSAgent; C:\Pro [2012-12-30 6527128]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 Steam Client Service;Steam Client Service; C:\Pro [2012-12-30 6527128]
S2 gupdate;Služba Google Update (gupdate); C:\Pro [2012-12-30 6527128]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_18ab0ef;Hostitel synchronizace_18ab0ef; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3232b;Hostitel synchronizace_3232b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_327ec;Hostitel synchronizace_327ec; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_32e7a;Hostitel synchronizace_32e7a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3792d471;Hostitel synchronizace_3792d471; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_38b6eff1;Hostitel synchronizace_38b6eff1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_46494;Hostitel synchronizace_46494; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_49d4a24;Hostitel synchronizace_49d4a24; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_8f21e39;Hostitel synchronizace_8f21e39; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_9c809;Hostitel synchronizace_9c809; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_b5cb7a7;Hostitel synchronizace_b5cb7a7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_c6071f2;Hostitel synchronizace_c6071f2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_fad768a6;Hostitel synchronizace_fad768a6; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-27 272384]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-10-30 51376]
S3 BEService;BattlEye Service; C:\Pro [2012-12-30 6527128]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-23 43696]
S3 fsssvc;Windows Live Family Safety Service; C:\Pro [2012-12-30 6527128]
S3 GalaxyClientService;GalaxyClientService; C:\Pro [2012-12-30 6527128]
S3 GalaxyCommunication;GalaxyCommunication; C:\Pro [2012-12-30 6527128]
S3 gupdatem;Služba Google Update (gupdatem); C:\Pro [2012-12-30 6527128]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_18ab0ef;Služba zasílání zpráv_18ab0ef; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_2bae1;Služba zasílání zpráv_2bae1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3232b;Služba zasílání zpráv_3232b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_327ec;Služba zasílání zpráv_327ec; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_32e7a;Služba zasílání zpráv_32e7a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3792d471;Služba zasílání zpráv_3792d471; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_38b6eff1;Služba zasílání zpráv_38b6eff1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_49d4a24;Služba zasílání zpráv_49d4a24; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_8f21e39;Služba zasílání zpráv_8f21e39; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_9c809;Služba zasílání zpráv_9c809; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_b5cb7a7;Služba zasílání zpráv_b5cb7a7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_c6071f2;Služba zasílání zpráv_c6071f2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_fad768a6;Služba zasílání zpráv_fad768a6; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Pro [2012-12-30 6527128]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Pro [2012-12-30 6527128]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Pro [2012-12-30 6527128]
S3 odserv;Microsoft Office Diagnostics Service; C:\Pro [2012-12-30 6527128]
S3 ose;Office Source Engine; C:\Pro [2012-12-30 6527128]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_18ab0ef;Data kontaktů_18ab0ef; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_2bae1;Data kontaktů_2bae1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_3232b;Data kontaktů_3232b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_327ec;Data kontaktů_327ec; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_32e7a;Data kontaktů_32e7a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_3792d471;Data kontaktů_3792d471; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_38b6eff1;Data kontaktů_38b6eff1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_49d4a24;Data kontaktů_49d4a24; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_8f21e39;Data kontaktů_8f21e39; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_9c809;Data kontaktů_9c809; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_b5cb7a7;Data kontaktů_b5cb7a7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_c6071f2;Data kontaktů_c6071f2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_fad768a6;Data kontaktů_fad768a6; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-09-07 1297408]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S4 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
-----------------EOF-----------------
Re: Prosím o kontrolu logu
Jde ciste jen o prevenci, nebo je i nejaky problem?
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.
Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Jde mi zejména o kontrolu, ale jsem si vědom, že mohou být nějaké problémy. Přidávám log z AdwCleaneru, za okamžik přihodím i log z Malwarebytes.
EDIT: skenování se nějak prodloužilo, log dodám zítra
Tady je log z AdwCleaner:
# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 27 17:45:21 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-25-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy, C:\Program Files (x86)\Prompt Downloader
PUP.Optional.Legacy, C:\Users\oem\AppData\Local\Prompt Downloader
PUP.Optional.Legacy, C:\Users\oem\AppData\Roaming\acestream
PUP.Optional.Legacy, C:\Users\oem\AppData\Roaming\.acestream
PUP.Optional.Legacy, C:\_acestream_cache_
PUP.Optional.Legacy, C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
PUP.Adware.Heuristic, C:\Program Files (x86)\SmartSound Software
***** [ Files ] *****
PUP.Optional.Legacy, C:\Program Files (x86)\Yahoo!\Common\unyt.exe
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{05F520C6-59A4-4F61-9D89-1D80F14CDC6D}C:\program files (x86)\prompt downloader\promptdownloader.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{AD436410-B70E-493F-991E-A843E61AC51E}C:\program files (x86)\prompt downloader\promptdownloader.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{4400BC24-13D3-47C8-B73F-5A9BEFB2FA06}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C164E7D2-E12C-4B9C-A9BE-7BC425A38CE4}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{4A55135B-557B-4581-8886-89A86EE54D85}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{463759E9-D0AC-49AC-9C8A-6A5BD93EF10A}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\AceStream
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
PUP.Optional.Legacy, [Key] - HKCU\Software\AceStream
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SiteSee
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Prompt Downloader
PUP.Optional.Legacy, [Key] - HKCU\Software\Prompt Downloader
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
PUP.Optional.Legacy, [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
PUP.Optional.Legacy, [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
PUP.Optional.Legacy, [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
PUP.Optional.Legacy, [Key] - HKCU\SOFTWARE\Classes\Applications\ace_player.exe
PUP.Optional.Legacy, [Key] - HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application\x-acestream-plugin
PUP.Optional.Legacy, [Key] - HKCU\Software\MozillaPlugins\@acestream.net\acestreamplugin,version=2.0.13.1
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\DVD\shell\PlayWithACEStream
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Applications\ace_player.exe
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\MIME\Database\Content Type\application\x-acestream-plugin
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin
Adware.TryMedia, [Key] - HKLM\SOFTWARE\Trymedia Systems
PUP.Optional.SofTonicAssistant, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Softonic
PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Softonic
PUP.Optional.SpeedBrowser, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe
PUP.Optional.TidyNetwork, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\TNT2
PUP.Optional.TidyNetwork, [Key] - HKCU\Software\TNT2
PUP.Optional.AceStream, [Value] - HKCU\Software\RegisteredApplications | AceStream
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\Applications\iLividSetup(3).exe
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
Plugin found: MSN Homepage & Bing Search Engine -
Plugin found: AS Magic Player -
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [7448 B] - [2014/4/10 16:25:6]
C:/AdwCleaner/AdwCleaner[S1].txt - [9590 B] - [2017/8/27 17:42:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########
EDIT: skenování se nějak prodloužilo, log dodám zítra
Tady je log z AdwCleaner:
# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 27 17:45:21 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-25-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy, C:\Program Files (x86)\Prompt Downloader
PUP.Optional.Legacy, C:\Users\oem\AppData\Local\Prompt Downloader
PUP.Optional.Legacy, C:\Users\oem\AppData\Roaming\acestream
PUP.Optional.Legacy, C:\Users\oem\AppData\Roaming\.acestream
PUP.Optional.Legacy, C:\_acestream_cache_
PUP.Optional.Legacy, C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
PUP.Adware.Heuristic, C:\Program Files (x86)\SmartSound Software
***** [ Files ] *****
PUP.Optional.Legacy, C:\Program Files (x86)\Yahoo!\Common\unyt.exe
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{05F520C6-59A4-4F61-9D89-1D80F14CDC6D}C:\program files (x86)\prompt downloader\promptdownloader.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{AD436410-B70E-493F-991E-A843E61AC51E}C:\program files (x86)\prompt downloader\promptdownloader.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{4400BC24-13D3-47C8-B73F-5A9BEFB2FA06}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C164E7D2-E12C-4B9C-A9BE-7BC425A38CE4}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{4A55135B-557B-4581-8886-89A86EE54D85}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{463759E9-D0AC-49AC-9C8A-6A5BD93EF10A}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\AceStream
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
PUP.Optional.Legacy, [Key] - HKCU\Software\AceStream
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SiteSee
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Prompt Downloader
PUP.Optional.Legacy, [Key] - HKCU\Software\Prompt Downloader
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
PUP.Optional.Legacy, [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
PUP.Optional.Legacy, [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
PUP.Optional.Legacy, [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
PUP.Optional.Legacy, [Key] - HKCU\SOFTWARE\Classes\Applications\ace_player.exe
PUP.Optional.Legacy, [Key] - HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application\x-acestream-plugin
PUP.Optional.Legacy, [Key] - HKCU\Software\MozillaPlugins\@acestream.net\acestreamplugin,version=2.0.13.1
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\DVD\shell\PlayWithACEStream
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Applications\ace_player.exe
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\MIME\Database\Content Type\application\x-acestream-plugin
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin
Adware.TryMedia, [Key] - HKLM\SOFTWARE\Trymedia Systems
PUP.Optional.SofTonicAssistant, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Softonic
PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Softonic
PUP.Optional.SpeedBrowser, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe
PUP.Optional.TidyNetwork, [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\TNT2
PUP.Optional.TidyNetwork, [Key] - HKCU\Software\TNT2
PUP.Optional.AceStream, [Value] - HKCU\Software\RegisteredApplications | AceStream
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\Applications\iLividSetup(3).exe
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
Plugin found: MSN Homepage & Bing Search Engine -
Plugin found: AS Magic Player -
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [7448 B] - [2014/4/10 16:25:6]
C:/AdwCleaner/AdwCleaner[S1].txt - [9590 B] - [2017/8/27 17:42:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########
Re: Prosím o kontrolu logu
Ten log je jen po skenu. Nechal jste nalezy i odstranit?
