Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

vyskakuje mi po spustění tato hlaska

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Zdenislav
Návštěvník
Návštěvník
Příspěvky: 40
Registrován: 22 dub 2006 14:24

Re: vyskakuje mi po spustění tato hlaska

#16 Příspěvek od Zdenislav »

z toho chrome jsem je odebral nic už tam nemam

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Zdeněk (05-07-2018 22:41:57)
Running from C:\Users\Zdeněk\Desktop
Windows 10 Home Version 1803 17134.137 (X64) (2018-05-16 16:42:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2861560486-2024932042-3958806256-500 - Administrator - Disabled) => C:\Users\Administrator.acer
DefaultAccount (S-1-5-21-2861560486-2024932042-3958806256-503 - Limited - Disabled)
Guest (S-1-5-21-2861560486-2024932042-3958806256-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2861560486-2024932042-3958806256-504 - Limited - Disabled)
Zdeněk (S-1-5-21-2861560486-2024932042-3958806256-1001 - Administrator - Enabled) => C:\Users\Zdeněk

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{7565710A-C97D-44A4-A030-768957F9F2C1}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{F3B4320C-C72B-46B3-96D7-0C38E37388B8}) (Version: 2.8.0.7 - Intel) Hidden
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: - )
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
AGEIA PhysX v7.07.09 (HKLM-x32\...\{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 - AGEIA Technologies, Inc.)
Aktualizace NVIDIA 29.1.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 29.1.0.0 - NVIDIA Corporation) Hidden
Aloha TriPeaks (HKLM-x32\...\WTA-ded2756b-507b-451b-a178-9aeb1c2664af) (Version: 2.2.0.98 - WildTangent) Hidden
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Battlefield 1 (HKLM-x32\...\Battlefield 1_is1) (Version: 1.3.3 - EA DICE)
Bejeweled 2 Deluxe (HKLM-x32\...\WTA-c1c1d117-c164-4c47-aff2-6d1c12b2ad18) (Version: 2.2.0.95 - WildTangent) Hidden
Call of Duty Ghosts (HKLM-x32\...\Q2FsbG9mRHV0eUdob3N0cw==_is1) (Version: 1 - )
Call of Duty(R) 2 (HKLM-x32\...\{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.3 - Activision)
Call of Duty(R) 2 Patch 1.3 (HKLM-x32\...\{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}) (Version: 1.3 - ) Hidden
Call of Duty(R) 2 Patch 1.3 (HKLM-x32\...\{C13E90B0-4E1C-11DB-6784-0152EAA218BE}) (Version: 1.3 - Activision)
Call of Duty: WWII (HKLM\...\Y2FsbG9mZHV0eXd3aWk_is1) (Version: 1 - )
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CoD 2 čeština 1.1 (HKLM-x32\...\CoD 2 čeština_is1) (Version: - #'Pan[S[al!er!)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version: - )
DVDFab (x64) 10.0.8.4 (28/02/2018) (HKLM-x32\...\DVDFab 10(x64)) (Version: 10.0.8.4 - Fengtao Software Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Far Cry (HKLM-x32\...\{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ubisoft) Hidden
Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ubisoft)
Far Cry (Patch 1.3) (HKLM-x32\...\{21A127AE-2DAF-40B7-8374-34C3E629521C}) (Version: 1.00.0000 - Název společnosti:) Hidden
Far Cry (Patch 1.31) (HKLM-x32\...\{EE8592F6-FC2B-4AFD-B527-109D127C039F}) (Version: 1.00.0000 - Název společnosti:) Hidden
Far Cry (Patch 1.32 AMD64) (HKLM\...\{02A116A8-E559-488C-879C-B212F3EA963A}) (Version: 1.00.0000 - Ubisoft) Hidden
Far Cry (Patch 1.32) (HKLM-x32\...\{E47BA573-BBC4-40C1-8A7D-B25F2F2B0DAE}) (Version: 1.00.0000 - Název společnosti:) Hidden
Far Cry (Patch 1.33) (HKLM-x32\...\{3C662203-292F-4E9D-AE02-281071C06903}) (Version: 1.00.0000 - Název společnosti:) Hidden
Far Cry (Patch 1.4) (HKLM-x32\...\{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}) (Version: 1.00.0000 - Název společnosti:) Hidden
Far Cry 5 (HKLM-x32\...\Far Cry 5_is1) (Version: - )
Farm to Fork Collector's Edition (HKLM-x32\...\WTA-6d72c52b-e28f-4f5c-a476-6d9851a6ecc9) (Version: 3.0.2.59 - WildTangent) Hidden
FormatFactory 4.1.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.1.0.0 - Free Time)
Foxit PhantomPDF (HKLM-x32\...\{F74C595C-BEF2-4AF9-9C4E-68F3CD509C4D}) (Version: 6.0.120.609 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-c3e5a25e-b6f4-41e5-85d6-6fdf26914896) (Version: 3.0.2.59 - WildTangent) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )
Intel Processor Diagnostic Tool 64bit (HKLM\...\{D011AAF9-F756-43AB-8E91-47ADF0D86394}) (Version: 4.0.0.29 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{561b5fb5-1d4d-40e8-b3e4-ad52858b217c}) (Version: 2.4.0.7 - Intel)
Intel® Driver Update Utility (HKLM-x32\...\{b480f6cc-fa56-482b-b0a3-49d69a32db6d}) (Version: 2.8.0.7 - Intel)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-186e33b6-b742-448b-a0f8-3c8625286ddc) (Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (HKLM-x32\...\WTA-4425af4f-73a5-494e-9209-fdc955ea45f9) (Version: 3.0.2.48 - WildTangent) Hidden
LUXOR Evolved (HKLM-x32\...\WTA-59cf0432-1bfb-46f4-85d4-3eebf45c5b2b) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-2b951635-cf03-4f4f-8aaa-67e420e1fd71) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes verze 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Medal of Honor Airborne (HKLM-x32\...\{25F28E39-FDBB-11DB-8314-0800200C9A66}) (Version: 1.0.1.0 - Electronic Arts)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2861560486-2024932042-3958806256-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 60.0.2 (x64 cs)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.2.6730 - Mozilla)
Music Recorder (HKLM-x32\...\{F3949798-3544-433B-B5AB-A61F32F0386F}) (Version: 18.001.2 - Nero AG) Hidden
Nero 2017 (HKLM-x32\...\{18625598-62C3-4DBF-B1AA-3BD27395F7F5}) (Version: 18.0.05900 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 18.0.0011 - Nero AG)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
