Právě je 24 úno 2018 07:31

Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Všechny časy jsou v UTC + 1 hodina


Pravidla fóra


Pokud chcete pomoc, vložte log z RSIT [návod zde] nebo FRST [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz



Odeslat nové téma Toto téma je zamknuté. Nemůžete posílat nové příspěvky ani odpovídat na starší.  [ Příspěvků: 12 ] 
Autor Zpráva
 Předmět příspěvku: Prosím o preventivku
PříspěvekNapsal: 03 pro 2017 02:06 
Offline
Návštěvník
Návštěvník

Registrován: 12 kvě 2012 21:39
Příspěvky: 72
Zdrávim, poprosil by som o preventívku. Ďakujem.

Logfile of random's system information tool 1.10 (written by random/random)
Run by gk at 2017-12-03 01:57:52
Microsoft Windows 10 Pro
System drive C: has 7 GB (4%) free of 171 GB
Total RAM: 8189 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:57:55, on 03.12.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.1106)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files\trend micro\gk.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 96.8.113.205:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SilentCleanService] C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME}
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKCU\..\Run: [OneDrive] "C:\Users\gk\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Users\gk\AppData\Roaming\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [VeraCrypt] "C:\Program Files\VeraCrypt\VeraCrypt.exe" /q preferences /a logon /a favorites
O4 - HKCU\..\Run: [Google Update] C:\Users\gk\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\gk\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{f02b2819-6c00-426d-a45e-a6fa3602595f}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VeraCrypt System Favorites (VeraCryptSystemFavorites) - Unknown owner - C:\WINDOWS\system32\VeraCrypt.exe (file missing)
O23 - Service: VNC Server (vncserver) - RealVNC Ltd - C:\Program Files\RealVNC\VNC Server\vncserver.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Wondershare - C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe

--
End of file - 10473 bytes

======Listing Processes======







C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-715bfc8a-b18c-4bd7-bd6e-187bc26958b5 -SystemEventPortName:HostProcess-68aee7b5-c0c1-4cea-96f6-4a80644c8f17 -IoCancelEventPortName:HostProcess-775a7efe-98e7-4c81-89ce-d97d4be0b5ea -NonStateChangingEventPortName:HostProcess-b0aa4ae9-5067-441f-a97a-281c787a219f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:f1e69aca-92b7-452f-8daf-aebeab2612df -DeviceGroupId:WpdFsGroup
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
"C:\Program Files\Sandboxie\SbieSvc.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe"
"C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe" --service
C:\WINDOWS\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe"
"C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe"
dashost.exe {e510bf39-9af5-4a4d-9f1765462255d3e6}
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"dwm.exe"

"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
sihost.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
C:\WINDOWS\Explorer.EXE
C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe atlogon
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\WINDOWS\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
"C:\Program Files (x86)\Gyazo\GyStation.exe"
"C:\Program Files\VeraCrypt\VeraCrypt.exe" /q preferences /a logon /a favorites
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"fontdrvhost.exe"
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Users\gk\Downloads\RSITx64.exe"
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe783_ Global\UsGthrCtrlFltPipeMssGthrPipe783 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 628 632 640 8192 636
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1670203971-3387094230-2352906352-1000784_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1670203971-3387094230-2352906352-1000784 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"

=========Mozilla firefox=========

ProfilePath - C:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\6jdrokv6.Cressis

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 27.0.0.187 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 27.0.0.187 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20 553024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20 214080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-10-17 13307496]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-25 500936]
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2016-12-14 2776528]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2017-05-09 303928]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2726728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\gk\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-11-07 1685704]
"uTorrent"=C:\Users\gk\AppData\Roaming\uTorrent\utorrent.exe [2015-02-22 416168]
"Gyazo"=C:\Program Files (x86)\Gyazo\GyStation.exe [2017-11-09 5345672]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2017-08-28 3071776]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2016-06-14 797328]
"VeraCrypt"=C:\Program Files\VeraCrypt\VeraCrypt.exe [2016-10-18 5489808]
"Google Update"=C:\Users\gk\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [2017-11-15 601680]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-10-10 27832264]
"Spotify Web Helper"=C:\Users\gk\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-09-03 1580144]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"iSkysoft Helper Compact.exe"=C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014-10-31 2066432]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01 596504]
"SilentCleanService"=C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME} []
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VeraCryptSystemFavorites]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VeraCryptSystemFavorites]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"DSCAutomationHostEnabled"=2
"PromptOnSecureDesktop"=0
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2017-12-03 01:57:52 ----D---- C:\rsit
2017-12-03 01:57:52 ----D---- C:\Program Files\trend micro
2017-12-03 00:41:18 ----D---- C:\Users\gk\AppData\Roaming\Wickr, LLC
2017-12-03 00:41:18 ----D---- C:\Program Files (x86)\Wickr Inc
2017-12-01 19:13:45 ----D---- C:\WINDOWS\UpdateAssistant
2017-11-17 13:25:52 ----A---- C:\WINDOWS\system32\pcasvc.dll
2017-11-17 13:25:52 ----A---- C:\WINDOWS\system32\invagent.dll
2017-11-17 13:25:52 ----A---- C:\WINDOWS\system32\generaltel.dll
2017-11-17 13:25:52 ----A---- C:\WINDOWS\system32\devinv.dll
2017-11-17 13:25:52 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-17 13:25:52 ----A---- C:\WINDOWS\system32\appraiser.dll
2017-11-17 13:25:52 ----A---- C:\WINDOWS\system32\aitstatic.exe
2017-11-17 13:25:52 ----A---- C:\WINDOWS\system32\aepic.dll
2017-11-17 13:25:52 ----A---- C:\WINDOWS\system32\aeinv.dll
2017-11-17 13:25:52 ----A---- C:\WINDOWS\system32\acmigration.dll
2017-11-04 17:09:35 ----HD---- C:\ProgramData\CanonIJEGV
2017-11-04 17:09:26 ----HD---- C:\ProgramData\CanonIJMyPrinter
2017-11-04 16:35:05 ----D---- C:\Program Files\Canon

======List of files/folders modified in the last 1 month======

2017-12-03 01:57:53 ----D---- C:\Users\gk\AppData\Roaming\Skype
2017-12-03 01:57:52 ----RD---- C:\Program Files
2017-12-03 01:36:18 ----D---- C:\WINDOWS\Temp
2017-12-03 01:06:00 ----D---- C:\WINDOWS\system32\sru
2017-12-03 00:53:31 ----D---- C:\Users\gk\AppData\Roaming\.purple
2017-12-03 00:46:10 ----D---- C:\WINDOWS\Prefetch
2017-12-03 00:41:30 ----SHD---- C:\WINDOWS\Installer
2017-12-03 00:41:27 ----SHD---- C:\Config.Msi
2017-12-03 00:41:18 ----RD---- C:\Program Files (x86)
2017-12-03 00:41:09 ----SHD---- C:\System Volume Information
2017-12-02 18:32:52 ----D---- C:\WINDOWS\system32\Tasks
2017-12-02 18:32:52 ----AD---- C:\Program Files (x86)\Opera
2017-12-02 16:27:15 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2017-12-02 15:41:38 ----D---- C:\WINDOWS\Microsoft.NET
2017-12-01 19:13:45 ----D---- C:\Windows
2017-12-01 19:10:49 ----D---- C:\WINDOWS\AppReadiness
2017-11-29 17:34:26 ----D---- C:\WINDOWS\INF
2017-11-28 18:12:44 ----D---- C:\WINDOWS\SoftwareDistribution
2017-11-28 17:09:34 ----D---- C:\Users\gk\AppData\Roaming\TeamViewer
2017-11-26 15:32:35 ----D---- C:\WINDOWS\system32\config
2017-11-26 01:17:43 ----D---- C:\Users\gk\AppData\Roaming\.minecraft
2017-11-23 22:19:56 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-23 16:56:34 ----HD---- C:\Program Files\WindowsApps
2017-11-21 16:49:53 ----D---- C:\Users\gk\AppData\Roaming\TS3Client
2017-11-19 15:00:26 ----AD---- C:\Program Files (x86)\TeamViewer
2017-11-18 16:50:37 ----D---- C:\WINDOWS\WinSxS
2017-11-18 16:30:55 ----D---- C:\WINDOWS\System32
2017-11-18 16:30:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-18 16:23:54 ----D---- C:\WINDOWS\system32\appraiser
2017-11-18 16:23:53 ----D---- C:\WINDOWS\AppPatch
2017-11-17 13:25:53 ----D---- C:\WINDOWS\CbsTemp
2017-11-17 13:24:39 ----AD---- C:\Program Files\rempl
2017-11-16 22:18:57 ----D---- C:\WINDOWS\LiveKernelReports
2017-11-14 14:04:52 ----D---- C:\WINDOWS\SysWOW64
2017-11-14 14:04:48 ----D---- C:\WINDOWS\system32\Macromed
2017-11-14 14:04:44 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-11-13 13:42:48 ----AD---- C:\Program Files (x86)\Gyazo
2017-11-13 13:28:22 ----D---- C:\Users\gk\AppData\Roaming\Mozilla
2017-11-11 03:10:58 ----AD---- C:\Program Files (x86)\Minecraft
2017-11-04 21:21:26 ----D---- C:\ProgramData\CanonIJPLM
2017-11-04 17:09:40 ----D---- C:\WINDOWS\system32\FxsTmp
2017-11-04 17:09:35 ----HD---- C:\ProgramData
2017-11-04 17:09:26 ----D---- C:\Program Files (x86)\Canon

