Dobrý den,
prosil bych o kontrolu logu, mám podezření na malware, mám využito cca 80% RAM a to i bez jakékoliv běžící aplikace. RAM jsou 4GB, po spuštění by nemělo běžet téměř nic tj. využití by i se systémem mělo být cca na 50%.
Děkuji
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Tomča (administrator) on TOM on 16-05-2015 18:48:57
Running from C:\Users\Tomča\Desktop
Loaded Profiles: Tomča (Available profiles: Tomča & Administrator)
Platform: Windows 8 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Tomča\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Tomča\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-05] ()
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Dare-U mouse] => C:\Program Files (x86)\uRage Illuminated Driver\Monitor.exe [491520 2013-01-17] ()
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [Spotify Web Helper] => C:\Users\Tomča\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Tomča\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Tomča\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\MountPoints2: E - "E:\setup.exe"
Startup: C:\Users\Tomča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2015-01-13]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Tomča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Snackr.lnk [2015-01-27]
ShortcutTarget: Snackr.lnk -> C:\Program Files (x86)\Snackr\Snackr.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKU\S-1-5-21-3997287831-3372067910-2735212-1001 -> DefaultScope {49E7BE91-2A49-4532-9752-D2208D50264E} URL =
SearchScopes: HKU\S-1-5-21-3997287831-3372067910-2735212-1001 -> {49E7BE91-2A49-4532-9752-D2208D50264E} URL =
SearchScopes: HKU\S-1-5-21-3997287831-3372067910-2735212-1001 -> {A5BBDDD9-3798-4226-AA4D-A21B5DA0A228} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20
FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-31] (Nero AG)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3997287831-3372067910-2735212-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tomča\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-14]
CHR Extension: (YouTube) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-14]
CHR Extension: (ImprovedTube - YouTube Extension) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2015-01-08]
CHR Extension: (Adblock Plus) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-08]
CHR Extension: (Google Search) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-14]
CHR Extension: (Bookmark Manager) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Arcane Legends) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2015-03-14]
CHR Extension: (Twitch Live) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2015-01-08]
CHR Extension: (Into The Mist) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Gmail) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-02-06] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671512 2014-12-22] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1119232 2012-06-30] (Realtek Semiconductor Corporation )
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows (R) Win 7 DDK provider)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-16 18:48 - 2015-05-16 18:49 - 00020443 _____ () C:\Users\Tomča\Desktop\FRST.txt
2015-05-16 18:48 - 2015-05-16 18:49 - 00000000 ____D () C:\FRST
2015-05-16 18:47 - 2015-05-16 18:47 - 00112640 _____ (forum.viry.cz) C:\Users\Tomča\Desktop\FRSTLauncher.exe
2015-05-16 18:45 - 2015-05-16 18:45 - 02107392 _____ (Farbar) C:\Users\Tomča\Desktop\FRST64.exe
2015-05-16 18:40 - 2015-05-16 18:40 - 00007606 _____ () C:\Users\Tomča\AppData\Local\Resmon.ResmonCfg
2015-05-16 18:36 - 2015-05-16 18:36 - 00000000 ____D () C:\Users\Tomča\Downloads\IObit Advanced SystemCare PRO 8.1.0.651 Final Incl. Crack [ATOM]
2015-05-16 18:35 - 2015-05-16 18:35 - 00014917 _____ () C:\Users\Tomča\Downloads\[kat.cr]iobit.advanced.system.care.systemcare.pro.8.1.0.651.final.incl.crack.atom.torrent
2015-05-16 18:20 - 2015-05-16 18:33 - 00000828 _____ () C:\Users\Tomča\Desktop\Misty Mountains.txt
2015-05-16 14:56 - 2015-05-16 16:54 - 00000000 ____D () C:\Users\Tomča\Desktop\WoW WoD
2015-05-12 20:00 - 2015-05-12 20:01 - 00700112 _____ () C:\Users\Tomča\Downloads\XPerl-3.0.9.zip
2015-05-11 17:52 - 2015-05-11 17:58 - 00000000 ____D () C:\Users\Tomča\Downloads\AMON AMARTH - DISCOGRAPHY (1992-13) [CHANNEL NEO]
2015-05-10 16:03 - 2015-05-10 16:03 - 05642956 _____ () C:\Users\Tomča\Downloads\XPerl-3.3.5.rar
2015-05-10 16:02 - 2015-05-10 16:03 - 00041200 _____ () C:\Users\Tomča\Downloads\OmniCC_3.0.beta16.zip
2015-05-10 16:01 - 2015-05-10 16:01 - 00151580 _____ () C:\Users\Tomča\Downloads\Archive.zip
2015-05-10 13:29 - 2015-05-10 14:18 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Audacity
2015-05-10 13:28 - 2015-05-10 13:28 - 00001026 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-05-10 13:28 - 2015-05-10 13:28 - 00001014 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-05-10 13:28 - 2015-05-10 13:28 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-05-10 13:26 - 2015-05-10 13:26 - 24210616 _____ (Audacity Team ) C:\Users\Tomča\Downloads\audacity-win-2.1.0.exe
2015-05-08 21:14 - 2015-05-09 12:13 - 08216380 _____ () C:\Users\Tomča\Desktop\Bez názvu-1.tif
2015-05-08 21:14 - 2015-05-09 12:13 - 06782499 _____ () C:\Users\Tomča\Desktop\Bez názvu-1.psd
2015-05-08 21:05 - 2015-05-08 21:05 - 00139440 _____ () C:\Users\Tomča\Desktop\VAQ4c5xr.jpeg
2015-05-05 14:28 - 2015-05-05 14:28 - 00000000 ____D () C:\Program Files (x86)\Dream Cheeky
2015-05-05 14:27 - 2015-05-05 14:27 - 00000000 ____D () C:\Users\Tomča\Downloads\USBWebmailNotifierv1.1
2015-05-05 14:26 - 2015-05-05 14:27 - 01192644 _____ () C:\Users\Tomča\Downloads\USBWebmailNotifierv1.1.zip
2015-05-04 21:26 - 2015-05-04 21:33 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\HearthstoneDeckTracker
2015-05-04 15:57 - 2015-05-04 15:57 - 00709450 _____ () C:\Users\Tomča\Downloads\XPerl-r402.zip
2015-05-04 15:56 - 2015-05-04 15:56 - 00629741 _____ () C:\Users\Tomča\Downloads\TitanPanel-4.3.8.30300.zip
2015-05-04 15:56 - 2015-05-04 15:56 - 00170201 _____ () C:\Users\Tomča\Downloads\OneBag3-r131.zip