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Ano, tady je ten správný log z AdwCleaneru:
# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 27 17:53:11 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\Program Files (x86)\Prompt Downloader
Deleted: C:\Users\oem\AppData\Local\Prompt Downloader
Deleted: C:\Users\oem\AppData\Roaming\acestream
Deleted: C:\Users\oem\AppData\Roaming\.acestream
Deleted: C:\_acestream_cache_
Deleted: C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
Deleted: C:\Program Files (x86)\SmartSound Software
***** [ Files ] *****
Deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{05F520C6-59A4-4F61-9D89-1D80F14CDC6D}C:\program files (x86)\prompt downloader\promptdownloader.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{AD436410-B70E-493F-991E-A843E61AC51E}C:\program files (x86)\prompt downloader\promptdownloader.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{4400BC24-13D3-47C8-B73F-5A9BEFB2FA06}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{C164E7D2-E12C-4B9C-A9BE-7BC425A38CE4}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{4A55135B-557B-4581-8886-89A86EE54D85}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{463759E9-D0AC-49AC-9C8A-6A5BD93EF10A}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\AceStream
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Deleted: [Key] - HKCU\Software\AceStream
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Deleted: [Key] - HKLM\SOFTWARE\SiteSee
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Prompt Downloader
Deleted: [Key] - HKCU\Software\Prompt Downloader
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Deleted: [Key] - HKCU\SOFTWARE\Classes\Applications\ace_player.exe
Deleted: [Key] - HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application\x-acestream-plugin
Deleted: [Key] - HKCU\Software\MozillaPlugins\@acestream.net\acestreamplugin,version=2.0.13.1
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
Deleted: [Key] - HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
Deleted: [Key] - HKCU\Software\Classes\DVD\shell\PlayWithACEStream
Deleted: [Key] - HKCU\Software\Classes\Applications\ace_player.exe
Deleted: [Key] - HKCU\Software\Classes\MIME\Database\Content Type\application\x-acestream-plugin
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin
Deleted: [Key] - HKLM\SOFTWARE\Trymedia Systems
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Softonic
Deleted: [Key] - HKCU\Software\Softonic
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\TNT2
Deleted: [Key] - HKCU\Software\TNT2
Deleted: [Value] - HKCU\Software\RegisteredApplications|AceStream
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\iLividSetup(3).exe
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
Plugin deleted: MSN Homepage & Bing Search Engine -
Plugin deleted: AS Magic Player -
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [7448 B] - [2014/4/10 16:25:6]
C:/AdwCleaner/AdwCleaner[S1].txt - [9590 B] - [2017/8/27 17:42:25]
C:/AdwCleaner/AdwCleaner[S2].txt - [9658 B] - [2017/8/27 17:45:21]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 27 17:53:11 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\Program Files (x86)\Prompt Downloader
Deleted: C:\Users\oem\AppData\Local\Prompt Downloader
Deleted: C:\Users\oem\AppData\Roaming\acestream
Deleted: C:\Users\oem\AppData\Roaming\.acestream
Deleted: C:\_acestream_cache_
Deleted: C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
Deleted: C:\Program Files (x86)\SmartSound Software
***** [ Files ] *****
Deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{05F520C6-59A4-4F61-9D89-1D80F14CDC6D}C:\program files (x86)\prompt downloader\promptdownloader.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{AD436410-B70E-493F-991E-A843E61AC51E}C:\program files (x86)\prompt downloader\promptdownloader.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{4400BC24-13D3-47C8-B73F-5A9BEFB2FA06}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{C164E7D2-E12C-4B9C-A9BE-7BC425A38CE4}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{4A55135B-557B-4581-8886-89A86EE54D85}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{463759E9-D0AC-49AC-9C8A-6A5BD93EF10A}C:\users\oem\appdata\roaming\acestream\engine\ace_engine.exe
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\AceStream
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Deleted: [Key] - HKCU\Software\AceStream
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Deleted: [Key] - HKLM\SOFTWARE\SiteSee
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Prompt Downloader
Deleted: [Key] - HKCU\Software\Prompt Downloader
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Deleted: [Key] - HKCU\SOFTWARE\Classes\Applications\ace_player.exe
Deleted: [Key] - HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application\x-acestream-plugin
Deleted: [Key] - HKCU\Software\MozillaPlugins\@acestream.net\acestreamplugin,version=2.0.13.1
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
Deleted: [Key] - HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
Deleted: [Key] - HKCU\Software\Classes\DVD\shell\PlayWithACEStream
Deleted: [Key] - HKCU\Software\Classes\Applications\ace_player.exe
Deleted: [Key] - HKCU\Software\Classes\MIME\Database\Content Type\application\x-acestream-plugin
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin
Deleted: [Key] - HKLM\SOFTWARE\Trymedia Systems
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Softonic
Deleted: [Key] - HKCU\Software\Softonic
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe
Deleted: [Key] - HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\TNT2
Deleted: [Key] - HKCU\Software\TNT2
Deleted: [Value] - HKCU\Software\RegisteredApplications|AceStream
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\iLividSetup(3).exe
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
Plugin deleted: MSN Homepage & Bing Search Engine -
Plugin deleted: AS Magic Player -
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [7448 B] - [2014/4/10 16:25:6]
C:/AdwCleaner/AdwCleaner[S1].txt - [9590 B] - [2017/8/27 17:42:25]
C:/AdwCleaner/AdwCleaner[S2].txt - [9658 B] - [2017/8/27 17:45:21]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
Re: Prosím o kontrolu logu
A tady přikládám scan z Malwarebytes:
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 28.08.17
Čas skenování: 8:07
Logovací soubor: 2c0424ca-8bb7-11e7-8445-6cf049dc9ed6.json
Správce: Ano
-Informace o softwaru-
Verze: 3.2.2.2018
Verze komponentů: 1.0.188
Aktualizovat verzi balíku komponent: 1.0.2671
Licence: Zkušební
-Systémová informace-
OS: Windows 10 (Build 10586.679)
CPU: x64
Systém souborů: NTFS
Uživatel: oem-PC\oem
-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 564150
Zjištěné hrozby: 65
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 5 hod, 42 min, 40 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 9
PUP.Optional.DPMM, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\DP1815, Žádná uživatelská akce, [2574], [237894],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CCC6E94-4A1C-438A-93AD-7A499853B767}, Žádná uživatelská akce, [219], [237488],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{69CFD851-48D9-4219-98AC-D58531945B3E}, Žádná uživatelská akce, [219], [237488],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B384C60A-ACF5-44EE-B2B0-C8CF1F1ACBE7}, Žádná uživatelská akce, [219], [237487],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E439CAF9-58A0-4E37-8BB6-CD62E97977C3}, Žádná uživatelská akce, [219], [237488],1.0.2671
PUP.Optional.SearchQu, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{28E3C710-C900-40A0-A114-11B48EB42B89}, Žádná uživatelská akce, [9619], [242757],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{34C1DA06-380F-4AF0-B529-3C6B4CBE2183}, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3DE72051-6D11-44DC-B23F-087750603A09}, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C63586A6-E0D9-433D-93AF-ABDB71ED2A88}, Žádná uživatelská akce, [14194], [244085],1.0.2671
Hodnota v registru: 16
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CCC6E94-4A1C-438A-93AD-7A499853B767}|APPNAME, Žádná uživatelská akce, [219], [237488],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{69CFD851-48D9-4219-98AC-D58531945B3E}|APPNAME, Žádná uživatelská akce, [219], [237488],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B384C60A-ACF5-44EE-B2B0-C8CF1F1ACBE7}|APPNAME, Žádná uživatelská akce, [219], [237487],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E439CAF9-58A0-4E37-8BB6-CD62E97977C3}|APPNAME, Žádná uživatelská akce, [219], [237488],1.0.2671