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2016-11-12 84616]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2016-11-12 262792]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2016-11-12 197248]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2014-12-20 40344]
R1 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2016-11-12 208520]
R1 EpfwLWF;@oem17.inf,%EpfwLWF_Desc%;ESET Personal Firewall; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [2016-11-12 61568]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-04-23 87552]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 ekbdflt;ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [2016-11-12 153216]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2015-10-30 47616]
R3 amdiox64;@oem6.inf,%amdio.SvcDesc%;AMD IO Driver; C:\WINDOWS\System32\drivers\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2017-05-16 36558208]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2017-05-16 528760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2011-10-18 2957544]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2017-11-18 251832]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2016-10-07 15488]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 BstkDrv;BlueStacks Plus Hypervisor; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [2017-06-21 270904]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-02-13 117248]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-09-05 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\WINDOWS\system32\drivers\ioqos.sys [2015-10-30 26624]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 Netaapl;@oem20.inf,%Netaapl.Service.DispName%;Apple Mobile Device Ethernet Service; C:\WINDOWS\System32\drivers\netaapl64.sys [2015-11-05 23040]
S3 nmwcd;@oem21.inf,%MFG% %SVC%;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;@oem25.inf,%MFG% %SVC%;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2017-05-16 551808]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-04-03 83768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 DirMngr;DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2016-07-05 216576]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-11-12 2771848]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-02-19 239680]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2010-04-05 116104]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2016-12-14 4317648]
R2 OneSyncSvc_a518015;Hostitel synchronizace_a518015; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-21 153168]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_113cd85;Hostitel synchronizace_113cd85; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_11949ef;Hostitel synchronizace_11949ef; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_1196d5d;Hostitel synchronizace_1196d5d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_11e50274;Hostitel synchronizace_11e50274; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_12b0e80;Hostitel synchronizace_12b0e80; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_1359e6d;Hostitel synchronizace_1359e6d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_154e1e8;Hostitel synchronizace_154e1e8; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_169f981d;Hostitel synchronizace_169f981d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_173fbe1;Hostitel synchronizace_173fbe1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_183459b;Hostitel synchronizace_183459b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_19ce399;Hostitel synchronizace_19ce399; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_1b4bcbb;Hostitel synchronizace_1b4bcbb; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_1bf6c61;Hostitel synchronizace_1bf6c61; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_1bfeed0;Hostitel synchronizace_1bfeed0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_1c3d15ae;Hostitel synchronizace_1c3d15ae; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_1e3beed;Hostitel synchronizace_1e3beed; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_2396a5a;Hostitel synchronizace_2396a5a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_2add918;Hostitel synchronizace_2add918; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_2d089c3;Hostitel synchronizace_2d089c3; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_2f54b12;Hostitel synchronizace_2f54b12; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_30ad815;Hostitel synchronizace_30ad815; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_30eb02a;Hostitel synchronizace_30eb02a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_31db1e17;Hostitel synchronizace_31db1e17; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_32a5f2;Hostitel synchronizace_32a5f2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_32ecc1d;Hostitel synchronizace_32ecc1d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_33b3a;Hostitel synchronizace_33b3a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_36d5f;Hostitel synchronizace_36d5f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3734d53;Hostitel synchronizace_3734d53; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_383b770;Hostitel synchronizace_383b770; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3a76eb0;Hostitel synchronizace_3a76eb0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3b02cde;Hostitel synchronizace_3b02cde; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3b135;Hostitel synchronizace_3b135; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3d55bd;Hostitel synchronizace_3d55bd; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3d58e04;Hostitel synchronizace_3d58e04; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3e3a8;Hostitel synchronizace_3e3a8; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3ef22;Hostitel synchronizace_3ef22; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_3f20b;Hostitel synchronizace_3f20b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_41314;Hostitel synchronizace_41314; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_4256d;Hostitel synchronizace_4256d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_42dc0;Hostitel synchronizace_42dc0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_448c2;Hostitel synchronizace_448c2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_45818;Hostitel synchronizace_45818; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_4738c;Hostitel synchronizace_4738c; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_477a7;Hostitel synchronizace_477a7; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_47f29b;Hostitel synchronizace_47f29b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_47f78cc;Hostitel synchronizace_47f78cc; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_48fa9;Hostitel synchronizace_48fa9; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_494c8;Hostitel synchronizace_494c8; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_49c34;Hostitel synchronizace_49c34; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_4a39f;Hostitel synchronizace_4a39f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_4a788;Hostitel synchronizace_4a788; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_4b803ab;Hostitel synchronizace_4b803ab; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_4b83b;Hostitel synchronizace_4b83b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_4e722;Hostitel synchronizace_4e722; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_4fe2d;Hostitel synchronizace_4fe2d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_509c7;Hostitel synchronizace_509c7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_519160;Hostitel synchronizace_519160; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_51bcc;Hostitel synchronizace_51bcc; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_51ff662;Hostitel synchronizace_51ff662; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_5234f;Hostitel synchronizace_5234f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_5391ea8;Hostitel synchronizace_5391ea8; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_582774c;Hostitel synchronizace_582774c; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_5943a70;Hostitel synchronizace_5943a70; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_5b011af;Hostitel synchronizace_5b011af; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_646d291;Hostitel synchronizace_646d291; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_67723d0;Hostitel synchronizace_67723d0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_69b8ad4;Hostitel synchronizace_69b8ad4; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_6c87190;Hostitel synchronizace_6c87190; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_7479806;Hostitel synchronizace_7479806; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_790fbad;Hostitel synchronizace_790fbad; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_8213e;Hostitel synchronizace_8213e; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_824053;Hostitel synchronizace_824053; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_84f2a03;Hostitel synchronizace_84f2a03; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_877a606;Hostitel synchronizace_877a606; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_8fe9852;Hostitel synchronizace_8fe9852; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_95a0f25;Hostitel synchronizace_95a0f25; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_987f11;Hostitel synchronizace_987f11; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_99e0103;Hostitel synchronizace_99e0103; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_9d20e0;Hostitel synchronizace_9d20e0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_a90fd0;Hostitel synchronizace_a90fd0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_ab21d73;Hostitel synchronizace_ab21d73; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_adfe66;Hostitel synchronizace_adfe66; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_b8fc7b4;Hostitel synchronizace_b8fc7b4; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_c0afc3;Hostitel synchronizace_c0afc3; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_c89991;Hostitel synchronizace_c89991; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_cb314;Hostitel synchronizace_cb314; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_dc2949;Hostitel synchronizace_dc2949; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_eb28713;Hostitel synchronizace_eb28713; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14 272384]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2017-10-30 1547200]
S3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2017-08-02 369720]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2015-10-23 67224]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2016-04-14 1436424]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-23 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-21 153168]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2017-05-09 689464]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_113cd85;Služba zasílání zpráv_113cd85; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_11949ef;Služba zasílání zpráv_11949ef; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_1196d5d;Služba zasílání zpráv_1196d5d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_11e50274;Služba zasílání zpráv_11e50274; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_12b0e80;Služba zasílání zpráv_12b0e80; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_1359e6d;Služba zasílání zpráv_1359e6d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_154e1e8;Služba zasílání zpráv_154e1e8; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_169f981d;Služba zasílání zpráv_169f981d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_173fbe1;Služba zasílání zpráv_173fbe1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_183459b;Služba zasílání zpráv_183459b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_19ce399;Služba zasílání zpráv_19ce399; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_1b4bcbb;Služba zasílání zpráv_1b4bcbb; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_1bf6c61;Služba zasílání zpráv_1bf6c61; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_1bfeed0;Služba zasílání zpráv_1bfeed0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_1c3d15ae;Služba zasílání zpráv_1c3d15ae; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_1e3beed;Služba zasílání zpráv_1e3beed; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_2396a5a;Služba zasílání zpráv_2396a5a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_2add918;Služba zasílání zpráv_2add918; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_2d089c3;Služba zasílání zpráv_2d089c3; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_2f54b12;Služba zasílání zpráv_2f54b12; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_30ad815;Služba zasílání zpráv_30ad815; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_30eb02a;Služba zasílání zpráv_30eb02a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_31db1e17;Služba zasílání zpráv_31db1e17; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_32a5f2;Služba zasílání zpráv_32a5f2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_32ecc1d;Služba zasílání zpráv_32ecc1d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_33b3a;Služba zasílání zpráv_33b3a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_36d5f;Služba zasílání zpráv_36d5f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3734d53;Služba zasílání zpráv_3734d53; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_383b770;Služba zasílání zpráv_383b770; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3a76eb0;Služba zasílání zpráv_3a76eb0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3b02cde;Služba zasílání zpráv_3b02cde; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3b135;Služba zasílání zpráv_3b135; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3d55bd;Služba zasílání zpráv_3d55bd; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3d58e04;Služba zasílání zpráv_3d58e04; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3e3a8;Služba zasílání zpráv_3e3a8; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3ef22;Služba zasílání zpráv_3ef22; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3f20b;Služba zasílání zpráv_3f20b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_41314;Služba zasílání zpráv_41314; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_4256d;Služba zasílání zpráv_4256d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_42dc0;Služba zasílání zpráv_42dc0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_448c2;Služba zasílání zpráv_448c2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_45818;Služba zasílání zpráv_45818; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_4738c;Služba zasílání zpráv_4738c; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_47f29b;Služba zasílání zpráv_47f29b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_47f78cc;Služba zasílání zpráv_47f78cc; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_48fa9;Služba zasílání zpráv_48fa9; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_494c8;Služba zasílání zpráv_494c8; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_49c34;Služba zasílání zpráv_49c34; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_4a39f;Služba zasílání zpráv_4a39f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_4a788;Služba zasílání zpráv_4a788; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_4b803ab;Služba zasílání zpráv_4b803ab; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_4b83b;Služba zasílání zpráv_4b83b; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_4e722;Služba zasílání zpráv_4e722; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_4fe2d;Služba zasílání zpráv_4fe2d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_509c7;Služba zasílání zpráv_509c7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_519160;Služba zasílání zpráv_519160; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_51bcc;Služba zasílání zpráv_51bcc; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_51ff662;Služba zasílání zpráv_51ff662; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_5234f;Služba zasílání zpráv_5234f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_5391ea8;Služba zasílání zpráv_5391ea8; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_582774c;Služba zasílání zpráv_582774c; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_5943a70;Služba zasílání zpráv_5943a70; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_5b011af;Služba zasílání zpráv_5b011af; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_646d291;Služba zasílání zpráv_646d291; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_67723d0;Služba zasílání zpráv_67723d0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_69b8ad4;Služba zasílání zpráv_69b8ad4; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_6c87190;Služba zasílání zpráv_6c87190; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_7479806;Služba zasílání zpráv_7479806; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_790fbad;Služba zasílání zpráv_790fbad; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_8213e;Služba zasílání zpráv_8213e; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_824053;Služba zasílání zpráv_824053; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_84f2a03;Služba zasílání zpráv_84f2a03; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_877a606;Služba zasílání zpráv_877a606; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_8fe9852;Služba zasílání zpráv_8fe9852; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_95a0f25;Služba zasílání zpráv_95a0f25; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_987f11;Služba zasílání zpráv_987f11; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_99e0103;Služba zasílání zpráv_99e0103; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_9d20e0;Služba zasílání zpráv_9d20e0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_a518015;Služba zasílání zpráv_a518015; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_a90fd0;Služba zasílání zpráv_a90fd0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_ab21d73;Služba zasílání zpráv_ab21d73; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_adfe66;Služba zasílání zpráv_adfe66; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_b8fc7b4;Služba zasílání zpráv_b8fc7b4; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_c0afc3;Služba zasílání zpráv_c0afc3; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_c89991;Služba zasílání zpráv_c89991; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_cb314;Služba zasílání zpráv_cb314; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_dc2949;Služba zasílání zpráv_dc2949; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_eb28713;Služba zasílání zpráv_eb28713; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-12-02 194512]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S4 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S4 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]