2015-05-04 15:55 - 2015-05-04 15:55 - 01322876 _____ () C:\Users\Tomča\Downloads\DBM-4.52-r4442-Core-and-WotLK-Mods.zip
2015-05-04 15:55 - 2015-05-04 15:55 - 00356032 _____ () C:\Users\Tomča\Downloads\Recount-r1127.zip
2015-05-04 15:55 - 2015-05-04 15:55 - 00257373 _____ () C:\Users\Tomča\Downloads\Omen-v3.0.9.zip
2015-05-03 20:49 - 2015-05-03 20:49 - 00000000 ____D () C:\Users\Tomča\Desktop\Hearthstone Deck Tracker
2015-05-03 19:38 - 2015-05-03 19:38 - 00025114 _____ () C:\Users\Tomča\Downloads\in-flames-only-for-the-weak-2.gp3
2015-05-03 19:38 - 2015-05-03 19:38 - 00023743 _____ () C:\Users\Tomča\Downloads\in-flames-only-for-the-weak-3.gp4
2015-05-03 19:38 - 2015-05-03 19:38 - 00020174 _____ () C:\Users\Tomča\Downloads\in-flames-only-for-the-weak.gp3
2015-05-03 18:15 - 2015-05-12 20:02 - 00000000 ____D () C:\Users\Tomča\Desktop\Heroes WoW Client with Patch 2.0
2015-05-03 18:15 - 2015-05-03 18:15 - 00068176 _____ () C:\Users\Tomča\Downloads\HeroesWoWClient (1).torrent
2015-05-03 18:06 - 2015-05-03 18:06 - 00068176 _____ () C:\Users\Tomča\Downloads\HeroesWoWClient.torrent
2015-05-02 10:21 - 2015-05-02 11:39 - 00000000 ____D () C:\Users\Tomča\Downloads\Doctor_Who_2005.50th_Anniversary_Special.The_Day_of_the_Doctor.HDTV_x264-FoV[rarbg]
2015-05-02 10:18 - 2015-05-02 11:38 - 436724085 _____ () C:\Users\Tomča\Downloads\Doctor.Who.2005.2012.Christmas.Special.The.Snowmen.HDTV.x264-FoV.mp4
2015-05-02 10:17 - 2015-05-02 10:21 - 00000000 ____D () C:\Users\Tomča\Downloads\Doctor_Who_2005.2013_Christmas_Special.The_Time_of_The_Doctor.HDTV_x264-FoV[rarbg]
2015-05-01 18:06 - 2015-05-01 18:06 - 00000000 ____D () C:\Users\Tomča\Documents\Dungeon of the Endless
2015-05-01 18:05 - 2015-05-01 18:05 - 00001344 _____ () C:\Users\Tomča\Desktop\Dungeon of the Endless.lnk
2015-05-01 18:05 - 2015-05-01 18:05 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Dungeon of the Endless
2015-05-01 18:05 - 2015-05-01 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-05-01 18:05 - 2015-05-01 18:05 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-05-01 18:03 - 2015-05-01 18:04 - 00000000 ____D () C:\Users\Tomča\Downloads\[R.G. Mechanics] Dungeon of the Endless
2015-05-01 18:02 - 2015-05-01 18:02 - 00015386 _____ () C:\Users\Tomča\Downloads\Dungeon.of.the.Endless.torrent
2015-04-30 16:54 - 2015-04-30 17:00 - 00000040 _____ () C:\Users\Tomča\Desktop\Heroic Leap.ahk
2015-04-30 16:54 - 2015-04-30 16:54 - 00001352 _____ () C:\Users\Tomča\Documents\AutoHotkey.ahk
2015-04-30 12:31 - 2015-05-02 10:40 - 00000000 ____D () C:\Users\Tomča\Downloads\[ UsaBit.com ] - Doctor.Who.The.Doctor.The.Widow.And.The.Wardrobe.2011.iNTERNAL.DVDRip.XviD-RAWNiTRO
2015-04-29 18:43 - 2015-04-29 19:12 - 00000000 ____D () C:\Users\Tomča\Downloads\Adventure Time Season 1 Complete
2015-04-25 15:52 - 2015-04-25 15:53 - 01113621 _____ () C:\Users\Tomča\Downloads\Pocket_Dungeon.zip
2015-04-25 12:52 - 2015-04-25 13:07 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2015-04-25 12:52 - 2015-04-25 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-04-25 12:51 - 2015-04-25 12:51 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Guild Wars 2
2015-04-23 16:58 - 2015-04-23 16:58 - 00273864 _____ () C:\Users\Tomča\Downloads\Gladius-v2.0.16-beta.zip
2015-04-23 16:57 - 2015-04-23 16:57 - 00667792 _____ () C:\Users\Tomča\Downloads\TellMeWhen-4.7.1.zip
2015-04-23 16:57 - 2015-04-23 16:57 - 00351590 _____ () C:\Users\Tomča\Downloads\SpellAlerter-v2.15.zip
2015-04-23 16:57 - 2015-04-23 16:57 - 00212071 _____ () C:\Users\Tomča\Downloads\Castbars-3.29.zip
2015-04-22 12:24 - 2015-05-14 17:29 - 00000000 ____D () C:\Users\Tomča\Desktop\wow cataclysm 4.3.4
2015-04-21 18:44 - 2015-04-21 18:44 - 00015399 ____H () C:\Users\Tomča\Downloads\t11_BillPerkins_Slide_4815_Learn.MP4.mta
2015-04-20 17:09 - 2015-04-20 17:09 - 00015035 _____ () C:\Users\Tomča\Downloads\[uztor.ru].t71591.torrent
2015-04-19 19:34 - 2010-12-26 16:14 - 00022545 _____ () C:\Users\Tomča\Desktop\toxicity.TXT
2015-04-19 19:33 - 2015-04-19 19:34 - 00004394 _____ () C:\Users\Tomča\Downloads\Toxicity ST.rar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-16 18:45 - 2015-01-09 19:40 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\uTorrent
2015-05-16 18:43 - 2015-01-08 20:30 - 00000968 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-16 18:34 - 2015-01-20 18:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-16 18:09 - 2015-03-15 13:04 - 00000982 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-05-16 18:05 - 2015-03-15 13:05 - 00005520 _____ () C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-6.job
2015-05-16 18:05 - 2015-03-15 13:05 - 00003476 _____ () C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-1-7.job
2015-05-16 18:05 - 2015-03-15 13:05 - 00003140 _____ () C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-1-6.job
2015-05-16 18:05 - 2015-03-15 13:05 - 00002448 _____ () C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-5.job
2015-05-16 18:05 - 2015-03-15 13:04 - 00005184 _____ () C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-7.job
2015-05-16 18:04 - 2015-03-15 13:04 - 00004496 _____ () C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-3.job
2015-05-16 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-16 15:43 - 2015-01-08 20:30 - 00000964 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-16 09:26 - 2015-03-15 13:04 - 00000978 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-05-15 17:40 - 2012-08-02 08:48 - 00735800 _____ () C:\WINDOWS\system32\perfh005.dat
2015-05-15 17:40 - 2012-08-02 08:48 - 00152596 _____ () C:\WINDOWS\system32\perfc005.dat
2015-05-15 17:40 - 2012-07-26 09:28 - 01740156 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-14 19:46 - 2015-01-08 20:31 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-14 14:13 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-05-13 21:30 - 2015-01-08 21:08 - 00000000 ____D () C:\Users\Tomča\AppData\Local\Battle.net
2015-05-13 18:32 - 2015-01-08 21:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-09 19:25 - 2015-01-22 21:07 - 00000000 ____D () C:\Users\Tomča\AppData\Local\Spotify
2015-05-09 19:24 - 2015-01-22 21:06 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Spotify