Ovládací panel NVIDIA 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 382.05 - NVIDIA Corporation) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Peggle Nights (HKLM-x32\...\WTA-35992e9e-cf96-4caa-b342-f58557e4e5cb) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-cae36700-19c7-4cab-bb24-ed68f24c27a6) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-6d80f542-3557-4ee8-beaa-3378b0d613a0) (Version: 3.0.2.59 - WildTangent) Hidden
Prerequisite installer (HKLM-x32\...\{EB511CD1-C87C-490D-A7B1-D6C47F57820F}) (Version: 18.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7260 - Realtek Semiconductor Corp.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Sniper Elite 3 Update v1.14 incl DLC (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.71503 - TeamViewer)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-092ae20c-2934-48b3-8615-f9de6d30016a) (Version: 3.0.2.51 - WildTangent) Hidden
The Sims 4 (HKLM-x32\...\The Sims 4_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Trinklit Supreme (HKLM-x32\...\WTA-39da2751-1031-489e-a9bc-fdfe1e897574) (Version: 2.2.0.98 - WildTangent) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
USB Disk Storage Format Tool 5.3 (HKLM\...\USB Disk Storage Format Tool_is1) (Version: - Authorsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
webiums modpack 0.9.20.0 v00 (HKLM-x32\...\{B64D8CE9-11B2-469D-A347-9A13C2BCA423}_is1) (Version: 00 - myWOTmods.com)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.13 - WildTangent) Hidden
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
XVM verze 6.7.4.1 (HKLM-x32\...\{2865cd27-6b8b-4413-8272-cd968f316050}_is1) (Version: 6.7.4.1 - XVM team)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
Zoner Photo Studio 18 (HKLM\...\ZonerPhotoStudio18_CZ_is1) (Version: 18.0.1.10 - ZONER software)
Zuma's Revenge (HKLM-x32\...\WTA-b76cad2e-21b6-4cf1-bd93-705c481a0560) (Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => D:\Instalace programu\FormatFactory\ShellEx64_103.dll [2013-06-17] (Free Time)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-05-14] (Foxit Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => D:\Instalace programu\FormatFactory\ShellEx64_103.dll [2013-06-17] (Free Time)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-19] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-12-19] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AFCB795-4961-4451-AFF5-C8927D59FED9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
Task: {0D8E0B74-A5AC-49ED-9CAB-534690A407AA} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-11] (Adobe Systems Incorporated)
Task: {161A5B67-712C-4622-84DE-D918BA4739F1} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {234B058A-B3B9-46A0-A1E1-70896F9A511A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
Task: {275034EA-7860-4583-B3F9-2BE5B10D34A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-10] (Google Inc.)
Task: {2E3BA783-7176-4A58-9CC6-7B53A623CAD5} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4D507009-6F10-4754-AD76-28DE70FA9B25} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-06-13] (Microsoft Corporation)
Task: {60E7A713-12C9-40D7-9AFC-E6410067EF96} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {67E5764A-E54B-4F46-9309-FBC9B2AD876C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {6E64B3CC-1730-4EEB-9D49-1AD285AF7D39} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Task: {6F81E9DF-9C89-4F43-8CD9-ACDA5A7D7B40} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
Task: {736F259D-4E03-46CD-A5C1-8DFD0A94EFE5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-11] (NVIDIA Corporation)
Task: {7659AFCF-A137-443E-B226-87CFFD230150} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-11] (Adobe Systems Incorporated)
Task: {76C6BFF5-05E3-41BC-984D-4240AAC6BE6F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {777401E2-50EA-47F3-8B88-D763312586F6} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
Task: {780B5992-D4C5-4F52-AD72-8C1FFA556B07} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {7ABEBF25-A834-4740-A6F2-6F6694046D94} - System32\Tasks\{7BD86BED-775C-46E3-B214-EA1DC1C056F5} => C:\WINDOWS\system32\pcalua.exe -a "D:\Instalace her\calof2\cod2sp_s.exe" -d "D:\Instalace her\calof2\"
Task: {7ACDA7F2-A034-4BE1-A68C-BEE8F8AFC71B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11] (NVIDIA Corporation)
Task: {81E1BF58-6E0E-42D8-B5F3-43EB6BF1D047} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {8DE64D68-376F-4176-BB3F-35BA95E8DC25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
Task: {8E8D96E4-607B-4C82-B8CB-36FAFE70D439} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {932F0494-F545-460E-95AE-37565808A8A8} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2016-09-26] (Nero AG)
Task: {96D759A0-E480-4553-A7D8-681F63E31937} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {A6994B68-C838-4CAB-A708-C08A03C1BCA3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-10] (Google Inc.)
Task: {AE98D14B-F768-4C73-920E-3A30B043671E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Task: {BDCB2204-22EB-4F17-A290-C3FF93EDB664} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {C7E375E7-9AB5-4B52-9135-4BD0336D156F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-11] (NVIDIA Corporation)
Task: {D6AD5A3C-4B65-4852-999D-6F162A84C885} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-11] (NVIDIA Corporation)
Task: {DDD723BF-96FB-4BB9-9255-73AB0732AD14} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {E378CD97-859C-4071-8869-93B18FDEC672} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {E67AC00C-4ED3-4655-8EB3-E0C7F3B02455} - System32\Tasks\čistění os => C:\dusting.cmd