PUP.Optional.SearchQu, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{28E3C710-C900-40A0-A114-11B48EB42B89}|SUGGESTIONSURL_JSON, Žádná uživatelská akce, [9619], [242757],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{34C1DA06-380F-4AF0-B529-3C6B4CBE2183}|OSDFILEURL, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{34C1DA06-380F-4AF0-B529-3C6B4CBE2183}|FAVICONURL, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3DE72051-6D11-44DC-B23F-087750603A09}|OSDFILEURL, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3DE72051-6D11-44DC-B23F-087750603A09}|FAVICONURL, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C63586A6-E0D9-433D-93AF-ABDB71ED2A88}|OSDFILEURL, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.SearchResults, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{28E3C710-C900-40A0-A114-11B48EB42B89}|URL, Žádná uživatelská akce, [10137], [184971],1.0.2671
PUP.Optional.SearchUs, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{34C1DA06-380F-4AF0-B529-3C6B4CBE2183}|DISPLAYNAME, Žádná uživatelská akce, [12163], [185811],1.0.2671
PUP.Optional.SearchUs, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{34C1DA06-380F-4AF0-B529-3C6B4CBE2183}|URL, Žádná uživatelská akce, [12163], [185811],1.0.2671
PUP.Optional.SearchUs, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3DE72051-6D11-44DC-B23F-087750603A09}|URL, Žádná uživatelská akce, [12163], [185811],1.0.2671
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Žádná uživatelská akce, [8879], [-1],0.0.0
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Žádná uživatelská akce, [8879], [-1],0.0.0
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 5
PUP.Optional.DataMngr.AppFlsh, C:\Users\oem\AppData\LocalLow\DataMngr, Žádná uživatelská akce, [8879], [181454],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\bitstreams, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\bitstreams, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd, Žádná uživatelská akce, [4309], [173432],1.0.2671
Soubor: 35
HackTool.Agent.Steam, C:\PROGRAM FILES (X86)\OCTODAD DADLIEST CATCH\STEAM_API.DLL, Žádná uživatelská akce, [1474], [331257],1.0.2671
RiskWare.BitCoinMiner, C:\PROGRAM FILES (X86)\PCDATA\MINERD.EXE, Žádná uživatelská akce, [94], [75880],1.0.2671
PUP.Optional.DataMngr.AppFlsh, C:\Users\oem\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}64, Žádná uživatelská akce, [8879], [181454],1.0.2671
PUP.Optional.InstallCore, C:\USERS\OEM\APPDATA\ROAMING\0U1Q1F2W1G1I1F1T1Q1B1F1O2Z\FIREFOX PACKAGES\UNINSTALLER.EXE, Žádná uživatelská akce, [2], [78417],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\diablo130302.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\diakgcn121016.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\libcurl-4.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\libeay32.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\libidn-11.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\librtmp.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\libssh2.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\mncporeo.exe, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\phatk121016.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\poclbm130302.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\scrypt130511.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\ssleay32.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\zlib1.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\diablo130302.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\diakgcn121016.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\libcurl-4.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\libeay32.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\libidn-11.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\librtmp.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\libssh2.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\mnctaewd.exe, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\phatk121016.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\poclbm130302.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\scrypt130511.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\ssleay32.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\zlib1.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.BitCoinMiner, C:\WINDOWS\INF\MSCCVWLG\MSCCVWLG.EXE, Žádná uživatelská akce, [78], [41844],1.0.2671
Trojan.BitCoinMiner, C:\WINDOWS\INF\MSLWXSARK\TRZ4D64.TMP, Žádná uživatelská akce, [78], [41844],1.0.2671
Trojan.Agent.Trace, C:\WINDOWS\INF\NTVDM.INF, Žádná uživatelská akce, [2853], [248250],1.0.2671
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 28.08.17
Čas skenování: 8:07
Logovací soubor: 2c0424ca-8bb7-11e7-8445-6cf049dc9ed6.json
Správce: Ano
-Informace o softwaru-
Verze: 3.2.2.2018
Verze komponentů: 1.0.188
Aktualizovat verzi balíku komponent: 1.0.2671
Licence: Zkušební
-Systémová informace-
OS: Windows 10 (Build 10586.679)
CPU: x64
Systém souborů: NTFS
Uživatel: oem-PC\oem
-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 564150
Zjištěné hrozby: 65
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 5 hod, 42 min, 40 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 9
PUP.Optional.DPMM, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\DP1815, Žádná uživatelská akce, [2574], [237894],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CCC6E94-4A1C-438A-93AD-7A499853B767}, Žádná uživatelská akce, [219], [237488],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{69CFD851-48D9-4219-98AC-D58531945B3E}, Žádná uživatelská akce, [219], [237488],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B384C60A-ACF5-44EE-B2B0-C8CF1F1ACBE7}, Žádná uživatelská akce, [219], [237487],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E439CAF9-58A0-4E37-8BB6-CD62E97977C3}, Žádná uživatelská akce, [219], [237488],1.0.2671
PUP.Optional.SearchQu, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{28E3C710-C900-40A0-A114-11B48EB42B89}, Žádná uživatelská akce, [9619], [242757],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{34C1DA06-380F-4AF0-B529-3C6B4CBE2183}, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3DE72051-6D11-44DC-B23F-087750603A09}, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C63586A6-E0D9-433D-93AF-ABDB71ED2A88}, Žádná uživatelská akce, [14194], [244085],1.0.2671
Hodnota v registru: 16
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CCC6E94-4A1C-438A-93AD-7A499853B767}|APPNAME, Žádná uživatelská akce, [219], [237488],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{69CFD851-48D9-4219-98AC-D58531945B3E}|APPNAME, Žádná uživatelská akce, [219], [237488],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B384C60A-ACF5-44EE-B2B0-C8CF1F1ACBE7}|APPNAME, Žádná uživatelská akce, [219], [237487],1.0.2671
PUP.Optional.CrossRider, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E439CAF9-58A0-4E37-8BB6-CD62E97977C3}|APPNAME, Žádná uživatelská akce, [219], [237488],1.0.2671
PUP.Optional.SearchQu, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{28E3C710-C900-40A0-A114-11B48EB42B89}|SUGGESTIONSURL_JSON, Žádná uživatelská akce, [9619], [242757],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{34C1DA06-380F-4AF0-B529-3C6B4CBE2183}|OSDFILEURL, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{34C1DA06-380F-4AF0-B529-3C6B4CBE2183}|FAVICONURL, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3DE72051-6D11-44DC-B23F-087750603A09}|OSDFILEURL, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3DE72051-6D11-44DC-B23F-087750603A09}|FAVICONURL, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.TNT, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C63586A6-E0D9-433D-93AF-ABDB71ED2A88}|OSDFILEURL, Žádná uživatelská akce, [14194], [244085],1.0.2671
PUP.Optional.SearchResults, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{28E3C710-C900-40A0-A114-11B48EB42B89}|URL, Žádná uživatelská akce, [10137], [184971],1.0.2671
PUP.Optional.SearchUs, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{34C1DA06-380F-4AF0-B529-3C6B4CBE2183}|DISPLAYNAME, Žádná uživatelská akce, [12163], [185811],1.0.2671