2015-05-04 18:19 - 2015-01-08 20:29 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3997287831-3372067910-2735212-1001
2015-05-03 19:43 - 2015-01-08 20:13 - 00000000 ____D () C:\Users\Tomča
2015-04-25 12:51 - 2014-05-20 08:03 - 00000000 ____D () C:\Users\Tomča\Documents\Guild Wars 2
2015-04-21 18:44 - 2015-04-06 13:42 - 00000000 ____D () C:\Users\Tomča\Downloads\Dr.Who Seasons 1-7
2015-04-21 18:40 - 2015-02-26 18:24 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-04-21 18:39 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-16 21:36 - 2015-01-08 23:38 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
==================== Files in the root of some directories =======
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Tomča\AppData\Roaming\FHIGIC
2015-03-15 13:04 - 2015-03-15 13:04 - 1854464 _____ (Cinema PlusV05.03) C:\Users\Tomča\AppData\Roaming\FHIGIC.exe
2015-01-10 17:44 - 2015-01-10 17:44 - 0000093 _____ () C:\Users\Tomča\AppData\Local\fusioncache.dat
2015-02-07 17:35 - 2015-02-07 17:35 - 0000000 ___SH () C:\Users\Tomča\AppData\Local\LumaEmu
2015-05-16 18:40 - 2015-05-16 18:40 - 0007606 _____ () C:\Users\Tomča\AppData\Local\Resmon.ResmonCfg
2015-02-03 11:41 - 2015-02-03 11:41 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-1-6.job => C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-1-7.job => C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-10_user.job => C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-3.job => C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-5.job => C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-5_user.job => C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-6.job => C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\2300726e-d013-4e97-93b8-82cdb2191e24-7.job => C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\FHIGIC.job => C:\Users\Tomý˙a\AppData\Roaming\FHIGIC.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\Tomča\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Tomča\Downloads\[theory11_support]_re-_holiday_contest.eml:OECustomProperty
==================== Security Center ==================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Tom�a\Desktop" je 225851 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Abnormální využití RAM v nečinnosti
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
tommymacho
- Návštěvník
- Příspěvky: 12
- Registrován: 16 kvě 2015 17:50
Abnormální využití RAM v nečinnosti
- Přílohy
-
- Addition.zip
- (10.47 KiB) Staženo 35 x
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Abnormální využití RAM v nečinnosti
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
tommymacho
- Návštěvník
- Příspěvky: 12
- Registrován: 16 kvě 2015 17:50
Re: Abnormální využití RAM v nečinnosti
# AdwCleaner v4.204 - Log vytvořen 16/05/2015 v 22:18:50
# Aktualizováno 12/05/2015 by Xplode
# Databáze : 2015-05-12.2 [Server]
# Operační system : Windows 8 (x64)
# Uživatelské jméno : Tomča - TOM
# Spuštěno z : C:\Users\Tomča\Desktop\adwcleaner_4.204.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Smazáno : C:\Users\Tomča\AppData\Local\globalUpdate
Soubor Smazáno : C:\END
Soubor Smazáno : C:\Users\Administrator\Favorites\eBay.lnk
***** [ Naplánované úlohy ] *****
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-1-6
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-1-7
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-10_user
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-3
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-5
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-5_user
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-6
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-7
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Klíč Smazáno : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Klíč Smazáno : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Klíč Smazáno : HKLM\SOFTWARE\56a758f7-9c83-46ff-9173-a547f48f2df9
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Klíč Smazáno : HKCU\Software\Conduit
Klíč Smazáno : HKCU\Software\GlobalUpdate
Klíč Smazáno : HKCU\Software\InstalledBrowserExtensions
Klíč Smazáno : HKCU\Software\AppDataLow\Software\Crossrider
Klíč Smazáno : HKLM\SOFTWARE\Conduit
Klíč Smazáno : HKLM\SOFTWARE\GlobalUpdate
Klíč Smazáno : HKLM\SOFTWARE\InstalledBrowserExtensions
Klíč Smazáno : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
***** [ Prohlížeče ] *****
-\\ Internet Explorer v10.0.9200.17183
-\\ Google Chrome v42.0.2311.152
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [4575 bytů] - [16/05/2015 22:17:11]
AdwCleaner[S0].txt - [3947 bytů] - [16/05/2015 22:18:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4005 bytů] ##########
# Aktualizováno 12/05/2015 by Xplode
# Databáze : 2015-05-12.2 [Server]
# Operační system : Windows 8 (x64)
# Uživatelské jméno : Tomča - TOM
# Spuštěno z : C:\Users\Tomča\Desktop\adwcleaner_4.204.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Smazáno : C:\Users\Tomča\AppData\Local\globalUpdate
Soubor Smazáno : C:\END
Soubor Smazáno : C:\Users\Administrator\Favorites\eBay.lnk
***** [ Naplánované úlohy ] *****
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-1-6
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-1-7
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-10_user
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-3
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-5
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-5_user
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-6
Úloha Smazáno : 2300726e-d013-4e97-93b8-82cdb2191e24-7
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Klíč Smazáno : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Klíč Smazáno : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Klíč Smazáno : HKLM\SOFTWARE\56a758f7-9c83-46ff-9173-a547f48f2df9
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Klíč Smazáno : HKCU\Software\Conduit
Klíč Smazáno : HKCU\Software\GlobalUpdate
Klíč Smazáno : HKCU\Software\InstalledBrowserExtensions
Klíč Smazáno : HKCU\Software\AppDataLow\Software\Crossrider
Klíč Smazáno : HKLM\SOFTWARE\Conduit
Klíč Smazáno : HKLM\SOFTWARE\GlobalUpdate