-----------------EOF-----------------


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Prosím o preventivku
PříspěvekNapsal: 04 pro 2017 12:13 
Offline
Rádce
Rádce

Registrován: 30 kvě 2008 12:11
Příspěvky: 654
Ahoj,
Poprosim o vlozeni logu FRST.txt a Addition.txt z aplikace FRSTLauncher.exe (Farbar Recovery Scan Tool). Navod naleznes zde: https://forum.viry.cz/viewtopic.php?f=13&t=152707
Obsah Additional.txt muzes vlozit rovnou sem do vlakna.


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Prosím o preventivku
PříspěvekNapsal: 04 pro 2017 18:07 
Offline
Návštěvník
Návštěvník

Registrován: 12 kvě 2012 21:39
Příspěvky: 72
Okej, nech sa páči:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by gk (administrator) on CRESSIS-PC (04-12-2017 18:03:13)
Running from C:\Users\gk\Downloads
Loaded Profiles: gk (Available Profiles: gk)
Platform: Windows 10 Pro Version 1511 10586.1176 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(IDRIX) C:\Program Files\VeraCrypt\VeraCrypt.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
() C:\Program Files (x86)\Wickr Inc\Wickr Me\WickrMe.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME}
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\Run: [uTorrent] => C:\Users\gk\AppData\Roaming\uTorrent\utorrent.exe [416168 2015-02-22] (BitTorrent, Inc.)
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-11-09] (Nota Inc.)
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-08-28] (Valve Corporation)
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [5489808 2016-10-18] (IDRIX)
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\Run: [Google Update] => C:\Users\gk\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-15] (Google Inc.)
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\Run: [Spotify Web Helper] => C:\Users\gk\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-09-03] (Spotify Ltd)
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\MountPoints2: {12d50361-fe79-11e5-bd69-902b34a042a8} - "J:\setup.exe"
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\MountPoints2: {e9e1a2b4-b276-11e6-bdb4-902b34a042a8} - "E:\Msetup4.exe"
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1670203971-3387094230-2352906352-1000] => 96.8.113.205:80
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{44271092-3330-43f6-b3af-ea4ff377627e}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{b94aa264-6208-4d47-908f-f7eb113ac7b7}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{f02b2819-6c00-426d-a45e-a6fa3602595f}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{f02b2819-6c00-426d-a45e-a6fa3602595f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 6jdrokv6.Cressis
FF ProfilePath: C:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\6jdrokv6.Cressis [2017-12-04]
FF NetworkProxy: Mozilla\Firefox\Profiles\6jdrokv6.Cressis -> backup.ftp", "172.245.253.20"
FF Extension: (Autofill) - C:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\6jdrokv6.Cressis\Extensions\firefox-autofill@googlegroups.com.xpi [2017-08-15] [Lagacy]
FF Extension: (Disable WebRTC) - C:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\6jdrokv6.Cressis\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2017-11-24]
FF Extension: (Adblock Plus) - C:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\6jdrokv6.Cressis\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1670203971-3387094230-2352906352-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\gk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1670203971-3387094230-2352906352-1000: @talk.google.com/O1DPlugin -> C:\Users\gk\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1670203971-3387094230-2352906352-1000: @tools.google.com/Google Update;version=3 -> C:\Users\gk\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1670203971-3387094230-2352906352-1000: @tools.google.com/Google Update;version=9 -> C:\Users\gk\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\gk\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\gk\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR Profile: C:\Users\gk\AppData\Local\Google\Chrome\User Data\Default [2017-12-03]
CHR Extension: (Prezentácie) - C:\Users\gk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-21]
CHR Extension: (Dokumenty) - C:\Users\gk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-21]
CHR Extension: (Disk Google) - C:\Users\gk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (YouTube) - C:\Users\gk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10]
CHR Extension: (Adblock Plus) - C:\Users\gk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (Open options.) - C:\Users\gk\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiadekoaikejlgdbkbdfeijglgfdalml [2017-11-28]
CHR Extension: (Tabuľky) - C:\Users\gk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-21]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\gk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\gk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\gk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\gk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-17]