PUP.Optional.SearchUs, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{34C1DA06-380F-4AF0-B529-3C6B4CBE2183}|URL, Žádná uživatelská akce, [12163], [185811],1.0.2671
PUP.Optional.SearchUs, HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3DE72051-6D11-44DC-B23F-087750603A09}|URL, Žádná uživatelská akce, [12163], [185811],1.0.2671
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Žádná uživatelská akce, [8879], [-1],0.0.0
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Žádná uživatelská akce, [8879], [-1],0.0.0
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 5
PUP.Optional.DataMngr.AppFlsh, C:\Users\oem\AppData\LocalLow\DataMngr, Žádná uživatelská akce, [8879], [181454],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\bitstreams, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\bitstreams, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd, Žádná uživatelská akce, [4309], [173432],1.0.2671
Soubor: 35
HackTool.Agent.Steam, C:\PROGRAM FILES (X86)\OCTODAD DADLIEST CATCH\STEAM_API.DLL, Žádná uživatelská akce, [1474], [331257],1.0.2671
RiskWare.BitCoinMiner, C:\PROGRAM FILES (X86)\PCDATA\MINERD.EXE, Žádná uživatelská akce, [94], [75880],1.0.2671
PUP.Optional.DataMngr.AppFlsh, C:\Users\oem\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}64, Žádná uživatelská akce, [8879], [181454],1.0.2671
PUP.Optional.InstallCore, C:\USERS\OEM\APPDATA\ROAMING\0U1Q1F2W1G1I1F1T1Q1B1F1O2Z\FIREFOX PACKAGES\UNINSTALLER.EXE, Žádná uživatelská akce, [2], [78417],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\diablo130302.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\diakgcn121016.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\libcurl-4.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\libeay32.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\libidn-11.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\librtmp.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\libssh2.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\mncporeo.exe, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\phatk121016.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\poclbm130302.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\scrypt130511.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\ssleay32.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mncporeo\zlib1.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\diablo130302.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\diakgcn121016.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\libcurl-4.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\libeay32.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\libidn-11.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\librtmp.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\libssh2.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\mnctaewd.exe, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\phatk121016.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\poclbm130302.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\scrypt130511.cl, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\ssleay32.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.Agent.BCM, C:\WINDOWS\INF\mnctaewd\zlib1.dll, Žádná uživatelská akce, [4309], [173432],1.0.2671
Trojan.BitCoinMiner, C:\WINDOWS\INF\MSCCVWLG\MSCCVWLG.EXE, Žádná uživatelská akce, [78], [41844],1.0.2671
Trojan.BitCoinMiner, C:\WINDOWS\INF\MSLWXSARK\TRZ4D64.TMP, Žádná uživatelská akce, [78], [41844],1.0.2671
Trojan.Agent.Trace, C:\WINDOWS\INF\NTVDM.INF, Žádná uživatelská akce, [2853], [248250],1.0.2671
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Re: Prosím o kontrolu logu
Vsechny nalezy nechte odstranit. Po odstraneni a restartu pc test s MBAM zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Tady je log po znovu udělaném testu.
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 30.08.17
Čas skenování: 8:28
Logovací soubor: 7218e6b2-8d4c-11e7-b3f3-6cf049dc9ed6.json
Správce: Ano
-Informace o softwaru-
Verze: 3.2.2.2018
Verze komponentů: 1.0.0
Aktualizovat verzi balíku komponent: 1.0.2688
Licence: Zkušební
-Systémová informace-
OS: Windows 10 (Build 10586.679)
CPU: x64
Systém souborů: NTFS
Uživatel: oem-PC\oem
-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 562645
Zjištěné hrozby: 0
(Nebyly zjištěny žádné škodlivé položky)
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 5 hod, 9 min, 46 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 30.08.17
Čas skenování: 8:28
Logovací soubor: 7218e6b2-8d4c-11e7-b3f3-6cf049dc9ed6.json
Správce: Ano
-Informace o softwaru-
Verze: 3.2.2.2018
Verze komponentů: 1.0.0
Aktualizovat verzi balíku komponent: 1.0.2688
Licence: Zkušební
-Systémová informace-
OS: Windows 10 (Build 10586.679)
CPU: x64
Systém souborů: NTFS
Uživatel: oem-PC\oem
-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 562645
Zjištěné hrozby: 0
(Nebyly zjištěny žádné škodlivé položky)
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 5 hod, 9 min, 46 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Re: Prosím o kontrolu logu
MBAM odinstalujte. Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach (Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Tady zasílám log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by oem (administrator) on OEM-PC (30-08-2017 19:26:54)
Running from C:\Users\oem\Desktop
Loaded Profiles: oem (Available Profiles: oem & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(© 2015 Microsoft Corporation) C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\oem\Downloads\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe [74408 2009-04-27] (Lexmark International, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [213832 2017-07-21] (AVAST Software)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2998704 2017-06-12] (Sony Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-08-28] (Valve Corporation)
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [BingSvc] => C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [5188160 2017-08-25] (GOG.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk [2011-06-12]
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.6.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2011-12-09]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 188.175.121.1 188.175.121.2 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{de891d6e-aebf-49b5-aa90-c150bcec6810}: [DhcpNameServer] 188.175.121.1 188.175.121.2 8.8.8.8 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.seznam.cz/?clid=22668
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> {62808622-97D2-4C06-969A-E78BDA72FC7E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> {86DA7FD9-54CE-48B1-95DD-77ED1B3734C7} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-01] (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-03-21] (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-21] (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FireFox:
========
FF ProfilePath: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default [2017-08-30]
FF NewTab: Mozilla\Firefox\Profiles\qg7z22y8.default ->
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\qg7z22y8.default -> hxxps://www.seznam.cz/
FF Keyword.URL: Mozilla\Firefox\Profiles\qg7z22y8.default -> hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Extension: (Battlefield Heroes Updater) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\battlefieldheroespatcher@ea.com [2014-05-30] [not signed]
FF Extension: (Bing Search) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\bingsearch.full@microsoft.com [2015-10-30] [not signed]
FF Extension: (Avast SafePrice) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\sp@avast.com.xpi [2017-08-24]
FF Extension: (Avast Online Security) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\wrc@avast.com.xpi [2017-08-20]
FF Extension: (Adblock Plus) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Extension: (Seznam lištička) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-08-30]
FF Extension: (Firefox Screenshots) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\features\{752b0b52-5ab8-4c85-a965-244d228ffbbd}\screenshots@mozilla.org.xpi [2017-08-26]
FF SearchPlugin: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\searchplugins\firmycz.xml [2013-04-21]