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 10 (x64)\DVDFab (x64) Online.lnk -> hxxp://www.dvdfab.cn/?s=dvdfab10&p=x64&v=10.0.8.

==================== Loaded Modules (Whitelisted) ==============

2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-09-23 18:27 - 2012-09-29 13:25 - 000409088 _____ () C:\WINDOWS\System32\HPM1210LM.DLL
2015-09-23 18:27 - 2012-09-29 13:25 - 000074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2017-07-26 09:58 - 2017-07-26 09:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2018-06-18 16:29 - 2018-06-18 16:33 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 000157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2007-08-15 09:49 - 2007-08-15 09:49 - 000063040 _____ () D:\Instalace her\Airbone\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
2016-12-19 08:16 - 2016-12-19 08:16 - 000401880 _____ () C:\WINDOWS\system32\igfxTray.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-25 18:24 - 2014-07-02 00:13 - 000111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2018-06-13 16:01 - 2018-06-08 10:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-24 19:20 - 2018-05-24 19:20 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-24 19:20 - 2018-05-24 19:20 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-24 19:20 - 2018-05-24 19:21 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-24 19:20 - 2018-05-24 19:20 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-24 19:20 - 2018-05-24 19:20 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-03-28 16:58 - 2018-03-28 16:58 - 004734464 _____ () C:\Program Files\WindowsApps\Microsoft.Wallet_2.2.18065.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.dll
2018-06-03 09:09 - 2018-06-03 09:10 - 002921472 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1805.1361.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2018-06-03 09:09 - 2018-06-03 09:10 - 000120832 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1805.1361.0_x64__8wekyb3d8bbwe\PeopleUtilRT.dll
2017-01-12 22:25 - 2017-10-11 03:01 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-05-01 19:18 - 2018-05-01 19:18 - 031061504 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1712.1141.0_x64__8wekyb3d8bbwe\PilotshubApp.dll
2018-05-01 19:18 - 2018-05-01 19:18 - 000502272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1712.1141.0_x64__8wekyb3d8bbwe\Helper.dll
2018-06-25 18:09 - 2018-06-25 18:10 - 000062464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-06-25 18:09 - 2018-06-25 18:10 - 000093696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-06-27 16:59 - 2018-06-27 16:59 - 027126784 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-06-27 16:59 - 2018-06-27 16:59 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-06-27 16:59 - 2018-06-27 16:59 - 006735872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 15:19 - 2017-09-26 15:19 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-06-27 16:59 - 2018-06-27 16:59 - 009360384 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntPlat.dll
2014-11-25 18:12 - 2013-10-01 11:09 - 000078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2017-01-12 22:25 - 2017-10-11 03:01 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [153]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-14 17:54 - 2018-07-05 19:36 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2861560486-2024932042-3958806256-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zdeněk\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKU\S-1-5-21-2861560486-2024932042-3958806256-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{20BBFA07-2E55-4D42-B7AF-03D4199DA8F2}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{86B5DA1F-DF03-4713-B4D4-B4B7CA6ECF76}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{E3B8BBC2-641A-4855-92B9-0932572DAD11}] => (Allow) D:\Instalace programu\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{5AD92824-A54A-49BB-945A-9F3F2F9FDF9F}] => (Allow) D:\Instalace programu\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{0EA7ED09-619A-4F50-9D05-44F5E8E9AEEF}] => (Allow) D:\Instalace programu\torent\uTorrent.exe
FirewallRules: [{071C2526-2596-471E-B718-AC76129EC17A}] => (Allow) D:\Instalace programu\torent\uTorrent.exe
FirewallRules: [UDP Query User{1A7B5412-4C4A-4167-A149-31D49550A41F}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{9A97782A-3940-4CB3-B412-FABCB90A2987}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{10F1454F-3D35-43EB-8F4E-FE37334B30DF}] => (Allow) D:\Instalace programu\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{EB3E764A-1A6E-431A-987A-6A3A22BFD2BF}] => (Allow) D:\Instalace programu\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{6CB567D6-5A3A-45EB-B512-6EB736906CF1}] => (Allow) D:\Instalace programu\FormatFactory\FormatFactory.exe
FirewallRules: [{9BBF5548-0837-4684-8D87-2D1FBE20F16A}] => (Allow) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
FirewallRules: [UDP Query User{FC4562D6-CCBA-4D57-928F-2C14A8FF5861}D:\instalace programu\utorent\utorrent.exe] => (Allow) D:\instalace programu\utorent\utorrent.exe
FirewallRules: [TCP Query User{C3437CA3-28D2-44A2-81E0-25451B214B8B}D:\instalace programu\utorent\utorrent.exe] => (Allow) D:\instalace programu\utorent\utorrent.exe
FirewallRules: [{B27B0C92-0AA3-4155-BDA3-E825E39644D8}] => (Allow) D:\Instalace programu\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{DDE4047C-9EDB-4D89-8FDD-9D02A63A4A2F}] => (Allow) D:\Instalace programu\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{32513BE3-0B24-43B6-A27A-28477A764451}] => (Allow) D:\Instalace programu\FormatFactory\FormatFactory.exe
FirewallRules: [{41232883-26A1-417D-9CB4-FE9C3E5510A8}] => (Allow) D:\Instalace programu\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{397A2E2E-1A23-4662-8AA5-6518E34D5B7B}] => (Allow) D:\Instalace programu\FormatFactory\FormatFactory.exe
FirewallRules: [UDP Query User{8D8D49A6-1603-41E2-ABA3-7DD020515D83}D:\instalace programu\formatfactory\formatfactory.exe] => (Allow) D:\instalace programu\formatfactory\formatfactory.exe
FirewallRules: [TCP Query User{D6804210-8889-4DB4-AD00-0201F810E699}D:\instalace programu\formatfactory\formatfactory.exe] => (Allow) D:\instalace programu\formatfactory\formatfactory.exe
FirewallRules: [UDP Query User{13ED23B4-550B-4BF9-8C24-F02163E1D42E}D:\instalace her\far cry primal\bin\fcprimal.exe] => (Allow) D:\instalace her\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{8CF3D3C1-6ADE-4368-84DA-A61403E808FF}D:\instalace her\far cry primal\bin\fcprimal.exe] => (Allow) D:\instalace her\far cry primal\bin\fcprimal.exe
FirewallRules: [{E73A0C3F-762E-4E73-BCDD-272DC9810852}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{7356CC30-A2A3-4AA0-8090-14F7A3D30050}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6727988F-B9E3-43E3-9CB4-F532DF6E4433}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{813BD1E1-76A7-48DF-B797-60386EA19192}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B8B07350-967C-4AB2-BD8F-593898727187}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A87E8FDC-ADDB-47F3-ACC5-3D3295971C13}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0D05F022-B976-451D-A3C5-D6A38DF62466}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{DC5B15EE-9898-4EA2-B8D3-D6CEF86CEF4C}D:\zdenda\sat\dreamset.exe] => (Block) D:\zdenda\sat\dreamset.exe
FirewallRules: [TCP Query User{FDBCD36A-0C3D-42DB-BE22-E0FE06DC4059}D:\zdenda\sat\dreamset.exe] => (Block) D:\zdenda\sat\dreamset.exe
FirewallRules: [{CFD6B6F2-8D27-4114-97CB-21E33640A5D2}] => (Allow) D:\Instalace her\Airbone\UnrealEngine3\Binaries\MOHA.exe
FirewallRules: [{27BE0D47-E9A5-4035-8444-85750730905C}] => (Allow) D:\Instalace her\Airbone\UnrealEngine3\Binaries\MOHA.exe