Opera:
=======
OPR Extension: (rentamob) - C:\Users\gk\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjabaljgaabcnmcoalhaldkmcfbojkkb [2017-12-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1547200 2017-10-30] ()
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-08-02] (BlueStack Systems, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-07-05] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2771848 2016-11-12] (ESET)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [473088 2016-06-27] (Livescribe) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-07-25] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-14] (Sandboxie Holdings, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803952 2017-11-09] (TeamViewer GmbH)
S2 VeraCryptSystemFavorites; C:\WINDOWS\system32\VeraCrypt.exe [5489808 2016-10-18] (IDRIX)
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5663824 2016-06-06] (RealVNC Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-09-05] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe [473824 2017-05-05] (Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe [119008 2017-06-28] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [262792 2016-11-12] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-10-07] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [197248 2016-11-12] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [153216 2016-11-12] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [208520 2016-11-12] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [61568 2016-11-12] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [84616 2016-11-12] (ESET)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-11-18] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-14] (Sandboxie Holdings, LLC)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [195936 2016-09-12] (Oracle Corporation)
R0 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [467368 2016-10-18] (IDRIX)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-04 18:03 - 2017-12-04 18:03 - 000017092 _____ C:\Users\gk\Downloads\FRST.txt
2017-12-04 18:02 - 2017-12-04 18:03 - 000000000 ____D C:\FRST
2017-12-04 17:59 - 2017-12-04 17:59 - 002391552 _____ (Farbar) C:\Users\gk\Downloads\FRST64.exe
2017-12-03 19:26 - 2017-12-03 19:27 - 008187336 _____ (Malwarebytes) C:\Users\gk\Downloads\adwcleaner_7.0.5.0.exe
2017-12-03 15:25 - 2017-12-03 15:25 - 000101026 _____ C:\Users\gk\Downloads\ebookrysko.pdf
2017-12-03 01:57 - 2017-12-03 01:57 - 000000000 ____D C:\rsit
2017-12-03 01:57 - 2017-12-03 01:57 - 000000000 ____D C:\Program Files\trend micro
2017-12-03 01:36 - 2017-12-03 01:36 - 001222144 _____ C:\Users\gk\Downloads\RSITx64.exe
2017-12-03 00:41 - 2017-12-03 00:41 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WickrMe.lnk
2017-12-03 00:41 - 2017-12-03 00:41 - 000002073 _____ C:\Users\Public\Desktop\WickrMe.lnk
2017-12-03 00:41 - 2017-12-03 00:41 - 000000000 ____D C:\Users\gk\AppData\Roaming\Wickr, LLC
2017-12-03 00:41 - 2017-12-03 00:41 - 000000000 ____D C:\Users\gk\AppData\Local\cache
2017-12-03 00:41 - 2017-12-03 00:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WickrMe
2017-12-03 00:41 - 2017-12-03 00:41 - 000000000 ____D C:\Program Files (x86)\Wickr Inc
2017-12-03 00:39 - 2017-12-03 00:40 - 080939008 _____ C:\Users\gk\Downloads\WickrMe-4.15.2.msi
2017-12-02 18:32 - 2017-12-02 18:32 - 001266968 _____ (Opera Software) C:\Users\gk\Downloads\OperaSetup.exe
2017-12-01 19:13 - 2017-12-01 19:13 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2017-11-30 09:09 - 2017-11-30 09:11 - 265008522 _____ C:\Users\gk\Downloads\Acura TSX(1).zip
2017-11-29 21:11 - 2017-11-29 21:11 - 000504832 _____ C:\Users\gk\Downloads\Logitech Killer(1).exe
2017-11-28 17:34 - 2017-11-28 17:34 - 000072188 _____ C:\Users\gk\Downloads\19874874438001_20171128_1729.pdf
2017-11-18 16:25 - 2017-11-18 16:25 - 000000022 _____ C:\WINDOWS\S.dirmngr
2017-11-17 13:57 - 2017-11-17 13:57 - 001821338 _____ C:\Users\gk\Downloads\sk_web_vianocna-otvaracia-doba-2016.pdf
2017-11-17 13:25 - 2017-10-16 05:48 - 000508760 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-17 13:25 - 2017-10-16 04:56 - 002032472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-17 13:25 - 2017-10-16 04:56 - 001578848 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-17 13:25 - 2017-10-16 04:56 - 000678752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-17 13:25 - 2017-10-16 04:56 - 000613720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-17 13:25 - 2017-10-16 04:56 - 000612192 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-17 13:25 - 2017-10-16 04:56 - 000379232 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-17 13:25 - 2017-10-16 04:56 - 000250208 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-17 13:25 - 2017-10-16 04:56 - 000190296 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-17 13:25 - 2017-10-16 04:56 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-16 18:16 - 2017-11-16 22:34 - 000000000 ____D C:\Users\gk\Desktop\listky
2017-11-16 18:08 - 2017-11-16 18:08 - 000251905 _____ C:\Users\gk\Downloads\HOMEticket_2527407.pdf
2017-11-13 14:53 - 2017-11-13 14:53 - 000504832 _____ C:\Users\gk\Downloads\Logitech Killer.exe
2017-11-13 13:27 - 2017-11-13 13:27 - 000311240 _____ (Mozilla) C:\Users\gk\Downloads\Firefox Installer.exe
2017-11-12 04:04 - 2017-11-12 04:04 - 003979109 _____ C:\Users\gk\Downloads\fuck amazon.pdf
2017-11-12 03:42 - 2017-11-12 03:42 - 003917279 _____ C:\Users\gk\Downloads\Fuck Amazon [SE'ing Amazon] -WaarNN on Nulled-.pdf
2017-11-04 17:09 - 2017-11-04 17:09 - 000000000 ___HD C:\ProgramData\CanonIJMyPrinter
2017-11-04 17:09 - 2017-11-04 17:09 - 000000000 ___HD C:\ProgramData\CanonIJEGV
2017-11-04 17:04 - 2017-11-04 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series User Registration
2017-11-04 16:36 - 2017-11-04 16:36 - 000002152 _____ C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2017-11-04 16:35 - 2017-11-04 16:35 - 000000000 ____D C:\Program Files\Canon
2017-11-04 16:34 - 2017-11-04 16:34 - 000002433 _____ C:\Users\Public\Desktop\Canon MP280 series On-screen Manual.lnk
2017-11-04 16:34 - 2017-11-04 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-04 18:03 - 2016-11-16 17:01 - 000000000 ____D C:\Users\gk\AppData\LocalLow\Mozilla
2017-12-04 16:23 - 2016-08-14 14:52 - 000000000 ____D C:\Users\gk\.VirtualBox
2017-12-04 16:09 - 2016-04-09 22:49 - 000000000 ____D C:\Users\gk\AppData\Roaming\Skype
2017-12-04 15:45 - 2016-04-10 18:54 - 000004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4583056F-4A9A-4587-B7D6-EF4D6BFFC904}
2017-12-04 15:44 - 2016-09-06 12:34 - 000000000 ____D C:\Users\gk\AppData\Local\Adobe
2017-12-04 15:44 - 2015-10-30 08:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-03 22:36 - 2016-09-25 17:12 - 000024832 _____ C:\Users\gk\Desktop\HfScam.txt
2017-12-03 22:32 - 2017-11-01 16:25 - 000001998 _____ C:\Users\gk\Desktop\Philips.txt
2017-12-03 22:23 - 2016-04-09 23:14 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-12-03 19:31 - 2017-06-14 16:34 - 000000000 ____D C:\AdwCleaner
2017-12-03 16:56 - 2016-04-09 22:57 - 000000000 ____D C:\Users\gk\AppData\Roaming\.purple
2017-12-03 00:42 - 2016-09-02 02:10 - 000000000 ____D C:\Users\gk\AppData\Local\Wickr, LLC
2017-12-02 18:32 - 2016-07-19 17:24 - 000003956 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1468945487
2017-12-02 18:32 - 2016-07-19 17:24 - 000000000 ____D C:\Program Files (x86)\Opera
2017-12-02 16:27 - 2016-07-19 22:06 - 000001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2017-12-02 16:27 - 2016-07-19 22:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-30 19:50 - 2017-10-11 21:45 - 000004277 _____ C:\Users\gk\Desktop\amazon2.txt
2017-11-29 22:17 - 2017-09-07 15:25 - 000005961 _____ C:\Users\gk\Desktop\SE Logitech.txt
2017-11-29 20:56 - 2016-05-25 20:52 - 001422336 ___SH C:\Users\gk\Downloads\Thumbs.db
2017-11-29 17:34 - 2015-10-30 08:21 - 000000000 ____D C:\WINDOWS\INF
2017-11-28 22:19 - 2016-04-09 19:19 - 002545664 ___SH C:\Users\gk\Desktop\Thumbs.db
2017-11-28 17:09 - 2016-04-09 23:15 - 000000000 ____D C:\Users\gk\AppData\Roaming\TeamViewer
2017-11-26 03:12 - 2017-10-24 21:45 - 000000000 ____D C:\Users\gk\AppData\Local\lazarus
2017-11-26 03:10 - 2017-10-24 21:45 - 000000000 ____D C:\Users\gk\Desktop\Lazarus
2017-11-26 01:27 - 2017-04-16 19:33 - 000001261 _____ C:\Users\gk\Desktop\nativelog.txt
2017-11-26 01:17 - 2016-04-10 17:34 - 000000000 ____D C:\Users\gk\AppData\Roaming\.minecraft
2017-11-23 22:19 - 2016-07-19 17:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-23 16:56 - 2015-10-30 08:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-21 22:15 - 2016-05-05 21:30 - 000002320 ____H C:\Users\gk\Documents\Default.rdp
2017-11-21 16:49 - 2016-04-27 18:09 - 000000000 ____D C:\Users\gk\AppData\Roaming\TS3Client
2017-11-19 15:00 - 2017-01-11 21:43 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-11-18 19:00 - 2016-04-09 15:05 - 000000000 ____D C:\Users\gk
2017-11-18 16:30 - 2016-04-09 15:11 - 001771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-18 16:30 - 2016-02-13 13:50 - 000740974 _____ C:\WINDOWS\system32\perfh005.dat
2017-11-18 16:30 - 2016-02-13 13:50 - 000150532 _____ C:\WINDOWS\system32\perfc005.dat
2017-11-18 16:25 - 2017-01-08 16:08 - 000251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-18 16:25 - 2016-02-13 14:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-18 16:24 - 2016-10-28 13:18 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-11-18 16:24 - 2015-10-30 07:28 - 000786432 ___SH C:\WINDOWS\system32\config\BBI
2017-11-18 16:23 - 2015-10-30 08:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-17 17:02 - 2017-11-01 18:19 - 000000000 ____D C:\Users\gk\Desktop\Philips
2017-11-17 13:25 - 2015-10-30 08:11 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-17 13:24 - 2017-07-21 13:10 - 000000000 ____D C:\Program Files\rempl
2017-11-16 22:19 - 2016-04-09 14:47 - 000000000 ____D C:\ESD
2017-11-16 22:18 - 2015-10-30 08:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-16 16:16 - 2017-06-21 21:00 - 000002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-16 16:16 - 2017-06-21 21:00 - 000002272 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-15 15:47 - 2017-06-21 20:59 - 000003454 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 15:47 - 2017-06-21 20:59 - 000003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-15 15:46 - 2016-09-22 20:52 - 000003712 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1670203971-3387094230-2352906352-1000UA
2017-11-15 15:46 - 2016-09-22 20:52 - 000003444 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1670203971-3387094230-2352906352-1000Core
2017-11-14 14:04 - 2017-08-21 22:06 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-14 14:04 - 2015-10-30 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 14:04 - 2015-10-30 08:24 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-13 19:10 - 2016-04-09 04:54 - 000079560 _____ C:\Users\gk\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-13 18:14 - 2016-07-19 22:06 - 000001044 _____ C:\Users\Public\Desktop\Firefox.lnk
2017-11-13 13:42 - 2016-04-13 14:27 - 000003512 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-11-13 13:42 - 2016-04-13 14:27 - 000003376 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-11-13 13:42 - 2016-04-13 14:27 - 000000000 ____D C:\Program Files (x86)\Gyazo
2017-11-13 13:28 - 2016-04-09 05:08 - 000000000 ____D C:\Users\gk\AppData\Roaming\Mozilla
2017-11-11 03:10 - 2016-09-25 14:15 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-11-07 15:02 - 2017-07-25 22:37 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1670203971-3387094230-2352906352-1000
2017-11-07 15:02 - 2016-04-09 16:07 - 000002402 _____ C:\Users\gk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 15:02 - 2016-04-09 16:07 - 000000000 ___RD C:\Users\gk\OneDrive
2017-11-04 21:21 - 2016-04-25 20:09 - 000000000 ____D C:\ProgramData\CanonIJPLM
2017-11-04 17:09 - 2016-04-25 20:01 - 000000000 ____D C:\Program Files (x86)\Canon
2017-11-04 17:09 - 2015-10-30 08:24 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-11-04 16:36 - 2016-04-25 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities

==================== Files in the root of some directories =======

2016-06-23 20:37 - 2016-06-23 21:17 - 000000600 _____ () C:\Users\gk\AppData\Roaming\winscp.rnd
2016-06-25 21:16 - 2016-06-25 21:16 - 000004608 _____ () C:\Users\gk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-23 20:30 - 2016-06-25 14:10 - 000000600 _____ () C:\Users\gk\AppData\Local\PUTTY.RND
2016-08-14 12:10 - 2016-08-14 12:10 - 000000751 _____ () C:\Users\gk\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2017-11-28 17:34 - 2014-01-06 15:20 - 009580608 _____ (Foxit Corporation) C:\Users\gk\AppData\Local\Temp\Foxit Reader Updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-29 19:26

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by gk (04-12-2017 18:03:56)
Running from C:\Users\gk\Downloads
Windows 10 Pro Version 1511 10586.1176 (X64) (2016-04-09 15:05:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1670203971-3387094230-2352906352-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1670203971-3387094230-2352906352-503 - Limited - Disabled)
gk (S-1-5-21-1670203971-3387094230-2352906352-1000 - Administrator - Enabled) => C:\Users\gk
Guest (S-1-5-21-1670203971-3387094230-2352906352-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1670203971-3387094230-2352906352-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personálny firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E4490157-303F-F06F-FB6E-D2053A43A182}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 6.0.2.0 - iMobie Inc.)
AnyTrans 4.4.2 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 4.4.2 - iMobie Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
AutoCAD 2011 - česky (HKLM\...\{5783F2D7-9001-0405-0102-0060B0CE6BBA}) (Version: 18.1.49.0 - Autodesk) Hidden
AutoCAD 2011 - česky (HKLM\...\AutoCAD 2011 - česky) (Version: 18.1.49.0 - Autodesk)
AutoCAD 2011 Language Pack - česky (HKLM\...\{5783F2D7-9001-0405-1102-0060B0CE6BBA}) (Version: 18.1.49.0 - Autodesk) Hidden
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.34.1574 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - )
Canon MP280 series User Registration (HKLM-x32\...\Canon MP280 series User Registration) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
City Car Driving Home Edition (HKLM\...\Q2l0eUNhckRyaXZpbmc=_is1) (Version: 1 - )
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\CopyTrans Suite) (Version: 4.006 - WindSolutions)
Cowon JetAudio 8.0.7 1000 Slovak language (HKLM-x32\...\Cowon JetAudio 8.0.7 1000 Slovak language) (Version: - )
Crossout Launcher 1.0.3.18 (HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\CrossOutLauncher_is1) (Version: - )
DoNotSpy10 (HKLM-x32\...\{32D066BD-F94C-4948-8FA8-84653EE9617E}_is1) (Version: 1.1.0.0 - pXc-coding.com)
dr.fone toolkit for iOS (Version 8.5.0) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 8.5.0.54 - Wondershare Technology Co.,Ltd.)
Echo Desktop (HKLM-x32\...\Echo Desktop 3.0.4) (Version: 3.0.4 - Livescribe Inc)
Epic Games Launcher (HKLM-x32\...\{6F15D7C1-3079-4135-B8E9-8D3EA033EE3A}) (Version: 1.1.129.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Smart Security (HKLM\...\{B143CA3D-920D-45AB-B561-14DC141131E7}) (Version: 9.0.374.1 - ESET, spol. s r.o.)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology) Hidden
Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version: - Ubisoft)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Spoločnosť Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gpg4win (2.3.2) (HKLM-x32\...\GPG4Win) (Version: 2.3.2 - The Gpg4win Project)
Gyazo 3.3.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Havij 1.17 Pro (HKLM-x32\...\Havij_is1) (Version: - ITSecTeam)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iSkysoft TunesOver ( Version 3.9.3 ) (HKLM-x32\...\{84A89F3A-B59A-4324-8598-3611853769C8}_is1) (Version: 3.9.3 - iSkysoft)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
jetAudio Plus VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.15 - COWON)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lazarus 1.6.4 (HKLM\...\lazarus_is1) (Version: 1.6.4 - Lazarus Team)
Malwarebytes verzia 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 58.0 (x64 cs) (HKLM\...\Mozilla Firefox 58.0 (x64 cs)) (Version: 58.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Opera Stable 49.0.2725.47 (HKLM-x32\...\Opera 49.0.2725.47) (Version: 49.0.2725.47 - Opera Software)
Oracle VM VirtualBox 5.1.6 (HKLM\...\{EEDDD7E2-A7A2-4FA9-8C32-ADB29A5096FF}) (Version: 5.1.6 - Oracle Corporation)
osu! (HKLM-x32\...\{0a651c54-fe01-4adb-8541-2668515c1baf}) (Version: latest - ppy Pty Ltd)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.12 - )
pidgin-otr 4.0.2 (HKLM-x32\...\pidgin-otr) (Version: 4.0.2 - Cypherpunks CA)
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Profili 2 (HKLM-x32\...\Profili 2) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Sandboxie 5.12 (64-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.88438 - TeamViewer)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
UltraVnc (HKLM-x32\...\Ultravnc2_is1) (Version: 1.2.1.1 - uvnc bvba)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{61702639-6539-473A-8FE5-618E194C0069}) (Version: 2.7.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 37.0 - Ubisoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.19 - IDRIX)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VirtualDJ 8 (HKLM-x32\...\{AC964E48-8E21-4622-9073-AD42BC6A57B1}) (Version: 8.2.3343.0 - Atomix Productions)
VNC Server 5.3.2 (HKLM\...\{BD3BF59A-3CD6-49B3-A166-E57BF55FF959}) (Version: 5.3.2.19179 - RealVNC Ltd)
VNC Viewer 5.3.2 (HKLM\...\{F10020E5-D194-469E-B494-DDCE5D76A3A0}) (Version: 5.3.2.19179 - RealVNC Ltd)
WickrMe (HKLM-x32\...\{BE168138-A0B4-4F37-A0C6-3FA298610A27}) (Version: 4.15.2 - Wickr Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.31 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1670203971-3387094230-2352906352-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\gk\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1670203971-3387094230-2352906352-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1670203971-3387094230-2352906352-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\gk\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1670203971-3387094230-2352906352-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1670203971-3387094230-2352906352-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1670203971-3387094230-2352906352-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2011\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1670203971-3387094230-2352906352-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\gk\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2010-02-10] (Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2010-02-10] (Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2016-11-12] (ESET)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2013-12-10] (Foxit Corporation)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-07-05] (g10 Code GmbH)
ContextMenuHandlers1: [RhinoShExt] -> {C81DCBCA-8AE2-41FC-9C39-78B160393210} => -> No File
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2016-11-12] (ESET)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files (x86)\JetAudio\JetFlExt64.dll [2011-06-15] (JetAudio)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-07-05] (g10 Code GmbH)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2016-11-12] (ESET)