FF SearchPlugin: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\searchplugins\mapycz.xml [2013-04-21]
FF SearchPlugin: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\searchplugins\zbocz.xml [2013-04-21]
FF HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\oem\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-27] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-01] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-27] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-03-21] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-14] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-14] (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2141710232-2788582470-3775898413-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\oem\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2141710232-2788582470-3775898413-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-05-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-03-21] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/?clid=22668"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__ ... earchTerms}
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default [2017-08-30]
CHR Extension: (Avast SafePrice) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-08-27]
CHR Extension: (Bing) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-08-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-21]
CHR HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe [7430992 2017-07-21] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [263312 2017-07-21] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [441216 2015-05-08] ()
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [529984 2017-08-25] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8242752 2017-08-25] (GOG.com)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [498608 2017-06-12] (Sony Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
S2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320008 2017-07-21] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-07-21] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-07-21] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57728 2017-07-21] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-16] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-07-16] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146704 2017-08-13] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-16] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-16] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015880 2017-08-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-16] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-16] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-16] (AVAST Software)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [88480 2011-06-05] ()
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [46400 2011-06-05] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
S1 prodrv06; C:\Windows\SysWOW64\drivers\prodrv06.sys [79488 2004-05-13] (Protection Technology) [File not signed]
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [111808 2004-05-13] (Protection Technology) [File not signed]
S0 prosync1; C:\Windows\SysWOW64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [834544 2010-11-24] (Duplex Secure Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-30 19:26 - 2017-08-30 19:28 - 000022012 _____ C:\Users\oem\Desktop\FRST.txt
2017-08-30 19:26 - 2017-08-30 19:26 - 002395648 _____ (Farbar) C:\Users\oem\Desktop\FRST64.exe
2017-08-30 19:26 - 2017-08-30 19:26 - 000000000 ____D C:\FRST
2017-08-30 19:25 - 2017-08-30 19:25 - 000112640 _____ (forum.viry.cz) C:\Users\oem\Downloads\FRSTLauncher.exe
2017-08-30 19:23 - 2017-08-30 19:23 - 000112640 _____ (forum.viry.cz) C:\Users\oem\Downloads\FRSTLauncher(1).exe
2017-08-30 14:56 - 2017-08-30 14:56 - 000051812 _____ C:\Users\oem\Documents\cc_20170830_145611.reg
2017-08-29 19:57 - 2017-08-24 18:27 - 000026977 _____ C:\Users\oem\Downloads\Twin Peaks S01E15.srt
2017-08-28 14:09 - 2017-08-28 14:09 - 000011623 _____ C:\Users\oem\Desktop\scan.txt
2017-08-27 20:02 - 2017-08-27 20:02 - 066347240 _____ (Malwarebytes ) C:\Users\oem\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-08-27 11:24 - 2017-08-27 11:24 - 001222144 _____ C:\Users\oem\Downloads\RSITx64.exe
2017-08-27 11:24 - 2017-08-27 11:24 - 000000000 ____D C:\rsit
2017-08-27 09:26 - 2017-08-27 09:26 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-26 14:11 - 2017-08-26 14:11 - 009791816 _____ (Piriform Ltd) C:\Users\oem\Downloads\ccsetup533.exe
2017-08-24 19:04 - 2017-08-24 18:27 - 000026977 _____ C:\Users\oem\Desktop\Twin Peaks S01E15.srt
2017-08-24 18:27 - 2017-08-24 18:27 - 000010861 _____ C:\Users\oem\Downloads\Twin-Peaks-S01E15(0000290285).zip
2017-08-24 18:24 - 2017-08-24 18:39 - 282083462 _____ C:\Users\oem\Downloads\Twin.Peaks.S03E15.HDTV.x264-FLEET.mkv
2017-08-23 17:39 - 2017-08-23 19:28 - 2005431654 _____ C:\Users\oem\Downloads\Game.of.Thrones.S07E06.1080p_CZ_SUB.mkv
2017-08-16 16:54 - 2017-08-16 17:41 - 838318080 _____ C:\Users\oem\Downloads\Twin.Peaks.S02E21.Miss.Twin.Peaks.DVDRip.multidub.cz-en.avi
2017-08-16 16:54 - 2017-08-16 16:54 - 000043051 _____ C:\Users\oem\Downloads\Game.of.Thrones.S07E05.HDTV.x264-SVA.srt
2017-08-16 16:53 - 2017-08-16 17:10 - 307157503 _____ C:\Users\oem\Downloads\Game.of.Thrones.S07E05.HDTV.x264-SVA.mkv
2017-08-13 09:51 - 2017-08-13 09:53 - 000000000 ____D C:\Users\oem\Desktop\jez krnov
2017-08-12 21:16 - 2017-08-12 21:16 - 000033186 _____ C:\Users\oem\Downloads\Twin-Peaks-S01E13(0000289876).srt
2017-08-09 16:03 - 2017-08-09 19:05 - 1637957746 _____ C:\Users\oem\Downloads\Twin.Peaks.S03E13.The.Return.Part.13.720p.AMZN.WEBRip.DDP5.1.x264-NTb.rar
2017-08-09 16:02 - 2017-08-09 17:58 - 2085665013 _____ C:\Users\oem\Downloads\Game of Thrones S07E04.mkv
2017-08-04 17:47 - 2017-08-04 17:47 - 000002232 _____ C:\Users\Public\Desktop\PlayMemories Home.lnk
2017-08-04 17:47 - 2017-08-04 17:47 - 000000000 ____D C:\Users\oem\Documents\Sony PMB
2017-08-04 17:47 - 2017-08-04 17:47 - 000000000 ____D C:\Users\oem\AppData\Roaming\Sony Corporation
2017-08-04 17:47 - 2017-08-04 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2017-08-04 17:42 - 2017-08-04 17:42 - 000000000 ____D C:\Program Files (x86)\Sony
2017-08-04 17:40 - 2017-08-04 17:40 - 000000000 ____D C:\ProgramData\Sony Corporation
2017-08-03 17:03 - 2017-08-03 18:00 - 511353030 _____ C:\Users\oem\Downloads\Twin.Peaks.S03E12.WEBRip.x264-RARBG-s-CZ-titulky.7z
2017-08-02 18:45 - 2017-08-02 18:45 - 000000000 ____D C:\Users\oem\Desktop\tři fotky
2017-08-01 19:02 - 2017-08-01 20:51 - 1949782562 _____ C:\Users\oem\Downloads\Game.of.Thrones.S07E03.Cz.sub.mkv
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-30 17:34 - 2016-11-19 08:36 - 000000000 ____D C:\Users\oem\AppData\LocalLow\Mozilla
2017-08-30 17:34 - 2012-02-28 19:59 - 000000000 ____D C:\Program Files (x86)\Steam
2017-08-30 17:31 - 2016-06-17 19:58 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-30 15:12 - 2016-06-17 20:04 - 000000000 ____D C:\Users\oem
2017-08-30 15:12 - 2015-10-30 09:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-30 15:12 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-30 15:01 - 2016-04-27 08:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-30 09:12 - 2016-06-06 17:05 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 20:52 - 2011-07-29 17:15 - 000000000 ____D C:\Users\oem\AppData\Roaming\vlc
2017-08-29 17:14 - 2017-05-01 09:37 - 000001426 _____ C:\Users\Public\Desktop\Gwent.lnk
2017-08-29 17:14 - 2017-05-01 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com]
2017-08-29 17:05 - 2015-10-30 09:21 - 000000000 ____D C:\WINDOWS\INF
2017-08-29 17:05 - 2014-07-30 08:34 - 000000000 ____D C:\Program Files (x86)\Octodad Dadliest Catch
2017-08-29 17:05 - 2014-03-01 08:36 - 000000000 ____D C:\Program Files (x86)\PCData
2017-08-27 19:54 - 2015-10-30 08:28 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2017-08-27 19:53 - 2014-04-10 18:24 - 000000000 ____D C:\AdwCleaner
2017-08-27 11:24 - 2012-06-21 15:11 - 000000000 ____D C:\Program Files\trend micro
2017-08-27 09:27 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-27 09:27 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-27 09:27 - 2014-11-06 08:26 - 000000000 ____D C:\Users\oem\AppData\Local\Adobe