Klíč Smazáno : HKLM\SOFTWARE\InstalledBrowserExtensions
Klíč Smazáno : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
***** [ Prohlížeče ] *****
-\\ Internet Explorer v10.0.9200.17183
-\\ Google Chrome v42.0.2311.152
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [4575 bytů] - [16/05/2015 22:17:11]
AdwCleaner[S0].txt - [3947 bytů] - [16/05/2015 22:18:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4005 bytů] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Abnormální využití RAM v nečinnosti
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
tommymacho
- Návštěvník
- Příspěvky: 12
- Registrován: 16 kvě 2015 17:50
Re: Abnormální využití RAM v nečinnosti
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Tomča (administrator) on TOM on 16-05-2015 22:27:28
Running from C:\Users\Tomča\Desktop
Loaded Profiles: Tomča (Available profiles: Tomča & Administrator)
Platform: Windows 8 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Tomča\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(forum.viry.cz) C:\Users\Tomča\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Dare-U mouse] => C:\Program Files (x86)\uRage Illuminated Driver\Monitor.exe [491520 2013-01-17] ()
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\MountPoints2: E - "E:\setup.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3997287831-3372067910-2735212-1001 -> {A5BBDDD9-3798-4226-AA4D-A21B5DA0A228} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-05-16] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-31] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3997287831-3372067910-2735212-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tomča\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-14]
CHR Extension: (YouTube) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-14]
CHR Extension: (ImprovedTube - YouTube Extension) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2015-01-08]
CHR Extension: (Adblock Plus) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-08]
CHR Extension: (Google Search) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-14]
CHR Extension: (Bookmark Manager) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Arcane Legends) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2015-03-14]
CHR Extension: (Twitch Live) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2015-01-08]
CHR Extension: (Into The Mist) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Gmail) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
S3 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-02-06] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S3 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671512 2014-12-22] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1119232 2012-06-30] (Realtek Semiconductor Corporation )
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows (R) Win 7 DDK provider)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-16 22:22 - 2015-05-16 22:22 - 00004088 _____ () C:\Users\Tomča\Desktop\AdwCleaner[S0].txt
2015-05-16 22:17 - 2015-05-16 22:18 - 00000000 ____D () C:\AdwCleaner
2015-05-16 22:16 - 2015-05-16 22:16 - 02209792 _____ () C:\Users\Tomča\Desktop\adwcleaner_4.204.exe
2015-05-16 22:12 - 2015-05-16 22:12 - 446976658 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-16 22:12 - 2015-05-16 22:12 - 00281488 _____ () C:\WINDOWS\Minidump\051615-31109-01.dmp
2015-05-16 19:21 - 2015-05-16 19:21 - 00015936 ____H () C:\Users\Tomča\Downloads\Doctor.Who.2005.2012.Christmas.Special.The.Snowmen.HDTV.x264-FoV.MP4.mta
2015-05-16 19:16 - 2015-05-16 19:16 - 00000590 _____ () C:\WINDOWS\PFRO.log
2015-05-16 18:59 - 2015-05-16 18:59 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\ProductData
2015-05-16 18:58 - 2015-05-16 18:58 - 00003174 _____ () C:\WINDOWS\System32\Tasks\ASC8_PerformanceMonitor
2015-05-16 18:58 - 2015-05-16 18:58 - 00002386 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Tomča
2015-05-16 18:58 - 2015-05-16 18:58 - 00000286 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Tomča.job
2015-05-16 18:58 - 2015-05-16 18:58 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Apple Computer
2015-05-16 18:58 - 2015-05-16 18:58 - 00000000 ____D () C:\ProgramData\ProductData
2015-05-16 18:57 - 2015-05-16 19:22 - 00000250 _____ () C:\WINDOWS\Tasks\ASC8_SkipUac_Tomča.job
2015-05-16 18:57 - 2015-05-16 19:04 - 00002188 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-05-16 18:57 - 2015-05-16 18:59 - 00000000 ____D () C:\ProgramData\IObit
2015-05-16 18:57 - 2015-05-16 18:58 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\IObit
2015-05-16 18:57 - 2015-05-16 18:58 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-05-16 18:57 - 2015-05-16 18:57 - 00002350 _____ () C:\WINDOWS\System32\Tasks\ASC8_SkipUac_Tomča
2015-05-16 18:57 - 2015-05-16 18:57 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-05-16 18:57 - 2015-05-16 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-05-16 18:57 - 2015-05-16 18:57 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-05-16 18:56 - 2015-05-16 18:56 - 00010721 _____ () C:\Users\Tomča\Desktop\Addition.zip
2015-05-16 18:48 - 2015-05-16 22:28 - 00017785 _____ () C:\Users\Tomča\Desktop\FRST.txt
2015-05-16 18:48 - 2015-05-16 22:27 - 00000000 ____D () C:\FRST
2015-05-16 18:47 - 2015-05-16 18:47 - 00112640 _____ (forum.viry.cz) C:\Users\Tomča\Desktop\FRSTLauncher.exe
2015-05-16 18:45 - 2015-05-16 18:45 - 02107392 _____ (Farbar) C:\Users\Tomča\Desktop\FRST64.exe
2015-05-16 18:40 - 2015-05-16 18:40 - 00007606 _____ () C:\Users\Tomča\AppData\Local\Resmon.ResmonCfg
2015-05-16 18:36 - 2015-05-16 18:36 - 00000000 ____D () C:\Users\Tomča\Downloads\IObit Advanced SystemCare PRO 8.1.0.651 Final Incl. Crack [ATOM]
2015-05-16 18:35 - 2015-05-16 18:35 - 00014917 _____ () C:\Users\Tomča\Downloads\[kat.cr]iobit.advanced.system.care.systemcare.pro.8.1.0.651.final.incl.crack.atom.torrent
2015-05-16 18:20 - 2015-05-16 18:33 - 00000828 _____ () C:\Users\Tomča\Desktop\Misty Mountains.txt
2015-05-16 14:56 - 2015-05-16 19:34 - 00000000 ____D () C:\Users\Tomča\Desktop\WoW WoD
2015-05-12 20:00 - 2015-05-12 20:01 - 00700112 _____ () C:\Users\Tomča\Downloads\XPerl-3.0.9.zip