ContextMenuHandlers6: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files (x86)\JetAudio\JetFlExt64.dll [2011-06-15] (JetAudio)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {010E3F3D-3410-4418-BA9A-1D592B922B23} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {01204497-936E-4CE7-8013-3F34D5787328} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0A156770-B03D-40AA-A085-73354FB28D6F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0F966165-527F-4D44-B6CA-13EBAF154289} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {14D8983E-E2CD-4FDC-80FC-9847B7D3F20A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {179D3895-8061-4BA7-AA2E-0E2C4760ACB3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1B495F60-582A-495A-8E4F-BC22FBC383ED} - System32\Tasks\{5CF3EAB8-6E69-4930-8779-43C96EF5E0DA} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.23.0.105/sk/ ... rogressBar
Task: {2182747A-2B0A-4A23-B0AB-4017A530EC80} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {24F49A64-C944-42BB-96A2-B6AC71FF9F33} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3909509D-ECA5-4D8F-99B4-7110E4124706} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {40AB526A-83CF-4971-BECF-A11411899DA1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {504836E4-A57C-4664-A99C-9A77C223EFB6} - System32\Tasks\Opera scheduled Autoupdate 1468945487 => C:\Program Files (x86)\Opera\launcher.exe [2017-11-23] (Opera Software)
Task: {602A6EAA-25E0-4230-B617-ECD40010E0F2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6921230A-E789-4134-BE6E-2BCF2D5D935C} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-10-03] ()
Task: {6B482507-FE04-4E05-A76E-982ACFB0F9D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-21] (Google Inc.)
Task: {702BBA85-5775-411D-9B4D-7817D4CAFF4D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1670203971-3387094230-2352906352-1000Core => C:\Users\gk\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {7920224D-4B9A-4F8D-922C-A239D2BA01F5} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {81C12F3E-3E69-4F8D-8FA7-BBB23D717357} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {84D0D430-BDE0-4FDC-9A58-3B0390BD9E97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-21] (Google Inc.)
Task: {8CDEEE52-2233-4ECE-A4A2-4E95B0216298} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {94FFB6D2-6405-43AB-ABA9-45387EF474F6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9968E7BF-D654-495A-A476-D368AA7AE097} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {A71ADF90-D7B8-4E8D-A2FB-142CFA51333A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A8278078-86CD-4CAA-8443-0B46D7C86011} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AEA720CE-C144-4F75-BD15-DF0675691A86} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B4715BB0-529E-49E3-A9C3-D504C99C0A1A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {B91844C7-8868-48DE-838C-42C96E2D60D4} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)
Task: {CCE1443B-2A69-4DFC-A92E-583BA9BA177C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {D4A1D813-19EB-4115-9336-E313AB7AB689} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D4CF3154-D06A-4EC1-B6D5-38FFB54F37F6} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-10-03] ()
Task: {D5A190E4-FA2B-41A3-B4E6-EE5F3D4D6F69} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1670203971-3387094230-2352906352-1000UA => C:\Users\gk\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {E186DAC4-0401-4052-A1C9-D1D814243F1F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {EB5792AD-5521-4BC8-9F90-986CA0166E51} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {EB7591EE-5D50-4AAD-A20F-9408E14BB2A6} - System32\Tasks\AdobeAAMUpdater-1.0-CRESSIS-PC-gk => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-25] (Adobe Systems Incorporated)
Task: {F7457CFE-7FFF-42F4-B323-D000A12DB4D0} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FB562590-C599-4145-B5B9-051913384ABB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\gk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\gk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com

==================== Loaded Modules (Whitelisted) ==============

2016-10-05 17:17 - 2016-10-05 17:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-08 23:44 - 2017-05-08 23:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-25 20:09 - 2010-04-05 20:55 - 000116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-07-05 11:50 - 2016-07-05 11:50 - 000216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2017-07-25 01:23 - 2017-07-25 01:23 - 000076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-01-08 16:08 - 2017-04-19 14:44 - 002271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-14 22:30 - 2017-03-04 06:31 - 000185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-14 18:10 - 2017-09-05 10:31 - 002656960 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 01:59 - 2016-09-14 01:59 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 01:59 - 2016-09-14 01:59 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-02-13 13:53 - 2016-02-13 13:53 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 23:53 - 2016-07-01 04:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-04-12 06:58 - 2017-03-28 08:19 - 000674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2017-11-27 19:03 - 2017-11-27 19:03 - 024206224 _____ () C:\Program Files (x86)\Wickr Inc\Wickr Me\WickrMe.exe
2016-04-19 11:53 - 2016-04-19 11:53 - 000144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2017-03-14 22:30 - 2017-03-04 04:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 22:30 - 2017-03-04 04:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-14 18:10 - 2017-09-05 05:03 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-09-14 18:10 - 2017-09-05 05:06 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-23 19:39 - 2017-05-23 19:40 - 003918848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-07-05 11:38 - 2016-07-05 11:38 - 000222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2016-07-05 11:38 - 2016-07-05 11:38 - 000073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2016-07-05 11:27 - 2016-07-05 11:27 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2016-07-05 11:41 - 2016-07-05 11:41 - 000750592 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2016-07-05 11:32 - 2016-07-05 11:32 - 000103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2016-06-27 21:58 - 2016-06-27 21:58 - 000275968 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-11-27 19:03 - 2017-11-27 19:03 - 000705536 _____ () C:\Program Files (x86)\Wickr Inc\Wickr Me\CFLite.dll
2017-11-27 19:03 - 2017-11-27 19:03 - 004567552 _____ () C:\Program Files (x86)\Wickr Inc\Wickr Me\NPL.dll
2017-11-27 19:03 - 2017-11-27 19:03 - 000943104 _____ () C:\Program Files (x86)\Wickr Inc\Wickr Me\WickrCore.dll
2017-11-27 19:03 - 2017-11-27 19:03 - 000666112 _____ () C:\Program Files (x86)\Wickr Inc\Wickr Me\wmmigrator.dll
2017-11-27 19:03 - 2017-11-27 19:03 - 000020992 _____ () C:\Program Files (x86)\Wickr Inc\Wickr Me\cjson.dll
2016-04-19 11:53 - 2016-04-19 11:53 - 000141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 11:53 - 2016-04-19 11:53 - 022284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VeraCryptSystemFavorites => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VeraCryptSystemFavorites => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-09-06 12:50 - 000003638 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 s0.2mdn.net
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 view.atdmt.com
0.0.0.0 watson.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 compatexchange.cloudapp.net