FirewallRules: [{D9446029-35A0-4147-BC69-18628B5F2F0A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5687CAA9-3ADA-442E-B515-676B94DFB1BD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B54051B5-C393-4B4F-85A2-A38387B9B2A6}] => (Allow) D:\Instalace her\world of tanks\worldoftanks.exe
FirewallRules: [{EC40DC7F-EE2E-4479-911D-99EDA86C3F9F}] => (Allow) D:\Instalace her\world of tanks\worldoftanks.exe
FirewallRules: [{A0AA44B6-C4A7-4184-898F-BFF13A92970D}] => (Allow) D:\Instalace her\world of tanks\WoTLauncher.exe
FirewallRules: [{4126DD18-11E2-450F-8185-6D7B4A4B5A3C}] => (Allow) D:\Instalace her\world of tanks\WoTLauncher.exe
FirewallRules: [{240E956F-4D19-4721-9675-D206FE77CE47}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{52DC803D-4CED-4306-ABA6-DDA0E046A201}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [UDP Query User{EAF5FF3E-3CFF-4921-A222-C96B6FADF640}D:\zdenda\sat\dreamset.exe] => (Allow) D:\zdenda\sat\dreamset.exe
FirewallRules: [TCP Query User{E8565685-F62B-49BF-BDDB-40A45A715AEF}D:\zdenda\sat\dreamset.exe] => (Allow) D:\zdenda\sat\dreamset.exe
FirewallRules: [{A473A5F2-3C65-4B62-840E-61201BE98722}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0469F5B7-34DF-46CE-BEEF-E3DE36F4F546}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{531E6DDC-E57D-41A5-BEB8-DB3715FC8E32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E1852C0C-A6BF-4E69-904B-926070EE6C16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{3D8CCEC3-574F-4316-9EAE-EF236D3208B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A798D57-EBAC-4819-AED9-06941E60C3F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{3632B56E-FB49-40ED-8614-6B2CA3E3DC3F}D:\instalace her\lodě\wowslauncher.exe] => (Allow) D:\instalace her\lodě\wowslauncher.exe
FirewallRules: [TCP Query User{82C0EE8A-9D93-4C8D-BE4B-9F4BC8031DAB}D:\instalace her\lodě\wowslauncher.exe] => (Allow) D:\instalace her\lodě\wowslauncher.exe
FirewallRules: [UDP Query User{DB1FA51E-F29F-4148-97C1-990A19DFE6DB}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{388534A6-7048-45A9-84C0-6ED6B31B991F}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{4E3CD395-400D-4F7D-B51B-588CD0944E47}C:\satelit\nová složka\dreamset.exe] => (Allow) C:\satelit\nová složka\dreamset.exe
FirewallRules: [TCP Query User{D234518F-CFE9-4081-BEAD-3BB55AC23E1E}C:\satelit\nová složka\dreamset.exe] => (Allow) C:\satelit\nová složka\dreamset.exe
FirewallRules: [TCP Query User{57C12893-BCEE-47DF-AF2E-1640E6254408}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{AA9FC9EE-9B6E-4B75-831C-4B0DCF06938E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D3E87346-C692-4697-93D4-BC1B877E14A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{239B89C9-9E93-4DA6-88DD-6733E2216310}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{CE54E956-A51A-4FC8-9002-171E8D92BCE1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A8852794-6558-45BC-BC36-440FC85C7CA7}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{1D28759D-ED47-481C-9F30-C1B42CD99696}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{73D6C518-ED40-4922-9C07-A287E7EC4A01}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{1561D431-0E11-4A31-91C8-D4D617EEED08}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{8767ED54-5DCC-4AAB-B8F8-247E31E2B617}] => (Allow) C:\Program Files\Zoner\Photo Studio 18\Program32\MediaServer.exe
FirewallRules: [{16539FB4-5D28-43A3-A337-618785413058}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11A6586D-20DB-463F-9D13-43D43D69582B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2A95CC37-8528-4F7F-A4C5-60E5CBC110A3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{42D1FB5D-EFA7-436A-A51E-1D66DDF5ABE0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{D01882EC-A13B-4783-8F7C-A41FE087B66F}D:\instalace her\duty2\cod2mp_s.exe] => (Block) D:\instalace her\duty2\cod2mp_s.exe
FirewallRules: [UDP Query User{D9DF7F4F-362E-44A6-9EDF-8585FDDF2392}D:\instalace her\duty2\cod2mp_s.exe] => (Block) D:\instalace her\duty2\cod2mp_s.exe
FirewallRules: [TCP Query User{C2BC9BAB-CCCF-4421-8DFC-26BF52B7A8F3}D:\instalace programu\formatfactory\formatfactory.exe] => (Allow) D:\instalace programu\formatfactory\formatfactory.exe
FirewallRules: [UDP Query User{D8BF78DA-A448-4E30-AEFE-78889C1396E4}D:\instalace programu\formatfactory\formatfactory.exe] => (Allow) D:\instalace programu\formatfactory\formatfactory.exe
FirewallRules: [{17E020A4-4F44-466C-A3CA-6A4992C2FDAC}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{B8E30704-FCEF-4B5C-9D40-9E5B3C0936B1}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{56ABEBC5-0394-4AEE-AE23-427F4DE55B83}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{99CC67EA-D258-4EA4-A687-31D9E8C86433}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{BCA2AAAB-1E65-484A-9A12-90F7B564E41F}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{44DB9AEF-BD44-4BB0-98DD-3A6BB53384AB}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{9C575E6A-717E-4C11-8C78-A8A4F73FB789}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{6562ED34-25C0-4D84-B4DF-C30D2C0F4095}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{74F81FAC-EDE1-4F15-B31E-57C675FBA287}] => (Allow) D:\Instalace programu\nero\Nero 2017\Nero Burning ROM\StartNBR.exe
FirewallRules: [{5D17E2C3-8AE6-4E46-9565-95A691AD2777}] => (Allow) D:\Instalace programu\nero\Nero 2017\Nero MediaHome\NMDllHost.exe
FirewallRules: [{32BEDCB4-CBA0-4F60-9116-2A858858A4BE}] => (Allow) D:\Instalace programu\nero\Nero 2017\Nero MediaHome\MediaHome.exe
FirewallRules: [{6EBDA830-250F-44C5-9281-8C30D2B4A9FF}] => (Allow) D:\Instalace programu\nero\Nero 2017\Nero Burning ROM\nero.exe
FirewallRules: [{22E36B74-B7F9-4064-BE9C-307AC482CEB0}] => (Allow) D:\Instalace programu\nero\Nero 2017\Nero Burning ROM\StartNBR.exe
FirewallRules: [{27DC201D-376A-4687-A559-4EFD0684FF58}] => (Allow) D:\Instalace programu\nero\Nero 2017\Nero Burning ROM\nero.exe
FirewallRules: [{FD4346AC-805B-47F6-89B9-A0C9220A7B61}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{8C73BFE8-029A-4121-8E07-F93D020DEA21}D:\instalace her\battlefield 1\bf1.exe] => (Allow) D:\instalace her\battlefield 1\bf1.exe
FirewallRules: [UDP Query User{6C824973-E6A5-4C6D-9144-6770F236FE65}D:\instalace her\battlefield 1\bf1.exe] => (Allow) D:\instalace her\battlefield 1\bf1.exe
FirewallRules: [{1C1BF6A7-2C4B-49EB-BDE5-F96170911DC1}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{C64F9DDF-F72C-4A28-AB35-21BB6801A181}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{68FF683C-DFAB-4DC8-882F-10469FE6EC2B}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{70653A38-A0F3-45FB-931D-ADF832A908F6}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{38F193F7-489A-44D4-90E6-0F6400F88A25}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{5B923646-F2DF-4A30-8FB1-49DDF069ED5B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F1EEC21A-CBFB-42B4-B6AD-ED0880537175}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{C7708C61-B8A4-49BD-95D5-4F47383BBC82}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{0DC700E7-AE7E-4574-B2E1-E956D3E662D0}] => (Allow) C:\Windows\System32\rundll32.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2018 10:36:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (07/05/2018 10:23:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (07/05/2018 10:16:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (07/05/2018 10:14:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (07/05/2018 10:05:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (07/05/2018 10:03:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (07/05/2018 09:58:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (07/05/2018 09:57:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet


System errors:
=============
Error: (07/05/2018 10:41:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba BstHdDrv neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (07/05/2018 10:40:54 PM) (Source: sptd2) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error: (07/05/2018 10:23:28 PM) (Source: DCOM) (EventID: 10016) (User: ACER)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli acer\Zdeněk (SID: S-1-5-21-2861560486-2024932042-3958806256-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/05/2018 10:17:19 PM) (Source: DCOM) (EventID: 10016) (User: ACER)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli acer\Zdeněk (SID: S-1-5-21-2861560486-2024932042-3958806256-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/05/2018 10:11:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/05/2018 10:07:39 PM) (Source: DCOM) (EventID: 10016) (User: ACER)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli acer\Zdeněk (SID: S-1-5-21-2861560486-2024932042-3958806256-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/05/2018 10:02:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/05/2018 10:02:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba BlueStacks Android Service závisí na službě BlueStacks Hypervisor, která neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


CodeIntegrity:
===================================

Date: 2018-07-05 19:56:56.586
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-05 19:56:56.577
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-05 16:20:27.507
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-05 16:20:27.501
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-05 12:42:01.364
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-05 12:42:01.157
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-05 12:41:54.770
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-05 12:35:26.854
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 12%
Total physical RAM: 16307.27 MB
Available physical RAM: 14294.14 MB
Total Virtual: 33715.27 MB
Available Virtual: 31876.2 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:117.99 GB) (Free:51.18 GB) NTFS
Drive d: (DATA) (Fixed) (Total:684.97 GB) (Free:204.8 GB) NTFS

\\?\Volume{2628c86b-e848-4d8d-96a1-53d98ddf3d8b}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.26 GB) NTFS
\\?\Volume{f4be6f5e-0345-4481-9ffc-efef13fe309b}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{ecc15581-8716-42f7-8780-b88ec06da759}\ (Push Button Reset) (Fixed) (Total:16.27 GB) (Free:1.48 GB) NTFS
\\?\Volume{380b7ae9-ea83-486d-b8cf-d73578a743eb}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
\\?\Volume{070ad90c-cab2-4400-8a79-d26fa44e48a4}\ () (Fixed) (Total:0.5 GB) (Free:0.5 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 4AE8716C)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 4AE8715D)

Partition: GPT.

==================== End of Addition.txt ============================

Zdenislav
Návštěvník
Návštěvník
Příspěvky: 40
Registrován: 22 dub 2006 14:24

Re: vyskakuje mi po spustění tato hlaska

#17 Příspěvek od Zdenislav »

to je všechno co tam mam
Přílohy
Bez názvu.png
Bez názvu.png (76.31 KiB) Zobrazeno 2673 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: vyskakuje mi po spustění tato hlaska

#18 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    VirusTotal: C:\Users\Zdeněk\AppData\Local\installer.dat
    File: C:\Users\Zdeněk\AppData\Local\installer.dat
    File: C:\WINDOWS\system32\epmntdrv.sys
    File: C:\WINDOWS\SysWOW64\epmntdrv.sys
    File: C:\WINDOWS\system32\EuGdiDrv.sys
    File: C:\WINDOWS\SysWOW64\EuGdiDrv.sys
    CMD: type "C:\FRST\Quarantine\C\duster.cmd.xbad"
    CMD: type "C:\Users\Zdeněk\AppData\Local\uts.ini"
    
    HKLM\...\Run: [rundll32] => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\BizTacks\BizTacks.dll",mZfhMCJZuAX
    OPR Extension: (Adblocker for Youtube™) - C:\Users\Zdeněk\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgafbmpmdmlbbpbaipgpbkdlfgnepgao [2018-07-02]
    2018-03-22 16:09 - 2018-03-22 16:09 - 000099384 _____ () C:\Users\Zdeněk\AppData\Roaming\inst.exe
    2018-03-22 16:09 - 2018-03-22 16:09 - 000007859 _____ () C:\Users\Zdeněk\AppData\Roaming\pcouffin.cat
    2018-03-22 16:09 - 2018-03-22 16:09 - 000001167 _____ () C:\Users\Zdeněk\AppData\Roaming\pcouffin.inf
    2018-03-22 16:09 - 2018-03-22 16:09 - 000000055 _____ () C:\Users\Zdeněk\AppData\Roaming\pcouffin.log
    2018-03-22 16:09 - 2018-03-22 16:09 - 000082816 _____ (VSO Software) C:\Users\Zdeněk\AppData\Roaming\pcouffin.sys
    2018-07-02 21:53 - 2018-07-02 21:53 - 000140800 _____ () C:\Users\Zdeněk\AppData\Local\installer.dat
    2016-11-16 21:56 - 2016-11-16 21:56 - 000000001 _____ () C:\Users\Zdeněk\AppData\Local\llftool.4.40.agreement
    Task: {E67AC00C-4ED3-4655-8EB3-E0C7F3B02455} - System32\Tasks\čistění os => C:\dusting.cmd 
    AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [153]
    C:\Users\Zdeněk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coiagddgpmoccinljjidkpgonimejcnk
    C:\Users\Zdeněk\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coiagddgpmoccinljjidkpgonimejcnk
    C:\Program Files (x86)\foldershare
    
    Hosts:
    EmptyTemp:
    End
  • Klikni na Subor a potom na Ulozit
  • Vpravo dole vyber kodovanie Unicode
  • Subor uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Zdenislav
Návštěvník
Návštěvník
Příspěvky: 40
Registrován: 22 dub 2006 14:24

Re: vyskakuje mi po spustění tato hlaska

#19 Příspěvek od Zdenislav »

tak jsem pc 2krat restartnul a hlaska uz nevyskakuje,v programu co jsem zakazoval tež už není,asi je to už dobrý

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Zdeněk (05-07-2018 23:41:44) Run:2
Running from C:\Users\Zdeněk\Desktop
Loaded Profiles: Zdeněk (Available Profiles: Zdeněk & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Users\Zdeněk\AppData\Local\installer.dat
File: C:\Users\Zdeněk\AppData\Local\installer.dat
File: C:\WINDOWS\system32\epmntdrv.sys
File: C:\WINDOWS\SysWOW64\epmntdrv.sys
File: C:\WINDOWS\system32\EuGdiDrv.sys
File: C:\WINDOWS\SysWOW64\EuGdiDrv.sys
CMD: type "C:\FRST\Quarantine\C\duster.cmd.xbad"
CMD: type "C:\Users\Zdeněk\AppData\Local\uts.ini"

HKLM\...\Run: [rundll32] => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\BizTacks\BizTacks.dll",mZfhMCJZuAX
OPR Extension: (Adblocker for Youtube™) - C:\Users\Zdeněk\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgafbmpmdmlbbpbaipgpbkdlfgnepgao [2018-07-02]
2018-03-22 16:09 - 2018-03-22 16:09 - 000099384 _____ () C:\Users\Zdeněk\AppData\Roaming\inst.exe
2018-03-22 16:09 - 2018-03-22 16:09 - 000007859 _____ () C:\Users\Zdeněk\AppData\Roaming\pcouffin.cat
2018-03-22 16:09 - 2018-03-22 16:09 - 000001167 _____ () C:\Users\Zdeněk\AppData\Roaming\pcouffin.inf
2018-03-22 16:09 - 2018-03-22 16:09 - 000000055 _____ () C:\Users\Zdeněk\AppData\Roaming\pcouffin.log
2018-03-22 16:09 - 2018-03-22 16:09 - 000082816 _____ (VSO Software) C:\Users\Zdeněk\AppData\Roaming\pcouffin.sys
2018-07-02 21:53 - 2018-07-02 21:53 - 000140800 _____ () C:\Users\Zdeněk\AppData\Local\installer.dat
2016-11-16 21:56 - 2016-11-16 21:56 - 000000001 _____ () C:\Users\Zdeněk\AppData\Local\llftool.4.40.agreement
Task: {E67AC00C-4ED3-4655-8EB3-E0C7F3B02455} - System32\Tasks\čistění os => C:\dusting.cmd
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [153]
C:\Users\Zdeněk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coiagddgpmoccinljjidkpgonimejcnk
C:\Users\Zdeněk\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coiagddgpmoccinljjidkpgonimejcnk
C:\Program Files (x86)\foldershare