2015-05-11 17:52 - 2015-05-11 17:58 - 00000000 ____D () C:\Users\Tomča\Downloads\AMON AMARTH - DISCOGRAPHY (1992-13) [CHANNEL NEO]
2015-05-10 16:03 - 2015-05-10 16:03 - 05642956 _____ () C:\Users\Tomča\Downloads\XPerl-3.3.5.rar
2015-05-10 16:02 - 2015-05-10 16:03 - 00041200 _____ () C:\Users\Tomča\Downloads\OmniCC_3.0.beta16.zip
2015-05-10 16:01 - 2015-05-10 16:01 - 00151580 _____ () C:\Users\Tomča\Downloads\Archive.zip
2015-05-10 13:29 - 2015-05-10 14:18 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Audacity
2015-05-10 13:28 - 2015-05-10 13:28 - 00001026 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-05-10 13:28 - 2015-05-10 13:28 - 00001014 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-05-10 13:28 - 2015-05-10 13:28 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-05-10 13:26 - 2015-05-10 13:26 - 24210616 _____ (Audacity Team ) C:\Users\Tomča\Downloads\audacity-win-2.1.0.exe
2015-05-08 21:14 - 2015-05-09 12:13 - 08216380 _____ () C:\Users\Tomča\Desktop\Bez názvu-1.tif
2015-05-08 21:14 - 2015-05-09 12:13 - 06782499 _____ () C:\Users\Tomča\Desktop\Bez názvu-1.psd
2015-05-08 21:05 - 2015-05-08 21:05 - 00139440 _____ () C:\Users\Tomča\Desktop\VAQ4c5xr.jpeg
2015-05-05 14:28 - 2015-05-05 14:28 - 00000000 ____D () C:\Program Files (x86)\Dream Cheeky
2015-05-05 14:27 - 2015-05-05 14:27 - 00000000 ____D () C:\Users\Tomča\Downloads\USBWebmailNotifierv1.1
2015-05-05 14:26 - 2015-05-05 14:27 - 01192644 _____ () C:\Users\Tomča\Downloads\USBWebmailNotifierv1.1.zip
2015-05-04 21:26 - 2015-05-04 21:33 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\HearthstoneDeckTracker
2015-05-04 15:57 - 2015-05-04 15:57 - 00709450 _____ () C:\Users\Tomča\Downloads\XPerl-r402.zip
2015-05-04 15:56 - 2015-05-04 15:56 - 00629741 _____ () C:\Users\Tomča\Downloads\TitanPanel-4.3.8.30300.zip
2015-05-04 15:56 - 2015-05-04 15:56 - 00170201 _____ () C:\Users\Tomča\Downloads\OneBag3-r131.zip
2015-05-04 15:55 - 2015-05-04 15:55 - 01322876 _____ () C:\Users\Tomča\Downloads\DBM-4.52-r4442-Core-and-WotLK-Mods.zip
2015-05-04 15:55 - 2015-05-04 15:55 - 00356032 _____ () C:\Users\Tomča\Downloads\Recount-r1127.zip
2015-05-04 15:55 - 2015-05-04 15:55 - 00257373 _____ () C:\Users\Tomča\Downloads\Omen-v3.0.9.zip
2015-05-03 20:49 - 2015-05-03 20:49 - 00000000 ____D () C:\Users\Tomča\Desktop\Hearthstone Deck Tracker
2015-05-03 19:38 - 2015-05-03 19:38 - 00025114 _____ () C:\Users\Tomča\Downloads\in-flames-only-for-the-weak-2.gp3
2015-05-03 19:38 - 2015-05-03 19:38 - 00023743 _____ () C:\Users\Tomča\Downloads\in-flames-only-for-the-weak-3.gp4
2015-05-03 19:38 - 2015-05-03 19:38 - 00020174 _____ () C:\Users\Tomča\Downloads\in-flames-only-for-the-weak.gp3
2015-05-03 18:15 - 2015-05-12 20:02 - 00000000 ____D () C:\Users\Tomča\Desktop\Heroes WoW Client with Patch 2.0
2015-05-03 18:15 - 2015-05-03 18:15 - 00068176 _____ () C:\Users\Tomča\Downloads\HeroesWoWClient (1).torrent
2015-05-03 18:06 - 2015-05-03 18:06 - 00068176 _____ () C:\Users\Tomča\Downloads\HeroesWoWClient.torrent
2015-05-02 10:21 - 2015-05-16 19:21 - 00000000 ____D () C:\Users\Tomča\Downloads\Doctor_Who_2005.50th_Anniversary_Special.The_Day_of_the_Doctor.HDTV_x264-FoV[rarbg]
2015-05-02 10:18 - 2015-05-02 11:38 - 436724085 _____ () C:\Users\Tomča\Downloads\Doctor.Who.2005.2012.Christmas.Special.The.Snowmen.HDTV.x264-FoV.mp4
2015-05-02 10:17 - 2015-05-16 19:21 - 00000000 ____D () C:\Users\Tomča\Downloads\Doctor_Who_2005.2013_Christmas_Special.The_Time_of_The_Doctor.HDTV_x264-FoV[rarbg]
2015-05-01 18:06 - 2015-05-01 18:06 - 00000000 ____D () C:\Users\Tomča\Documents\Dungeon of the Endless
2015-05-01 18:05 - 2015-05-01 18:05 - 00001344 _____ () C:\Users\Tomča\Desktop\Dungeon of the Endless.lnk
2015-05-01 18:05 - 2015-05-01 18:05 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Dungeon of the Endless
2015-05-01 18:05 - 2015-05-01 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-05-01 18:05 - 2015-05-01 18:05 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-05-01 18:03 - 2015-05-01 18:04 - 00000000 ____D () C:\Users\Tomča\Downloads\[R.G. Mechanics] Dungeon of the Endless
2015-05-01 18:02 - 2015-05-01 18:02 - 00015386 _____ () C:\Users\Tomča\Downloads\Dungeon.of.the.Endless.torrent
2015-04-30 16:54 - 2015-04-30 17:00 - 00000040 _____ () C:\Users\Tomča\Desktop\Heroic Leap.ahk
2015-04-30 16:54 - 2015-04-30 16:54 - 00001352 _____ () C:\Users\Tomča\Documents\AutoHotkey.ahk
2015-04-30 12:31 - 2015-05-16 19:21 - 00000000 ____D () C:\Users\Tomča\Downloads\[ UsaBit.com ] - Doctor.Who.The.Doctor.The.Widow.And.The.Wardrobe.2011.iNTERNAL.DVDRip.XviD-RAWNiTRO
2015-04-29 18:43 - 2015-05-16 19:20 - 00000000 ____D () C:\Users\Tomča\Downloads\Adventure Time Season 1 Complete
2015-04-25 15:52 - 2015-04-25 15:53 - 01113621 _____ () C:\Users\Tomča\Downloads\Pocket_Dungeon.zip
2015-04-25 12:52 - 2015-04-25 13:07 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2015-04-25 12:52 - 2015-04-25 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-04-25 12:51 - 2015-04-25 12:51 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Guild Wars 2
2015-04-23 16:58 - 2015-04-23 16:58 - 00273864 _____ () C:\Users\Tomča\Downloads\Gladius-v2.0.16-beta.zip
2015-04-23 16:57 - 2015-04-23 16:57 - 00667792 _____ () C:\Users\Tomča\Downloads\TellMeWhen-4.7.1.zip
2015-04-23 16:57 - 2015-04-23 16:57 - 00351590 _____ () C:\Users\Tomča\Downloads\SpellAlerter-v2.15.zip
2015-04-23 16:57 - 2015-04-23 16:57 - 00212071 _____ () C:\Users\Tomča\Downloads\Castbars-3.29.zip
2015-04-22 12:24 - 2015-05-14 17:29 - 00000000 ____D () C:\Users\Tomča\Desktop\wow cataclysm 4.3.4
2015-04-21 18:44 - 2015-04-21 18:44 - 00015399 ____H () C:\Users\Tomča\Downloads\t11_BillPerkins_Slide_4815_Learn.MP4.mta
2015-04-20 17:09 - 2015-04-20 17:09 - 00015035 _____ () C:\Users\Tomča\Downloads\[uztor.ru].t71591.torrent
2015-04-19 19:34 - 2010-12-26 16:14 - 00022545 _____ () C:\Users\Tomča\Desktop\toxicity.TXT
2015-04-19 19:33 - 2015-04-19 19:34 - 00004394 _____ () C:\Users\Tomča\Downloads\Toxicity ST.rar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-16 22:27 - 2015-01-08 20:29 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3997287831-3372067910-2735212-1001