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SilentCleanService"
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{38FEAF7E-7F56-415E-8787-4CC64C43CA1B}] => (Block) C:\Windows\explorer.exe
FirewallRules: [TCP Query User{146B82F1-2A49-4AE8-89CB-FC44232E1DF4}C:\users\gk\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gk\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{6228C55C-F920-434C-9BAE-B27DCAE70560}C:\users\gk\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gk\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{D3B117D0-D3D2-4E1F-8089-5D6B9CB16496}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7611C661-499C-4B65-A0E4-07A58D9373D5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4B55BAA8-5CF6-4F05-8B91-C8D38FF02DF0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D616F8DD-1A32-4CF6-BE64-B69B82D51678}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7676CFEC-B0D7-4D3D-AC5A-2F56334D5552}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{027BEF92-EA7D-48E6-A8A1-71E36ECBD711}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7B2EDBA7-7722-40E5-9E70-A3C90DD17256}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{BBD1456B-DF9F-4C27-9A6A-9514106896F3}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{9A2B8B0C-96F9-4F7A-802D-047E43326934}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{73AB6150-9AAA-4EDB-A938-61F34818B0FD}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{F831D16B-65B9-41B1-9F8C-B1372A2F2FD7}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{115D0EB7-E4AB-4EC3-9E4A-F64D98575AE1}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{7BBED275-08CB-4C4A-BB36-8D3775ABAD12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C45D4D73-F9C4-4758-B626-74C6BECA7B63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A43604A2-16EF-42F1-AE94-4C88E969BC53}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{61B78AC9-7E83-474D-80F9-9A2149A5F866}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5488B6BB-C9F2-4CA2-AA9B-5FDB18CE7D35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3F26F89D-ACE9-4857-B926-0FF47F446E9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{44D1E70B-05EF-45D4-BA5F-B705639F0E8D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D0617BE1-3093-4953-9E6B-59934B2B107B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2D99E756-1F6A-4B28-8AB7-02F92CCBE078}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{E38AC366-4539-4AFB-BEA4-C2796740961B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{F3C53D85-168A-4772-BEBE-BF009975FCD1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{782D9083-3821-4A3F-BDC5-16C16A3641CE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A3AE2D4D-6B4C-4F98-9CFF-332B5A5B7BF4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{80CC4220-64CF-4AD1-B897-531379681C44}C:\users\gk\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gk\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0C4144F2-DD9A-40A3-A7AF-43A59E3E79EE}C:\users\gk\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gk\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{03B280C3-B41D-489B-9581-56123ACB8B10}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0B275405-2BAE-4929-8B8A-628121A2AD15}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C01F9C44-1AC5-4C2C-B5BA-1D35EA9D149E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{54989006-BD25-4A88-817B-B13CCCEB2C5E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7090A70B-D3FB-4535-A92A-5153566D5167}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{76F98431-BADC-4E37-84BD-9812C4C3C8BA}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [{E3952245-513B-4FC9-99D6-CFC097E052D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{29F81DBF-771B-49DA-9E1D-37BFD3BC6445}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8C20EB80-7A16-4191-9604-AB1BA4280369}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{05B3DA40-1B95-4E97-99B6-23B1953B5A39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6E0A195D-421C-48AE-9ED0-15EA511B3588}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4AF63ACF-0B18-4F39-8B50-0D2F512BEF38}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{53C90C9B-6A3A-426B-AAC9-4FC19CC430B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2855BC15-F745-4830-8615-370AFF707ADC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{12E41964-3511-4980-86C8-145B03F608BF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C829ECA1-A989-4654-A29A-FD61C2952445}] => (Allow) C:\Program Files (x86)\Opera\49.0.2725.47\opera.exe
FirewallRules: [{A48BC959-F50D-4088-A54B-010954718DA8}] => (Allow) C:\Program Files (x86)\Opera\49.0.2725.47_0\opera.exe

==================== Restore Points =========================

17-11-2017 13:24:25 Windows Update
26-11-2017 15:33:25 Naplánovaný kontrolní bod
01-12-2017 19:13:32 Windows Update
03-12-2017 00:40:59 Installed WickrMe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2017 12:41:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (12/01/2017 07:13:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (11/29/2017 11:53:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRESSIS-PC)
Description: Aktivácia aplikácie Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI zlyhala pre chybu: -2144927141 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.

Error: (11/26/2017 03:33:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (11/25/2017 08:22:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRESSIS-PC)
Description: Aktivácia aplikácie Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI zlyhala pre chybu: -2144927141 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.

Error: (11/17/2017 01:24:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (11/11/2017 03:11:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (11/11/2017 04:12:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 56.0.2.6506 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1700

Start Time: 01d35a8fcbd0ab89

Termination Time: 4915

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 1caeee45-c68e-11e7-be16-902b34a042a8

Faulting package full name:

Faulting package-relative application ID:

Error: (11/04/2017 05:07:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: svchost.exe_stisvc, verzia: 10.0.10586.0, časová značka: 0x5632d7ba
Názov chybujúceho modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000000000000000
Identifikácia chybujúceho procesu: 0x9a0
Čas spustenia chybujúcej aplikácie: 0x01d355870ce8dd0f
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\svchost.exe
Cesta chybujúceho modulu: unknown
Identifikácia hlásenia: 94a0ab27-c50e-4ac9-9576-a07ade956f33
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (11/03/2017 08:28:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.


System errors:
=============
Error: (12/04/2017 03:44:48 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer PC-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{75B6A4D7-4914-4943-BA00-5B1C33EA64EB}.
The master browser is stopping or an election is being forced.

Error: (12/03/2017 10:36:44 PM) (Source: DCOM) (EventID: 10010) (User: CRESSIS-PC)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (12/03/2017 10:36:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_adb1d97 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 10000 ms bude vykonaná nasledujúca opravná akcia: Restartovat službu.

Error: (12/03/2017 10:22:55 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Apple Mobile Device Ethernet, {C2A3F1C5-C01F-4FF8-9D7B-9820A5A4E333}, had event 76

Error: (12/03/2017 03:45:00 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer PC-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{75B6A4D7-4914-4943-BA00-5B1C33EA64EB}.
The master browser is stopping or an election is being forced.

Error: (12/03/2017 02:06:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_a518015 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 10000 ms bude vykonaná nasledujúca opravná akcia: Restartovat službu.

Error: (12/03/2017 01:42:24 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ADAM-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{75B6A4D7-4914-4943-BA00-5B1C33EA64EB}.
The master browser is stopping or an election is being forced.

Error: (12/02/2017 08:17:43 PM) (Source: DCOM) (EventID: 10010) (User: CRESSIS-PC)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (12/02/2017 08:17:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_9c6c4a8 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 10000 ms bude vykonaná nasledujúca opravná akcia: Restartovat službu.

Error: (12/02/2017 05:01:08 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer PC-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{75B6A4D7-4914-4943-BA00-5B1C33EA64EB}.
The master browser is stopping or an election is being forced.