2017-08-27 09:08 - 2016-11-18 18:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-27 09:08 - 2016-02-13 08:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-26 14:11 - 2011-01-29 16:28 - 000001090 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-26 06:46 - 2016-10-21 12:04 - 000000000 ____D C:\Users\oem\AppData\Local\CrashDumps
2017-08-25 12:30 - 2017-05-01 09:35 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2017-08-13 11:18 - 2011-08-14 14:32 - 001015880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-08-13 11:18 - 2010-11-20 19:19 - 000146704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2017-08-13 11:12 - 2010-11-22 20:53 - 000028672 _____ C:\Users\oem\Desktop\pivo.xls
2017-08-11 16:10 - 2015-07-03 16:06 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-10 14:31 - 2016-03-24 19:23 - 000000000 ____D C:\Users\oem\AppData\Local\Battle.net
2017-08-10 13:40 - 2015-02-19 17:55 - 000000000 ____D C:\Program Files (x86)\StarCraft II
2017-08-10 13:37 - 2014-11-26 20:21 - 000000000 ____D C:\Users\oem\Documents\StarCraft II
2017-08-10 13:21 - 2014-01-27 17:33 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-08-08 20:09 - 2016-04-27 08:54 - 002066064 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-08 20:09 - 2016-04-27 08:11 - 000852174 _____ C:\WINDOWS\system32\perfh005.dat
2017-08-08 20:09 - 2016-04-27 08:11 - 000197466 _____ C:\WINDOWS\system32\perfc005.dat
2017-08-06 15:35 - 2010-10-29 11:02 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-03 20:18 - 2016-06-19 09:23 - 000000000 ____D C:\Users\DefaultAppPool
==================== Files in the root of some directories =======
2014-06-06 15:24 - 2014-06-06 15:24 - 000000097 _____ () C:\Users\oem\AppData\Roaming\LauncherSettings_live.cfg
2011-07-13 20:20 - 2012-12-21 17:42 - 000045270 _____ () C:\Users\oem\AppData\Roaming\room_v3.dat
2013-02-22 15:38 - 2013-02-22 15:38 - 000703117 _____ () C:\Users\oem\AppData\Roaming\technic-launcher.jar
2014-06-06 15:11 - 2014-06-06 15:11 - 000000039 _____ () C:\Users\oem\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-09-22 20:48 - 2014-09-22 20:48 - 000001181 _____ () C:\Users\oem\AppData\Roaming\trace_FilterInstaller.1.txt
2014-09-22 20:48 - 2014-10-17 14:38 - 000000919 _____ () C:\Users\oem\AppData\Roaming\trace_FilterInstaller.txt
2014-09-22 20:48 - 2014-10-17 14:38 - 000000000 _____ () C:\Users\oem\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2011-07-21 16:00 - 2011-09-11 09:50 - 000000088 __RSH () C:\ProgramData\C1464B4D46.sys
2013-11-13 16:17 - 2015-02-07 09:18 - 000005890 _____ () C:\ProgramData\HirezPipeError.txt
2011-07-21 16:00 - 2012-02-12 16:05 - 000005018 ___SH () C:\ProgramData\KGyGaAvL.sys
Files to move or delete:
====================
C:\Users\oem\xpacklanguage.dll
Some files in TEMP:
====================
2017-08-30 15:04 - 2017-08-30 17:34 - 000040960 _____ (Realtek) C:\Users\oem\AppData\Local\Temp\rtdrvmon.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\oem\Desktop" je 46893 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by oem (administrator) on OEM-PC (30-08-2017 19:26:54)
Running from C:\Users\oem\Desktop
Loaded Profiles: oem (Available Profiles: oem & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(© 2015 Microsoft Corporation) C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\oem\Downloads\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe [74408 2009-04-27] (Lexmark International, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [213832 2017-07-21] (AVAST Software)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2998704 2017-06-12] (Sony Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-08-28] (Valve Corporation)
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [BingSvc] => C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [5188160 2017-08-25] (GOG.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk [2011-06-12]
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.6.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2011-12-09]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 188.175.121.1 188.175.121.2 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{de891d6e-aebf-49b5-aa90-c150bcec6810}: [DhcpNameServer] 188.175.121.1 188.175.121.2 8.8.8.8 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.seznam.cz/?clid=22668
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> {62808622-97D2-4C06-969A-E78BDA72FC7E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> {86DA7FD9-54CE-48B1-95DD-77ED1B3734C7} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-01] (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-03-21] (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-21] (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FireFox:
========
FF ProfilePath: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default [2017-08-30]
FF NewTab: Mozilla\Firefox\Profiles\qg7z22y8.default ->
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\qg7z22y8.default -> hxxps://www.seznam.cz/
FF Keyword.URL: Mozilla\Firefox\Profiles\qg7z22y8.default -> hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Extension: (Battlefield Heroes Updater) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\battlefieldheroespatcher@ea.com [2014-05-30] [not signed]
FF Extension: (Bing Search) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\bingsearch.full@microsoft.com [2015-10-30] [not signed]
FF Extension: (Avast SafePrice) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\sp@avast.com.xpi [2017-08-24]
FF Extension: (Avast Online Security) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\wrc@avast.com.xpi [2017-08-20]
FF Extension: (Adblock Plus) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Extension: (Seznam lištička) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-08-30]
FF Extension: (Firefox Screenshots) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\features\{752b0b52-5ab8-4c85-a965-244d228ffbbd}\screenshots@mozilla.org.xpi [2017-08-26]
FF SearchPlugin: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\searchplugins\firmycz.xml [2013-04-21]
FF SearchPlugin: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\searchplugins\mapycz.xml [2013-04-21]
FF SearchPlugin: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\searchplugins\zbocz.xml [2013-04-21]
FF HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\oem\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-27] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-01] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-27] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-03-21] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-14] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-14] (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2141710232-2788582470-3775898413-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\oem\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2141710232-2788582470-3775898413-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-05-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-03-21] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/?clid=22668"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__ ... earchTerms}
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default [2017-08-30]
CHR Extension: (Avast SafePrice) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-08-27]
CHR Extension: (Bing) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-08-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-21]
CHR HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe [7430992 2017-07-21] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [263312 2017-07-21] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [441216 2015-05-08] ()
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [529984 2017-08-25] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8242752 2017-08-25] (GOG.com)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [498608 2017-06-12] (Sony Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