2015-05-16 22:26 - 2012-08-02 08:48 - 00735800 _____ () C:\WINDOWS\system32\perfh005.dat
2015-05-16 22:26 - 2012-08-02 08:48 - 00152596 _____ () C:\WINDOWS\system32\perfc005.dat
2015-05-16 22:26 - 2012-07-26 09:28 - 01740156 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-16 22:20 - 2015-02-26 18:24 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-05-16 22:20 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-16 22:12 - 2015-01-20 20:20 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-16 22:11 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-16 19:17 - 2015-01-20 20:20 - 05057408 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-16 19:17 - 2015-01-08 20:30 - 00000968 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-16 19:17 - 2015-01-08 20:30 - 00000964 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-16 19:16 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-16 19:13 - 2015-01-08 20:30 - 00003926 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 19:13 - 2015-01-08 20:30 - 00003690 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 19:04 - 2015-03-14 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-05-16 19:04 - 2015-01-24 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cockatrice
2015-05-16 19:04 - 2014-12-08 19:25 - 00000000 ___RD () C:\Users\Tomča\Desktop\Programy
2015-05-16 19:04 - 2014-06-05 20:59 - 00000000 ____D () C:\Users\Tomča\Desktop\GAMES
2015-05-16 19:04 - 2012-11-18 21:08 - 00000000 ___DC () C:\WINDOWS\Panther
2015-05-16 18:57 - 2015-01-09 19:40 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\uTorrent
2015-05-16 18:34 - 2015-01-20 18:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-14 19:46 - 2015-01-08 20:31 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-14 14:13 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-05-13 21:30 - 2015-01-08 21:08 - 00000000 ____D () C:\Users\Tomča\AppData\Local\Battle.net
2015-05-13 18:32 - 2015-01-08 21:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-09 19:25 - 2015-01-22 21:07 - 00000000 ____D () C:\Users\Tomča\AppData\Local\Spotify
2015-05-09 19:24 - 2015-01-22 21:06 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Spotify
2015-05-03 19:43 - 2015-01-08 20:13 - 00000000 ____D () C:\Users\Tomča
2015-04-25 12:51 - 2014-05-20 08:03 - 00000000 ____D () C:\Users\Tomča\Documents\Guild Wars 2
2015-04-21 18:44 - 2015-04-06 13:42 - 00000000 ____D () C:\Users\Tomča\Downloads\Dr.Who Seasons 1-7
2015-04-16 21:36 - 2015-01-08 23:38 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
==================== Files in the root of some directories =======
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Tomča\AppData\Roaming\FHIGIC
2015-03-15 13:04 - 2015-03-15 13:04 - 1854464 _____ (Cinema PlusV05.03) C:\Users\Tomča\AppData\Roaming\FHIGIC.exe
2015-01-10 17:44 - 2015-01-10 17:44 - 0000093 _____ () C:\Users\Tomča\AppData\Local\fusioncache.dat
2015-02-07 17:35 - 2015-02-07 17:35 - 0000000 ___SH () C:\Users\Tomča\AppData\Local\LumaEmu
2015-05-16 18:40 - 2015-05-16 18:40 - 0007606 _____ () C:\Users\Tomča\AppData\Local\Resmon.ResmonCfg
2015-02-03 11:41 - 2015-02-03 11:41 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some content of TEMP:
====================
C:\Users\Tomča\AppData\Local\Temp\Quarantine.exe
C:\Users\Tomča\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-07 15:05
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (TI31014200A) (Fixed) (Total:687.19 GB) (Free:121.55 GB) NTFS
Available physical RAM: 2608.13 MB
Total physical RAM: 4047.22 MB
Percentage of memory in use: 35%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Tomča.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\FHIGIC.job => C:\Users\Tomý˙a\AppData\Roaming\FHIGIC.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Tomča.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\Tomča\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Tomča\Downloads\[theory11_support]_re-_holiday_contest.eml:OECustomProperty
==================== Security Center ==================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Tom�a\Desktop" je 237555 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Tomča (administrator) on TOM on 16-05-2015 22:27:28
Running from C:\Users\Tomča\Desktop
Loaded Profiles: Tomča (Available profiles: Tomča & Administrator)
Platform: Windows 8 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Tomča\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(forum.viry.cz) C:\Users\Tomča\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Dare-U mouse] => C:\Program Files (x86)\uRage Illuminated Driver\Monitor.exe [491520 2013-01-17] ()
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\MountPoints2: E - "E:\setup.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3997287831-3372067910-2735212-1001 -> {A5BBDDD9-3798-4226-AA4D-A21B5DA0A228} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-05-16] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-31] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3997287831-3372067910-2735212-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tomča\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-14]
CHR Extension: (YouTube) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-14]
CHR Extension: (ImprovedTube - YouTube Extension) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2015-01-08]
CHR Extension: (Adblock Plus) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-08]
CHR Extension: (Google Search) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-14]
CHR Extension: (Bookmark Manager) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Arcane Legends) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2015-03-14]
CHR Extension: (Twitch Live) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2015-01-08]
CHR Extension: (Into The Mist) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Gmail) - C:\Users\Tomča\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
S3 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-02-06] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S3 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671512 2014-12-22] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1119232 2012-06-30] (Realtek Semiconductor Corporation )