CodeIntegrity:
===================================
Date: 2017-12-04 18:04:07.601
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-04 18:04:07.580
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-04 17:44:05.106
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-04 17:44:05.089
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-04 17:41:50.588
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-04 17:41:50.571
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-04 17:41:49.853
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-04 17:41:49.834
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-04 17:41:49.028
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-04 17:41:49.010
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 27%
Total physical RAM: 8189.39 MB
Available physical RAM: 5904.78 MB
Total Virtual: 16381.39 MB
Available Virtual: 13767.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:166.8 GB) (Free:6.25 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Nový svazek) (Fixed) (Total:465.76 GB) (Free:271.04 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (CANON_IJ) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: 10185D91)
Partition 1: (Active) - (Size=166.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 927102DA)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Prosím o preventivku
PříspěvekNapsal: 05 pro 2017 08:36 
Offline
Rádce
Rádce

Registrován: 30 kvě 2008 12:11
Příspěvky: 654
Zdravím!
Spusť tuto utilitu:

Citace:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Prosím o preventivku
PříspěvekNapsal: 05 pro 2017 19:30 
Offline
Návštěvník
Návštěvník

Registrován: 12 kvě 2012 21:39
Příspěvky: 72
# AdwCleaner 7.0.5.0 - Logfile created on Tue Dec 05 18:26:11 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 12-04-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1354 B] - [2017/6/14 15:35:59]
C:/AdwCleaner/AdwCleaner[S1].txt - [1012 B] - [2017/12/3 18:31:7]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Prosím o preventivku
PříspěvekNapsal: 05 pro 2017 19:44 
Offline
Rádce
Rádce

Registrován: 30 kvě 2008 12:11
Příspěvky: 654
muzes mi sem zkopirovat tento log prosim:
C:/AdwCleaner/AdwCleaner[S1].txt - [1012 B] - [2017/12/3 18:31:7]


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Prosím o preventivku
PříspěvekNapsal: 06 pro 2017 14:50 
Offline
Návštěvník
Návštěvník

Registrován: 12 kvě 2012 21:39
Příspěvky: 72
# AdwCleaner 7.0.5.0 - Logfile created on Sun Dec 03 18:31:07 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 11-29-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1354 B] - [2017/6/14 15:35:59]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Prosím o preventivku
PříspěvekNapsal: 06 pro 2017 15:08 
Offline
Rádce
Rádce

Registrován: 30 kvě 2008 12:11
Příspěvky: 654
Mozna by neuskodilo aktualizovat javu.

Na plose, tam kde mas umisteny FRST vytvor TXT soubor, ktery pojmenujes fixlist.txt a do nej vloz nasledujici text:

( Spusť znovu FRST a klikni na >Fix<. Po skončení akce se objeví log, který sem zkopíruj).

Citace:
start
CreateRestorePoint:

CloseProcesses:

Hosts:

EmptyTemp:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\MountPoints2: {12d50361-fe79-11e5-bd69-902b34a042a8} - "J:\setup.exe"
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\MountPoints2: {e9e1a2b4-b276-11e6-bdb4-902b34a042a8} - "E:\Msetup4.exe"
GroupPolicy: Restriction <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1670203971-3387094230-2352906352-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\gk\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [RhinoShExt] -> {C81DCBCA-8AE2-41FC-9C39-78B160393210} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
Task: {1B495F60-582A-495A-8E4F-BC22FBC383ED} - System32\Tasks\{5CF3EAB8-6E69-4930-8779-43C96EF5E0DA} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.23.0.105/sk/ ... rogressBar
Task: {6B482507-FE04-4E05-A76E-982ACFB0F9D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-21] (Google Inc.)
Task: {84D0D430-BDE0-4FDC-9A58-3B0390BD9E97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-21] (Google Inc.)
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
end


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Prosím o preventivku
PříspěvekNapsal: 06 pro 2017 22:29 
Offline
Návštěvník
Návštěvník

Registrován: 12 kvě 2012 21:39
Příspěvky: 72
Okej, btw PC ide niekedy pomalsie, hlavne Firefox, (lagy a tak)..


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Prosím o preventivku
PříspěvekNapsal: 06 pro 2017 23:46 
Offline
Návštěvník
Návštěvník

Registrován: 12 kvě 2012 21:39
Příspěvky: 72
Fix result of Farbar Recovery Scan Tool (x64) Version: 06-12-2017
Ran by gk (06-12-2017 23:34:53) Run:1
Running from C:\Users\gk\Desktop
Loaded Profiles: gk (Available Profiles: gk)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:

CloseProcesses:

Hosts:

EmptyTemp:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\MountPoints2: {12d50361-fe79-11e5-bd69-902b34a042a8} - "J:\setup.exe"
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\...\MountPoints2: {e9e1a2b4-b276-11e6-bdb4-902b34a042a8} - "E:\Msetup4.exe"
GroupPolicy: Restriction <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1670203971-3387094230-2352906352-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\gk\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [RhinoShExt] -> {C81DCBCA-8AE2-41FC-9C39-78B160393210} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
Task: {1B495F60-582A-495A-8E4F-BC22FBC383ED} - System32\Tasks\{5CF3EAB8-6E69-4930-8779-43C96EF5E0DA} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.23.0.105/sk/ ... rogressBar
Task: {6B482507-FE04-4E05-A76E-982ACFB0F9D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-21] (Google Inc.)
Task: {84D0D430-BDE0-4FDC-9A58-3B0390BD9E97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-21] (Google Inc.)
HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12d50361-fe79-11e5-bd69-902b34a042a8}" => removed successfully
HKLM\Software\Classes\CLSID\{12d50361-fe79-11e5-bd69-902b34a042a8} => key not found
"HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9e1a2b4-b276-11e6-bdb4-902b34a042a8}" => removed successfully
HKLM\Software\Classes\CLSID\{e9e1a2b4-b276-11e6-bdb4-902b34a042a8} => key not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-1670203971-3387094230-2352906352-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => key not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64" => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => key not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\RhinoShExt" => removed successfully
HKLM\Software\Classes\CLSID\{C81DCBCA-8AE2-41FC-9C39-78B160393210} => key not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C}" => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => key not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B495F60-582A-495A-8E4F-BC22FBC383ED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B495F60-582A-495A-8E4F-BC22FBC383ED}" => removed successfully
C:\WINDOWS\System32\Tasks\{5CF3EAB8-6E69-4930-8779-43C96EF5E0DA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5CF3EAB8-6E69-4930-8779-43C96EF5E0DA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B482507-FE04-4E05-A76E-982ACFB0F9D5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B482507-FE04-4E05-A76E-982ACFB0F9D5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84D0D430-BDE0-4FDC-9A58-3B0390BD9E97}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84D0D430-BDE0-4FDC-9A58-3B0390BD9E97}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\Software\Classes\AutoCADScriptFile" => removed successfully
"HKU\S-1-5-21-1670203971-3387094230-2352906352-1000\Software\Classes\.scr" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1947321 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22724736 B
Java, Flash, Steam htmlcache => 359229883 B
Windows/system/drivers => 24183 B
Edge => 0 B
Chrome => 53959732 B
Firefox => 376599792 B
Opera => 28995157 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 1280 B
gk => 47144712 B

RecycleBin => 1128879 B
EmptyTemp: => 850.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:36:14 ====


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Prosím o preventivku
PříspěvekNapsal: 07 pro 2017 12:03 
Offline
Rádce
Rádce

Registrován: 30 kvě 2008 12:11
Příspěvky: 654
Muzes jeste zkusit tento tool MBAM: http://forum.viry.cz/viewtopic.php?f=29&t=144868
-Nainstaluj,dej úplný sken

-Log zkopíruj sem.


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Prosím o preventivku
PříspěvekNapsal: 27 pro 2017 22:18 
Offline
Rádce
Rádce

Registrován: 30 kvě 2008 12:11
Příspěvky: 654
:closed:


Nahoru
 Profil  
 
Zobrazit příspěvky za předchozí:  Seřadit podle  
Odeslat nové téma Toto téma je zamknuté. Nemůžete posílat nové příspěvky ani odpovídat na starší.  [ Příspěvků: 12 ] 

Všechny časy jsou v UTC + 1 hodina


Kdo je online

Uživatelé procházející toto fórum: Žádní registrovaní uživatelé


Nemůžete zakládat nová témata v tomto fóru
Nemůžete odpovídat v tomto fóru
Nemůžete upravovat své příspěvky v tomto fóru
Nemůžete mazat své příspěvky v tomto fóru
Nemůžete přikládat soubory v tomto fóru

Hledat:
Přejít na:  
Založeno na phpBB® Forum Software © phpBB Group
Český překlad – phpBB.cz
Přispějete na provoz fóra?
>