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
VirusTotal: C:\Users\Zdeněk\AppData\Local\installer.dat => https://www.virustotal.com/file/bdcc0c4 ... 530826914/

========================= File: C:\Users\Zdeněk\AppData\Local\installer.dat ========================

C:\Users\Zdeněk\AppData\Local\installer.dat
File not signed
MD5: C1BED8C87E8EFAA9CFC7E77ADA8760BA
Creation and modification date: 2018-07-02 21:53 - 2018-07-02 21:53
Size: 000140800
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\system32\epmntdrv.sys ========================

C:\WINDOWS\system32\epmntdrv.sys
File not signed
MD5: 1B677389760689A11241884C700B48E0
Creation and modification date: 2017-02-12 17:29 - 2014-11-18 15:39
Size: 000018528
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/75ec4d1 ... 529539157/

====== End of File: ======


========================= File: C:\WINDOWS\SysWOW64\epmntdrv.sys ========================

C:\WINDOWS\SysWOW64\epmntdrv.sys
File not signed
MD5: D238D6B4D5BCFCF244D2F2286BC1DC16
Creation and modification date: 2017-02-12 17:29 - 2014-11-18 15:39
Size: 000014944
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\system32\EuGdiDrv.sys ========================

C:\WINDOWS\system32\EuGdiDrv.sys
File not signed
MD5: 08C997734B2CECE882656BB2855E6E76
Creation and modification date: 2017-02-12 17:29 - 2014-11-18 15:39
Size: 000010848
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\SysWOW64\EuGdiDrv.sys ========================

C:\WINDOWS\SysWOW64\EuGdiDrv.sys
File not signed
MD5: 886CDC85E0B6C9AC2547F919E5B224A3
Creation and modification date: 2017-02-12 17:29 - 2014-11-18 15:39
Size: 000010208
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========= type "C:\FRST\Quarantine\C\duster.cmd.xbad" =========

@echo off
title Duster by mople71

:menu
cls
echo =========================================
echo Duster v2
echo =========================================
echo.
echo Tento skript Vam pomuze procistit OS Windows. Ulozte si prosim veskerou rozdelanou praci, vsechny aplikace budou behem procesu cisteni automaticky ukonceny!
echo.
echo.
echo ------------------------
echo Zvolte program:
echo ------------------------
echo.
echo [1] Procisteni OS
echo [2] Pruvodce procistenim OS (zvolte prosim pri prvnim spusteni)
echo.
set /p op=Spustit (1/2):
if %op%==1 goto dusting
if %op%==2 goto cleaning
goto error


:dusting
cls
@echo off
For /f "skip=3 tokens=1" %%i in ('TASKLIST /FI "USERNAME eq %userdomain%\%username%" /FI "STATUS eq running"') do (
if not "%%i"=="svchost.exe" (
if not "%%i"=="explorer.exe" (
if not "%%i"=="cmd.exe" (
if not "%%i"=="conhost.exe" (
if not "%%i"=="tasklist.exe" (
if not "%%i"=="csrss.exe" (
if not "%%i"=="winlogon.exe" (
if not "%%i"=="services.exe" (
echo.
taskkill /f /im "%%i"
echo.
)
)
)
)
)
)
)
)
)
if exist "%systemroot%\System32\hkcubackup.hiv" del /s /f /q %systemroot%\System32\hkcubackup.hiv
reg save hkcu hkcubackup.hiv
echo.
@echo off
del /s /f /q %systemdrive%\*.tmp
del /s /f /q %systemroot%\*.tmp
del /s /f /q %systemroot%\Temp\*.*
del /f /q %systemdrive%\*.exe
del /f /q %appdata%\*.exe
del /s /f /q %TEMP%
del /s /f /q %TMP%
bitsadmin /reset /allusers
cleanmgr.exe /sagerun:1
if exist "%systemroot%\System32\has_hdd.txt" chkdsk %systemdrive% /f /r /v /b
echo Done&done, PC se nyni restartuje...
echo off
shutdown /r /t 3
pause
exit /b


:cleaning
cls
echo ! Nyni probehne priprava cisteni.
echo off
pause
cls
echo * Ukoncuji nesystemove procesy...
echo off
For /f "skip=3 tokens=1" %%i in ('TASKLIST /FI "USERNAME eq %userdomain%\%username%" /FI "STATUS eq running"') do (
if not "%%i"=="svchost.exe" (
if not "%%i"=="explorer.exe" (
if not "%%i"=="cmd.exe" (
if not "%%i"=="conhost.exe" (
if not "%%i"=="tasklist.exe" (
if not "%%i"=="csrss.exe" (
if not "%%i"=="winlogon.exe" (
if not "%%i"=="services.exe" (
echo.
taskkill /f /im "%%i"
echo.
)
)
)
)
)
)
)
)
)
echo * Zalohuji uzivatelsky registr...
echo off
if exist "%systemroot%\System32\hkcubackup.hiv" del /s /f /q %systemroot%\System32\hkcubackup.hiv
reg save hkcu hkcubackup.hiv
echo.
echo Priprava dokoncena!
echo off
pause
cls
echo ! Castym zpomalovacem OS byva adware - nechtene nainstalovane programy, pripadne jiz nepouzivane programy.
echo.
echo * Nahlednete prosim do nasledne otevreneho seznamu aplikaci a veskere zbytecne aplikace odinstalujte.
echo.
echo Po dokonceni seznam aplikaci zavrete a proces cisteni bude pokracovat.
echo.
echo off
pause
echo (pokud se okno neobjevi hned, mejte prosim chvili strpeni)
echo off
appwiz.cpl
pause
cls
echo ! Aplikace, ktere chceme mit nainstalovane ovsem take mohou OS zpomalovat - pri jeho startu.
echo.
echo * Zamyslete se, ktere aplikace opravdu vyuzivate hned po prihlaseni.
echo.
echo Po zobrazeni okna kliknete na zalozku "Po spusteni" v jeho horni nabidce.
echo.
echo Nasledne odstrante vsechna zatrzitka u programu, ktere nepouzivate neprodlene po prihlaseni. Po dokonceni okno zavrete.
echo.
echo ! Uzivatele Windows 7 a nize - kliknete na "Restartovat pozdeji".
@echo off
pause
echo (pokud se okno neobjevi hned, mejte prosim chvili strpeni)
echo off
msconfig
pause
cls
echo ! Nyni se podivame na cisteni souboru.
echo.
echo off
pause
echo * Probiha genericke cisteni souboru...
echo off
del /f /q %systemdrive%\*.tmp
del /f /q %systemdrive%\*.exe
del /s /f /q %systemroot%\*.tmp
del /s /f /q %systemroot%\Temp\*.*
del /f /q %appdata%\*.exe
del /f /q %appdata%\*.sys
del /s /f /q %TEMP%
del /s /f /q %TMP%
del /s /f /q %systemroot%\Tasks\*.job
bitsadmin /reset /allusers
ipconfig /flushdns
netsh winsock reset catalog
echo.
echo Genericke cisteni dokonceno!
echo.
echo off
pause
cls
echo ! Nyni pouzijeme integrovanou aplikaci s plnohodnotnym GUI.
echo.
echo Od teto chvile jiz vzdy bude fungovat plne automatizovane, nyni ji ovsem musime nastavit...
echo.
echo V nasledne otevrenem okne pridejte zatrzitka u vsech dostupnych moznosti a kliknete na "OK".
echo.
echo ! Uzivatele Windows 8 a vyse - nezatrhavejte moznost "Instalacni soubory Windows ESD".
echo.
@echo off
pause
echo (pokud se okno neobjevi hned, mejte prosim chvili strpeni)
echo off
cleanmgr /sageset:1
pause
echo.
echo * Nasledne aplikaci spustime s parametry, ktere jsme pred par okamziky nastavili.
echo.
@echo off
pause
cleanmgr /sagerun:1
pause
cls
echo --------------------------------------------------------------------------------
echo Mate v PC HDD nebo kombinaci SSD a HDD?
echo (Pokud mate v PC pouze SSD, zvolte moznost 2, skript toto neumi...)
echo --------------------------------------------------------------------------------
echo.
echo [1] HDD
echo [2] SSD a HDD
echo off
set /p op=Mam (zvolte 1 nebo 2):
if %op%==1 goto HDD
if %op%==2 goto SSD
goto error