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows (R) Win 7 DDK provider)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-16 22:22 - 2015-05-16 22:22 - 00004088 _____ () C:\Users\Tomča\Desktop\AdwCleaner[S0].txt
2015-05-16 22:17 - 2015-05-16 22:18 - 00000000 ____D () C:\AdwCleaner
2015-05-16 22:16 - 2015-05-16 22:16 - 02209792 _____ () C:\Users\Tomča\Desktop\adwcleaner_4.204.exe
2015-05-16 22:12 - 2015-05-16 22:12 - 446976658 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-16 22:12 - 2015-05-16 22:12 - 00281488 _____ () C:\WINDOWS\Minidump\051615-31109-01.dmp
2015-05-16 19:21 - 2015-05-16 19:21 - 00015936 ____H () C:\Users\Tomča\Downloads\Doctor.Who.2005.2012.Christmas.Special.The.Snowmen.HDTV.x264-FoV.MP4.mta
2015-05-16 19:16 - 2015-05-16 19:16 - 00000590 _____ () C:\WINDOWS\PFRO.log
2015-05-16 18:59 - 2015-05-16 18:59 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\ProductData
2015-05-16 18:58 - 2015-05-16 18:58 - 00003174 _____ () C:\WINDOWS\System32\Tasks\ASC8_PerformanceMonitor
2015-05-16 18:58 - 2015-05-16 18:58 - 00002386 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Tomča
2015-05-16 18:58 - 2015-05-16 18:58 - 00000286 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Tomča.job
2015-05-16 18:58 - 2015-05-16 18:58 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Apple Computer
2015-05-16 18:58 - 2015-05-16 18:58 - 00000000 ____D () C:\ProgramData\ProductData
2015-05-16 18:57 - 2015-05-16 19:22 - 00000250 _____ () C:\WINDOWS\Tasks\ASC8_SkipUac_Tomča.job
2015-05-16 18:57 - 2015-05-16 19:04 - 00002188 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-05-16 18:57 - 2015-05-16 18:59 - 00000000 ____D () C:\ProgramData\IObit
2015-05-16 18:57 - 2015-05-16 18:58 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\IObit
2015-05-16 18:57 - 2015-05-16 18:58 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-05-16 18:57 - 2015-05-16 18:57 - 00002350 _____ () C:\WINDOWS\System32\Tasks\ASC8_SkipUac_Tomča
2015-05-16 18:57 - 2015-05-16 18:57 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-05-16 18:57 - 2015-05-16 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-05-16 18:57 - 2015-05-16 18:57 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-05-16 18:56 - 2015-05-16 18:56 - 00010721 _____ () C:\Users\Tomča\Desktop\Addition.zip
2015-05-16 18:48 - 2015-05-16 22:28 - 00017785 _____ () C:\Users\Tomča\Desktop\FRST.txt
2015-05-16 18:48 - 2015-05-16 22:27 - 00000000 ____D () C:\FRST
2015-05-16 18:47 - 2015-05-16 18:47 - 00112640 _____ (forum.viry.cz) C:\Users\Tomča\Desktop\FRSTLauncher.exe
2015-05-16 18:45 - 2015-05-16 18:45 - 02107392 _____ (Farbar) C:\Users\Tomča\Desktop\FRST64.exe
2015-05-16 18:40 - 2015-05-16 18:40 - 00007606 _____ () C:\Users\Tomča\AppData\Local\Resmon.ResmonCfg
2015-05-16 18:36 - 2015-05-16 18:36 - 00000000 ____D () C:\Users\Tomča\Downloads\IObit Advanced SystemCare PRO 8.1.0.651 Final Incl. Crack [ATOM]
2015-05-16 18:35 - 2015-05-16 18:35 - 00014917 _____ () C:\Users\Tomča\Downloads\[kat.cr]iobit.advanced.system.care.systemcare.pro.8.1.0.651.final.incl.crack.atom.torrent
2015-05-16 18:20 - 2015-05-16 18:33 - 00000828 _____ () C:\Users\Tomča\Desktop\Misty Mountains.txt
2015-05-16 14:56 - 2015-05-16 19:34 - 00000000 ____D () C:\Users\Tomča\Desktop\WoW WoD
2015-05-12 20:00 - 2015-05-12 20:01 - 00700112 _____ () C:\Users\Tomča\Downloads\XPerl-3.0.9.zip
2015-05-11 17:52 - 2015-05-11 17:58 - 00000000 ____D () C:\Users\Tomča\Downloads\AMON AMARTH - DISCOGRAPHY (1992-13) [CHANNEL NEO]
2015-05-10 16:03 - 2015-05-10 16:03 - 05642956 _____ () C:\Users\Tomča\Downloads\XPerl-3.3.5.rar
2015-05-10 16:02 - 2015-05-10 16:03 - 00041200 _____ () C:\Users\Tomča\Downloads\OmniCC_3.0.beta16.zip
2015-05-10 16:01 - 2015-05-10 16:01 - 00151580 _____ () C:\Users\Tomča\Downloads\Archive.zip
2015-05-10 13:29 - 2015-05-10 14:18 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Audacity
2015-05-10 13:28 - 2015-05-10 13:28 - 00001026 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-05-10 13:28 - 2015-05-10 13:28 - 00001014 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-05-10 13:28 - 2015-05-10 13:28 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-05-10 13:26 - 2015-05-10 13:26 - 24210616 _____ (Audacity Team ) C:\Users\Tomča\Downloads\audacity-win-2.1.0.exe
2015-05-08 21:14 - 2015-05-09 12:13 - 08216380 _____ () C:\Users\Tomča\Desktop\Bez názvu-1.tif
2015-05-08 21:14 - 2015-05-09 12:13 - 06782499 _____ () C:\Users\Tomča\Desktop\Bez názvu-1.psd
2015-05-08 21:05 - 2015-05-08 21:05 - 00139440 _____ () C:\Users\Tomča\Desktop\VAQ4c5xr.jpeg
2015-05-05 14:28 - 2015-05-05 14:28 - 00000000 ____D () C:\Program Files (x86)\Dream Cheeky
2015-05-05 14:27 - 2015-05-05 14:27 - 00000000 ____D () C:\Users\Tomča\Downloads\USBWebmailNotifierv1.1
2015-05-05 14:26 - 2015-05-05 14:27 - 01192644 _____ () C:\Users\Tomča\Downloads\USBWebmailNotifierv1.1.zip
2015-05-04 21:26 - 2015-05-04 21:33 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\HearthstoneDeckTracker
2015-05-04 15:57 - 2015-05-04 15:57 - 00709450 _____ () C:\Users\Tomča\Downloads\XPerl-r402.zip
2015-05-04 15:56 - 2015-05-04 15:56 - 00629741 _____ () C:\Users\Tomča\Downloads\TitanPanel-4.3.8.30300.zip
2015-05-04 15:56 - 2015-05-04 15:56 - 00170201 _____ () C:\Users\Tomča\Downloads\OneBag3-r131.zip
2015-05-04 15:55 - 2015-05-04 15:55 - 01322876 _____ () C:\Users\Tomča\Downloads\DBM-4.52-r4442-Core-and-WotLK-Mods.zip
2015-05-04 15:55 - 2015-05-04 15:55 - 00356032 _____ () C:\Users\Tomča\Downloads\Recount-r1127.zip
2015-05-04 15:55 - 2015-05-04 15:55 - 00257373 _____ () C:\Users\Tomča\Downloads\Omen-v3.0.9.zip
2015-05-03 20:49 - 2015-05-03 20:49 - 00000000 ____D () C:\Users\Tomča\Desktop\Hearthstone Deck Tracker
2015-05-03 19:38 - 2015-05-03 19:38 - 00025114 _____ () C:\Users\Tomča\Downloads\in-flames-only-for-the-weak-2.gp3
2015-05-03 19:38 - 2015-05-03 19:38 - 00023743 _____ () C:\Users\Tomča\Downloads\in-flames-only-for-the-weak-3.gp4
2015-05-03 19:38 - 2015-05-03 19:38 - 00020174 _____ () C:\Users\Tomča\Downloads\in-flames-only-for-the-weak.gp3