S2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320008 2017-07-21] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-07-21] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-07-21] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57728 2017-07-21] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-16] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-07-16] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146704 2017-08-13] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-16] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-16] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015880 2017-08-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-16] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-16] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-16] (AVAST Software)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [88480 2011-06-05] ()
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [46400 2011-06-05] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
S1 prodrv06; C:\Windows\SysWOW64\drivers\prodrv06.sys [79488 2004-05-13] (Protection Technology) [File not signed]
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [111808 2004-05-13] (Protection Technology) [File not signed]
S0 prosync1; C:\Windows\SysWOW64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [834544 2010-11-24] (Duplex Secure Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-30 19:26 - 2017-08-30 19:28 - 000022012 _____ C:\Users\oem\Desktop\FRST.txt
2017-08-30 19:26 - 2017-08-30 19:26 - 002395648 _____ (Farbar) C:\Users\oem\Desktop\FRST64.exe
2017-08-30 19:26 - 2017-08-30 19:26 - 000000000 ____D C:\FRST
2017-08-30 19:25 - 2017-08-30 19:25 - 000112640 _____ (forum.viry.cz) C:\Users\oem\Downloads\FRSTLauncher.exe
2017-08-30 19:23 - 2017-08-30 19:23 - 000112640 _____ (forum.viry.cz) C:\Users\oem\Downloads\FRSTLauncher(1).exe
2017-08-30 14:56 - 2017-08-30 14:56 - 000051812 _____ C:\Users\oem\Documents\cc_20170830_145611.reg
2017-08-29 19:57 - 2017-08-24 18:27 - 000026977 _____ C:\Users\oem\Downloads\Twin Peaks S01E15.srt
2017-08-28 14:09 - 2017-08-28 14:09 - 000011623 _____ C:\Users\oem\Desktop\scan.txt
2017-08-27 20:02 - 2017-08-27 20:02 - 066347240 _____ (Malwarebytes ) C:\Users\oem\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-08-27 11:24 - 2017-08-27 11:24 - 001222144 _____ C:\Users\oem\Downloads\RSITx64.exe
2017-08-27 11:24 - 2017-08-27 11:24 - 000000000 ____D C:\rsit
2017-08-27 09:26 - 2017-08-27 09:26 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-26 14:11 - 2017-08-26 14:11 - 009791816 _____ (Piriform Ltd) C:\Users\oem\Downloads\ccsetup533.exe
2017-08-24 19:04 - 2017-08-24 18:27 - 000026977 _____ C:\Users\oem\Desktop\Twin Peaks S01E15.srt
2017-08-24 18:27 - 2017-08-24 18:27 - 000010861 _____ C:\Users\oem\Downloads\Twin-Peaks-S01E15(0000290285).zip
2017-08-24 18:24 - 2017-08-24 18:39 - 282083462 _____ C:\Users\oem\Downloads\Twin.Peaks.S03E15.HDTV.x264-FLEET.mkv
2017-08-23 17:39 - 2017-08-23 19:28 - 2005431654 _____ C:\Users\oem\Downloads\Game.of.Thrones.S07E06.1080p_CZ_SUB.mkv
2017-08-16 16:54 - 2017-08-16 17:41 - 838318080 _____ C:\Users\oem\Downloads\Twin.Peaks.S02E21.Miss.Twin.Peaks.DVDRip.multidub.cz-en.avi
2017-08-16 16:54 - 2017-08-16 16:54 - 000043051 _____ C:\Users\oem\Downloads\Game.of.Thrones.S07E05.HDTV.x264-SVA.srt
2017-08-16 16:53 - 2017-08-16 17:10 - 307157503 _____ C:\Users\oem\Downloads\Game.of.Thrones.S07E05.HDTV.x264-SVA.mkv
2017-08-13 09:51 - 2017-08-13 09:53 - 000000000 ____D C:\Users\oem\Desktop\jez krnov
2017-08-12 21:16 - 2017-08-12 21:16 - 000033186 _____ C:\Users\oem\Downloads\Twin-Peaks-S01E13(0000289876).srt
2017-08-09 16:03 - 2017-08-09 19:05 - 1637957746 _____ C:\Users\oem\Downloads\Twin.Peaks.S03E13.The.Return.Part.13.720p.AMZN.WEBRip.DDP5.1.x264-NTb.rar
2017-08-09 16:02 - 2017-08-09 17:58 - 2085665013 _____ C:\Users\oem\Downloads\Game of Thrones S07E04.mkv
2017-08-04 17:47 - 2017-08-04 17:47 - 000002232 _____ C:\Users\Public\Desktop\PlayMemories Home.lnk
2017-08-04 17:47 - 2017-08-04 17:47 - 000000000 ____D C:\Users\oem\Documents\Sony PMB
2017-08-04 17:47 - 2017-08-04 17:47 - 000000000 ____D C:\Users\oem\AppData\Roaming\Sony Corporation
2017-08-04 17:47 - 2017-08-04 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2017-08-04 17:42 - 2017-08-04 17:42 - 000000000 ____D C:\Program Files (x86)\Sony
2017-08-04 17:40 - 2017-08-04 17:40 - 000000000 ____D C:\ProgramData\Sony Corporation
2017-08-03 17:03 - 2017-08-03 18:00 - 511353030 _____ C:\Users\oem\Downloads\Twin.Peaks.S03E12.WEBRip.x264-RARBG-s-CZ-titulky.7z
2017-08-02 18:45 - 2017-08-02 18:45 - 000000000 ____D C:\Users\oem\Desktop\tři fotky
2017-08-01 19:02 - 2017-08-01 20:51 - 1949782562 _____ C:\Users\oem\Downloads\Game.of.Thrones.S07E03.Cz.sub.mkv
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-30 17:34 - 2016-11-19 08:36 - 000000000 ____D C:\Users\oem\AppData\LocalLow\Mozilla
2017-08-30 17:34 - 2012-02-28 19:59 - 000000000 ____D C:\Program Files (x86)\Steam
2017-08-30 17:31 - 2016-06-17 19:58 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-30 15:12 - 2016-06-17 20:04 - 000000000 ____D C:\Users\oem
2017-08-30 15:12 - 2015-10-30 09:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-30 15:12 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-30 15:01 - 2016-04-27 08:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-30 09:12 - 2016-06-06 17:05 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 20:52 - 2011-07-29 17:15 - 000000000 ____D C:\Users\oem\AppData\Roaming\vlc
2017-08-29 17:14 - 2017-05-01 09:37 - 000001426 _____ C:\Users\Public\Desktop\Gwent.lnk
2017-08-29 17:14 - 2017-05-01 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com]
2017-08-29 17:05 - 2015-10-30 09:21 - 000000000 ____D C:\WINDOWS\INF
2017-08-29 17:05 - 2014-07-30 08:34 - 000000000 ____D C:\Program Files (x86)\Octodad Dadliest Catch
2017-08-29 17:05 - 2014-03-01 08:36 - 000000000 ____D C:\Program Files (x86)\PCData
2017-08-27 19:54 - 2015-10-30 08:28 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2017-08-27 19:53 - 2014-04-10 18:24 - 000000000 ____D C:\AdwCleaner
2017-08-27 11:24 - 2012-06-21 15:11 - 000000000 ____D C:\Program Files\trend micro
2017-08-27 09:27 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-27 09:27 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-27 09:27 - 2014-11-06 08:26 - 000000000 ____D C:\Users\oem\AppData\Local\Adobe
2017-08-27 09:08 - 2016-11-18 18:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-27 09:08 - 2016-02-13 08:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-26 14:11 - 2011-01-29 16:28 - 000001090 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-26 06:46 - 2016-10-21 12:04 - 000000000 ____D C:\Users\oem\AppData\Local\CrashDumps
2017-08-25 12:30 - 2017-05-01 09:35 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2017-08-13 11:18 - 2011-08-14 14:32 - 001015880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-08-13 11:18 - 2010-11-20 19:19 - 000146704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2017-08-13 11:12 - 2010-11-22 20:53 - 000028672 _____ C:\Users\oem\Desktop\pivo.xls
2017-08-11 16:10 - 2015-07-03 16:06 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-10 14:31 - 2016-03-24 19:23 - 000000000 ____D C:\Users\oem\AppData\Local\Battle.net
2017-08-10 13:40 - 2015-02-19 17:55 - 000000000 ____D C:\Program Files (x86)\StarCraft II
2017-08-10 13:37 - 2014-11-26 20:21 - 000000000 ____D C:\Users\oem\Documents\StarCraft II
2017-08-10 13:21 - 2014-01-27 17:33 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-08-08 20:09 - 2016-04-27 08:54 - 002066064 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-08 20:09 - 2016-04-27 08:11 - 000852174 _____ C:\WINDOWS\system32\perfh005.dat
2017-08-08 20:09 - 2016-04-27 08:11 - 000197466 _____ C:\WINDOWS\system32\perfc005.dat
2017-08-06 15:35 - 2010-10-29 11:02 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-03 20:18 - 2016-06-19 09:23 - 000000000 ____D C:\Users\DefaultAppPool
==================== Files in the root of some directories =======
2014-06-06 15:24 - 2014-06-06 15:24 - 000000097 _____ () C:\Users\oem\AppData\Roaming\LauncherSettings_live.cfg
2011-07-13 20:20 - 2012-12-21 17:42 - 000045270 _____ () C:\Users\oem\AppData\Roaming\room_v3.dat
2013-02-22 15:38 - 2013-02-22 15:38 - 000703117 _____ () C:\Users\oem\AppData\Roaming\technic-launcher.jar
2014-06-06 15:11 - 2014-06-06 15:11 - 000000039 _____ () C:\Users\oem\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-09-22 20:48 - 2014-09-22 20:48 - 000001181 _____ () C:\Users\oem\AppData\Roaming\trace_FilterInstaller.1.txt
2014-09-22 20:48 - 2014-10-17 14:38 - 000000919 _____ () C:\Users\oem\AppData\Roaming\trace_FilterInstaller.txt