:HDD
@echo off
echo Tento soubor je vyuzivan automatickym cisticem duster.cmd - prosim nemazat!!! >%systemroot%\System32\has_hdd.txt
cls
echo ! Porizeni SSD Vam prinese zrychleni, jehoz SW cestou nikdy nedosahnete. Popremyslejte o jeho koupi.
echo.
echo * Zkontrolujeme uroven fragmentace HDD.
echo.
echo V okne zvolte systemovy disk, kliknete na "Analyzovat disk".
echo.
echo Pokud bude HDD mit uroven fragmentace vetsi nez 5%, zvolte moznost "Defragmentovat disk". Pokud ne, okno muzete zavrit a pokracovat.
echo.
echo ! Tento krok muze byt casove velmi narocny.
echo.
echo off
pause
echo (pokud se okno neobjevi hned, mejte prosim chvili strpeni)
echo off
dfrgui
pause
cls
echo * Dale zkontrolujeme chyby v NTFS.
echo.
echo Potvrdte prosim naplanovani kontroly na nejblizsi cas restartu.
echo.
echo PC NYNI NERESTARTUJTE!
echo.
echo off
pause
chkdsk %systemdrive% /f /r /v /b
cls
echo --------------------------------------------------------------------------------
echo Potykate se na systemovem disku s problemem nedostatku ci nahleho ubytku mista?
echo --------------------------------------------------------------------------------
echo.
echo [1] ANO
echo [2] NE
echo off
set /p op=Zvolte (1/2):
if %op%==1 goto vsscleanup
if %op%==2 goto END
goto error


:SSD
@echo off
cls
powercfg -h off
echo ! SSD je samo o sobe svizne, problem s pomalym OS byste tedy mit nemeli...
echo.
echo OS Windows ovsem musi byt pro SSD spravne optimalizovan. Tim docilite zvyseni vykonu a zivotnosti SSD.
echo.
echo * Pro postup optimalizace si prectete par poslednich stranek ve vlakne Udrzba SSD na foru Zive.
pause
cls
echo --------------------------------------------------------------------------------
echo Potykate se na systemovem disku s problemem nedostatku ci nahleho ubytku mista?
echo --------------------------------------------------------------------------------
echo.
echo [1] ANO
echo [2] NE
echo off
set /p op=Zvolte (1/2):
if %op%==1 goto vsscleanup
if %op%==2 goto END
goto error


:vsscleanup
@echo off
cls
echo * Zredukujeme tedy soubory OS... Nejsou zivotne dulezite.
echo.
echo ! Tento krok muze byt casove narocny.
echo off
pause
vssadmin delete shadows /for=%systemdrive% /all /quiet
vssadmin resize shadowstorage /for=%systemdrive% /on=%systemdrive% /maxsize=2GB
dism /online /Cleanup-Image /StartComponentCleanup /ResetBase
echo.
echo off
pause
goto END


:END
@echo off
cls
echo Cisteni OS bylo uspesne dokonceno!
echo.
echo Vase PC by tedy v tomto ohledu mel byt v poradku.
echo.
echo * Pro udrzovani kondice OS nastavte v Planovaci uloh jednou tydne spousteni druheho skriptu "dusting.cmd" pro genericke cisteni.
echo.
echo * Spousteni tohoto skriptu nastavte jednou za 3-6 mesicu. Vzdy spoustejte program c. 1 - Procisteni OS!
echo.
echo Navod na nastaveni ulohy v Planovaci naleznete na foru ve stejnem vlakne.
echo.
echo Preji Vam hodne stesti, at OS dlouho slouzi!
echo.
echo off
pause
echo * PC se nyni restartuje...
shutdown.exe /r /t 4
exit /b
========= End of CMD: =========


========= type "C:\Users\Zdeněk\AppData\Local\uts.ini" =========

[Uts]
Id=@ByteArray('\xd5\x10\xdb\x32\x8f\xae\xd5\xe7\x93\xe3z{G\xa0\xdc)
Check=@Variant(\0\0\0\x10\0%\x81\x82\x1\xb5\x63R\x2)

========= End of CMD: =========

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\rundll32" => removed successfully
C:\Users\Zdeněk\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgafbmpmdmlbbpbaipgpbkdlfgnepgao => moved successfully
C:\Users\Zdeněk\AppData\Roaming\inst.exe => moved successfully
C:\Users\Zdeněk\AppData\Roaming\pcouffin.cat => moved successfully
C:\Users\Zdeněk\AppData\Roaming\pcouffin.inf => moved successfully
C:\Users\Zdeněk\AppData\Roaming\pcouffin.log => moved successfully
C:\Users\Zdeněk\AppData\Roaming\pcouffin.sys => moved successfully
C:\Users\Zdeněk\AppData\Local\installer.dat => moved successfully
C:\Users\Zdeněk\AppData\Local\llftool.4.40.agreement => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E67AC00C-4ED3-4655-8EB3-E0C7F3B02455}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E67AC00C-4ED3-4655-8EB3-E0C7F3B02455}" => removed successfully
C:\WINDOWS\System32\Tasks\čistění os => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\čistění os" => removed successfully
C:\ProgramData\Temp => ":1CE11B51" ADS removed successfully
C:\Users\Zdeněk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coiagddgpmoccinljjidkpgonimejcnk => moved successfully
C:\Users\Zdeněk\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coiagddgpmoccinljjidkpgonimejcnk => moved successfully
C:\Program Files (x86)\foldershare => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23526759 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 20480 B
Edge => 3584 B
Chrome => 111034002 B
Firefox => 6925418 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3610 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Zdeněk => 14246571 B
Administrator.acer => 0 B

RecycleBin => 0 B
EmptyTemp: => 156.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:42:07 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: vyskakuje mi po spustění tato hlaska

#20 Příspěvek od Conder »

:arrow: Ano, v poslednom kroku sme odstranili zaznam z registrov, takze Windows sa uz nesnazi spustit neexistujuci subor :)

:arrow: Este mozeme precistit PC od zbytkov po predchadzajucich antivirusoch - pouzi vsetky odinstalatory jednotlivych antivirusov: :arrow: Napis ci vsetko prebehlo OK. Nasledne mozes nainstalovat antivirus podla tvojich preferencii alebo nechat len WinDefender
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Zdenislav
Návštěvník
Návštěvník
Příspěvky: 40
Registrován: 22 dub 2006 14:24

Re: vyskakuje mi po spustění tato hlaska

#21 Příspěvek od Zdenislav »

Tak všechno proběhlo ok,díky moc za pomoc jsi(jste) dobří kteří tady pomahají.Nebyt vás tak jsme ....Ještě jednou diky,diky moc.Rozhodnul jsem se pro ten bitdefender. :thumbsup:

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: vyskakuje mi po spustění tato hlaska

#22 Příspěvek od Conder »

:arrow: Nie je zaco :)

:arrow: Poprosim este raz o nove logy z FRST (obidva - FRST.txt aj Addition.txt), ci tam este nieco neostalo. Mozes ich zabalit do RAR / ZIP archivu a poslat ako prilohu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Zdenislav
Návštěvník
Návštěvník
Příspěvky: 40
Registrován: 22 dub 2006 14:24

Re: vyskakuje mi po spustění tato hlaska

#23 Příspěvek od Zdenislav »

nove logy z FRST
Přílohy
Nová složka.zip
(35.13 KiB) Staženo 102 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: vyskakuje mi po spustění tato hlaska

#24 Příspěvek od Conder »

:arrow: Su tam stale zbytky po Kaspersky, odporucam tento postup:
  • Stiahni este raz Kaspersky Remover: http://media.kaspersky.com/utilities/Co ... vremvr.exe
  • Spusti ako spravca a potvrd licencne podmienky (Accept)
  • V pripade, ze program vypise "The following products were detected":
    • Opis overovaci kod, klikni na Remove a pockaj na dokoncenie
    • Nasledne znovu spusti program znovu a postup opakuj az dokym program nevypise "Product was not detected"
    • Potom uz iba restartuj PC
  • V pripade, ze program na zaciatku vypise "Product was not detected":
    • Opis overovaci kod
    • Vyber v zozname moznost "Kaspersky Free/Kaspersky Anti-Virus/Internet Security/Kaspersky Total Security 2018"
    • Klikni na Remove a pockaj na dokoncenie
    • Nasledne spusti program spusti este raz a tentokrat vyber moznost "Kaspersky Secure Connection"
    • Na zaver restartuj PC
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)
    S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
    R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [421200 2016-06-20] (AO Kaspersky Lab)
    S0 b06bdrv; System32\drivers\bxvbda.sys [X]
    2018-07-06 00:02 - 2018-07-06 00:02 - 000000000 ___HD C:\kleaner.tmp
    2018-07-06 00:02 - 2016-12-06 22:31 - 000000000 ____D C:\ProgramData\Kaspersky Lab
    2018-07-05 22:36 - 2017-10-26 17:19 - 000000000 ____D C:\Program Files\HitmanPro
    C:\Program Files (x86)\Kaspersky Lab
    C:\Program Files (x86)\Wondershare
    C:\Program Files (x86)\Common Files\Wondershare
    C:\ProgramData\Wondershare
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
    C:\Users\Zdeněk\AppData\Local\Wondershare
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Zdenislav
Návštěvník
Návštěvník
Příspěvky: 40
Registrován: 22 dub 2006 14:24

Re: vyskakuje mi po spustění tato hlaska

#25 Příspěvek od Zdenislav »

ahoj byl jsem pryč tak posilam teprve ten log


Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Zdeněk (08-07-2018 15:39:09) Run:3
Running from C:\Users\Zdeněk\Desktop
Loaded Profiles: Zdeněk (Available Profiles: Zdeněk & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [421200 2016-06-20] (AO Kaspersky Lab)
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
2018-07-06 00:02 - 2018-07-06 00:02 - 000000000 ___HD C:\kleaner.tmp
2018-07-06 00:02 - 2016-12-06 22:31 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-07-05 22:36 - 2017-10-26 17:19 - 000000000 ____D C:\Program Files\HitmanPro
C:\Program Files (x86)\Kaspersky Lab
C:\Program Files (x86)\Wondershare
C:\Program Files (x86)\Common Files\Wondershare
C:\ProgramData\Wondershare
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
C:\Users\Zden�k\AppData\Local\Wondershare

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
"HKLM\System\CurrentControlSet\Services\WsAppService" => removed successfully
WsAppService => service removed successfully
klelam => service not found.
klhk => service not found.
"HKLM\System\CurrentControlSet\Services\b06bdrv" => removed successfully
b06bdrv => service removed successfully
"C:\kleaner.tmp" => not found
"C:\ProgramData\Kaspersky Lab" => not found
C:\Program Files\HitmanPro => moved successfully
"C:\Program Files (x86)\Kaspersky Lab" => not found
C:\Program Files (x86)\Wondershare => moved successfully
C:\Program Files (x86)\Common Files\Wondershare => moved successfully
C:\ProgramData\Wondershare => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare => moved successfully
"C:\Users\Zden�k\AppData\Local\Wondershare" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27845840 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 490306139 B
Edge => 0 B
Chrome => 398120115 B
Firefox => 10807466 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 9924 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Zdeněk => 853038274 B
Administrator.acer => 0 B

RecycleBin => 20356457 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:40:29 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: vyskakuje mi po spustění tato hlaska

#26 Příspěvek od Conder »

:arrow: Tak este upraceme po pouzitych nastrojoch: :arrow: Skontroluj velkost plochy (C:\Users\Zdeněk\Desktop). Ak je vacsia ako 300 MB, presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Zdenislav
Návštěvník
Návštěvník
Příspěvky: 40
Registrován: 22 dub 2006 14:24

Re: vyskakuje mi po spustění tato hlaska

#27 Příspěvek od Zdenislav »

Programem pročistěno,velikost plochy 9.16MB

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: vyskakuje mi po spustění tato hlaska

#28 Příspěvek od Conder »

:arrow: OK, tak to by bolo asi vsetko, ak uz nie su ziadne problemy s PC.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Zdenislav
Návštěvník
Návštěvník
Příspěvky: 40
Registrován: 22 dub 2006 14:24

Re: vyskakuje mi po spustění tato hlaska

#29 Příspěvek od Zdenislav »

Čau tak ještě jednou moc díky. :thumbsup: :)

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: vyskakuje mi po spustění tato hlaska

#30 Příspěvek od Conder »

Nie je zaco, rad som pomohol :)
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Zamčeno