2014-09-22 20:48 - 2014-10-17 14:38 - 000000000 _____ () C:\Users\oem\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2011-07-21 16:00 - 2011-09-11 09:50 - 000000088 __RSH () C:\ProgramData\C1464B4D46.sys
2013-11-13 16:17 - 2015-02-07 09:18 - 000005890 _____ () C:\ProgramData\HirezPipeError.txt
2011-07-21 16:00 - 2012-02-12 16:05 - 000005018 ___SH () C:\ProgramData\KGyGaAvL.sys
Files to move or delete:
====================
C:\Users\oem\xpacklanguage.dll
Some files in TEMP:
====================
2017-08-30 15:04 - 2017-08-30 17:34 - 000040960 _____ (Realtek) C:\Users\oem\AppData\Local\Temp\rtdrvmon.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\oem\Desktop" je 46893 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001
==================== End Of Log ==============================
Re: Prosím o kontrolu logu
levely píše:***** Velikost "Plochy" *****
Velikost slozky "C:\Users\oem\Desktop" je 46893 MB.
Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
Start
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-08-28] (Valve Corporation)
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [BingSvc] => C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> {62808622-97D2-4C06-969A-E78BDA72FC7E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> {86DA7FD9-54CE-48B1-95DD-77ED1B3734C7} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF Keyword.URL: Mozilla\Firefox\Profiles\qg7z22y8.default -> hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Extension: (Bing Search) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\bingsearch.full@microsoft.com [2015-10-30] [not signed]
FF HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\oem\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org => not found
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__ ... M__&query={searchTerms}
CHR Extension: (Bing) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-08-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
Hosts:
EmptyTemp:
Reboot:
EndKliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Plochu si dám určitě do pořádku. Mezitím zasílám fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by oem (31-08-2017 11:27:46) Run:1
Running from C:\Users\oem\Desktop
Loaded Profiles: oem & DefaultAppPool (Available Profiles: oem & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-08-28] (Valve Corporation)
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [BingSvc] => C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (� 2015 Microsoft Corporation)
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> {62808622-97D2-4C06-969A-E78BDA72FC7E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> {86DA7FD9-54CE-48B1-95DD-77ED1B3734C7} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF Keyword.URL: Mozilla\Firefox\Profiles\qg7z22y8.default -> hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Extension: (Bing Search) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\bingsearch.full@microsoft.com [2015-10-30] [not signed]
FF HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\oem\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org => not found
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__ ... M__&query={searchTerms}
CHR Extension: (Bing) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-08-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => value removed successfully
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{62808622-97D2-4C06-969A-E78BDA72FC7E} => key removed successfully
HKLM\Software\Classes\CLSID\{62808622-97D2-4C06-969A-E78BDA72FC7E} => key not found.
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86DA7FD9-54CE-48B1-95DD-77ED1B3734C7} => key removed successfully
HKLM\Software\Classes\CLSID\{86DA7FD9-54CE-48B1-95DD-77ED1B3734C7} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => key removed successfully
HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.
Firefox DefaultSearchEngine removed successfully
Firefox SearchEngineOrder.3 removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "Keyword.URL" removed successfully
C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\bingsearch.full@microsoft.com => moved successfully
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Mozilla\Firefox\Extensions\\magicplayer@torrentstream.org => value removed successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
CHR Extension: (Bing) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-08-27] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40419966 B
Java, Flash, Steam htmlcache => 344583525 B
Windows/system/drivers => 2402257 B
Edge => 882 B
Chrome => 126682507 B
Firefox => 214892888 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 115910 B
NetworkService => 0 B
oem => 11076035 B
DefaultAppPool => 0 B
RecycleBin => 0 B
EmptyTemp: => 705.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 11:31:00 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by oem (31-08-2017 11:27:46) Run:1
Running from C:\Users\oem\Desktop
Loaded Profiles: oem & DefaultAppPool (Available Profiles: oem & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-08-28] (Valve Corporation)
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Run: [BingSvc] => C:\Users\oem\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (� 2015 Microsoft Corporation)
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> {62808622-97D2-4C06-969A-E78BDA72FC7E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-2141710232-2788582470-3775898413-1000 -> {86DA7FD9-54CE-48B1-95DD-77ED1B3734C7} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\qg7z22y8.default -> Bing
FF Keyword.URL: Mozilla\Firefox\Profiles\qg7z22y8.default -> hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Extension: (Bing Search) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\bingsearch.full@microsoft.com [2015-10-30] [not signed]
FF HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\oem\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org => not found
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__ ... M__&query={searchTerms}
CHR Extension: (Bing) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-08-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => value removed successfully
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{62808622-97D2-4C06-969A-E78BDA72FC7E} => key removed successfully
HKLM\Software\Classes\CLSID\{62808622-97D2-4C06-969A-E78BDA72FC7E} => key not found.
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86DA7FD9-54CE-48B1-95DD-77ED1B3734C7} => key removed successfully
HKLM\Software\Classes\CLSID\{86DA7FD9-54CE-48B1-95DD-77ED1B3734C7} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => key removed successfully
HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.
Firefox DefaultSearchEngine removed successfully
Firefox SearchEngineOrder.3 removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "Keyword.URL" removed successfully
C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\qg7z22y8.default\Extensions\bingsearch.full@microsoft.com => moved successfully
HKU\S-1-5-21-2141710232-2788582470-3775898413-1000\Software\Mozilla\Firefox\Extensions\\magicplayer@torrentstream.org => value removed successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
CHR Extension: (Bing) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-08-27] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40419966 B
Java, Flash, Steam htmlcache => 344583525 B
Windows/system/drivers => 2402257 B
Edge => 882 B
Chrome => 126682507 B
Firefox => 214892888 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 115910 B
NetworkService => 0 B
oem => 11076035 B
DefaultAppPool => 0 B
RecycleBin => 0 B
EmptyTemp: => 705.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 11:31:00 ====
Re: Prosím o kontrolu logu
Po uklidu plochy uklidime i zbytek
Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)
Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)
Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.
Pak napiste, jak to s pc vypada.
Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce) vyosek píše:
- Stahnete a spustte
- Ponechte zatrzitkou pouze u volby Remove disinfection tools
- Kliknete na Run
Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)
Defragmentujte disk(y) (SSD Disky ne!)Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.
Pak napiste, jak to s pc vypada.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?