2015-05-03 18:15 - 2015-05-12 20:02 - 00000000 ____D () C:\Users\Tomča\Desktop\Heroes WoW Client with Patch 2.0
2015-05-03 18:15 - 2015-05-03 18:15 - 00068176 _____ () C:\Users\Tomča\Downloads\HeroesWoWClient (1).torrent
2015-05-03 18:06 - 2015-05-03 18:06 - 00068176 _____ () C:\Users\Tomča\Downloads\HeroesWoWClient.torrent
2015-05-02 10:21 - 2015-05-16 19:21 - 00000000 ____D () C:\Users\Tomča\Downloads\Doctor_Who_2005.50th_Anniversary_Special.The_Day_of_the_Doctor.HDTV_x264-FoV[rarbg]
2015-05-02 10:18 - 2015-05-02 11:38 - 436724085 _____ () C:\Users\Tomča\Downloads\Doctor.Who.2005.2012.Christmas.Special.The.Snowmen.HDTV.x264-FoV.mp4
2015-05-02 10:17 - 2015-05-16 19:21 - 00000000 ____D () C:\Users\Tomča\Downloads\Doctor_Who_2005.2013_Christmas_Special.The_Time_of_The_Doctor.HDTV_x264-FoV[rarbg]
2015-05-01 18:06 - 2015-05-01 18:06 - 00000000 ____D () C:\Users\Tomča\Documents\Dungeon of the Endless
2015-05-01 18:05 - 2015-05-01 18:05 - 00001344 _____ () C:\Users\Tomča\Desktop\Dungeon of the Endless.lnk
2015-05-01 18:05 - 2015-05-01 18:05 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Dungeon of the Endless
2015-05-01 18:05 - 2015-05-01 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-05-01 18:05 - 2015-05-01 18:05 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-05-01 18:03 - 2015-05-01 18:04 - 00000000 ____D () C:\Users\Tomča\Downloads\[R.G. Mechanics] Dungeon of the Endless
2015-05-01 18:02 - 2015-05-01 18:02 - 00015386 _____ () C:\Users\Tomča\Downloads\Dungeon.of.the.Endless.torrent
2015-04-30 16:54 - 2015-04-30 17:00 - 00000040 _____ () C:\Users\Tomča\Desktop\Heroic Leap.ahk
2015-04-30 16:54 - 2015-04-30 16:54 - 00001352 _____ () C:\Users\Tomča\Documents\AutoHotkey.ahk
2015-04-30 12:31 - 2015-05-16 19:21 - 00000000 ____D () C:\Users\Tomča\Downloads\[ UsaBit.com ] - Doctor.Who.The.Doctor.The.Widow.And.The.Wardrobe.2011.iNTERNAL.DVDRip.XviD-RAWNiTRO
2015-04-29 18:43 - 2015-05-16 19:20 - 00000000 ____D () C:\Users\Tomča\Downloads\Adventure Time Season 1 Complete
2015-04-25 15:52 - 2015-04-25 15:53 - 01113621 _____ () C:\Users\Tomča\Downloads\Pocket_Dungeon.zip
2015-04-25 12:52 - 2015-04-25 13:07 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2015-04-25 12:52 - 2015-04-25 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-04-25 12:51 - 2015-04-25 12:51 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Guild Wars 2
2015-04-23 16:58 - 2015-04-23 16:58 - 00273864 _____ () C:\Users\Tomča\Downloads\Gladius-v2.0.16-beta.zip
2015-04-23 16:57 - 2015-04-23 16:57 - 00667792 _____ () C:\Users\Tomča\Downloads\TellMeWhen-4.7.1.zip
2015-04-23 16:57 - 2015-04-23 16:57 - 00351590 _____ () C:\Users\Tomča\Downloads\SpellAlerter-v2.15.zip
2015-04-23 16:57 - 2015-04-23 16:57 - 00212071 _____ () C:\Users\Tomča\Downloads\Castbars-3.29.zip
2015-04-22 12:24 - 2015-05-14 17:29 - 00000000 ____D () C:\Users\Tomča\Desktop\wow cataclysm 4.3.4
2015-04-21 18:44 - 2015-04-21 18:44 - 00015399 ____H () C:\Users\Tomča\Downloads\t11_BillPerkins_Slide_4815_Learn.MP4.mta
2015-04-20 17:09 - 2015-04-20 17:09 - 00015035 _____ () C:\Users\Tomča\Downloads\[uztor.ru].t71591.torrent
2015-04-19 19:34 - 2010-12-26 16:14 - 00022545 _____ () C:\Users\Tomča\Desktop\toxicity.TXT
2015-04-19 19:33 - 2015-04-19 19:34 - 00004394 _____ () C:\Users\Tomča\Downloads\Toxicity ST.rar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-16 22:27 - 2015-01-08 20:29 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3997287831-3372067910-2735212-1001
2015-05-16 22:26 - 2012-08-02 08:48 - 00735800 _____ () C:\WINDOWS\system32\perfh005.dat
2015-05-16 22:26 - 2012-08-02 08:48 - 00152596 _____ () C:\WINDOWS\system32\perfc005.dat
2015-05-16 22:26 - 2012-07-26 09:28 - 01740156 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-16 22:20 - 2015-02-26 18:24 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-05-16 22:20 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-16 22:12 - 2015-01-20 20:20 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-16 22:11 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-16 19:17 - 2015-01-20 20:20 - 05057408 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-16 19:17 - 2015-01-08 20:30 - 00000968 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-16 19:17 - 2015-01-08 20:30 - 00000964 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-16 19:16 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-16 19:13 - 2015-01-08 20:30 - 00003926 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 19:13 - 2015-01-08 20:30 - 00003690 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 19:04 - 2015-03-14 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-05-16 19:04 - 2015-01-24 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cockatrice
2015-05-16 19:04 - 2014-12-08 19:25 - 00000000 ___RD () C:\Users\Tomča\Desktop\Programy
2015-05-16 19:04 - 2014-06-05 20:59 - 00000000 ____D () C:\Users\Tomča\Desktop\GAMES
2015-05-16 19:04 - 2012-11-18 21:08 - 00000000 ___DC () C:\WINDOWS\Panther
2015-05-16 18:57 - 2015-01-09 19:40 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\uTorrent
2015-05-16 18:34 - 2015-01-20 18:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-14 19:46 - 2015-01-08 20:31 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-14 14:13 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-05-13 21:30 - 2015-01-08 21:08 - 00000000 ____D () C:\Users\Tomča\AppData\Local\Battle.net
2015-05-13 18:32 - 2015-01-08 21:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-09 19:25 - 2015-01-22 21:07 - 00000000 ____D () C:\Users\Tomča\AppData\Local\Spotify
2015-05-09 19:24 - 2015-01-22 21:06 - 00000000 ____D () C:\Users\Tomča\AppData\Roaming\Spotify
2015-05-03 19:43 - 2015-01-08 20:13 - 00000000 ____D () C:\Users\Tomča
2015-04-25 12:51 - 2014-05-20 08:03 - 00000000 ____D () C:\Users\Tomča\Documents\Guild Wars 2
2015-04-21 18:44 - 2015-04-06 13:42 - 00000000 ____D () C:\Users\Tomča\Downloads\Dr.Who Seasons 1-7
2015-04-16 21:36 - 2015-01-08 23:38 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
==================== Files in the root of some directories =======
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Tomča\AppData\Roaming\FHIGIC
2015-03-15 13:04 - 2015-03-15 13:04 - 1854464 _____ (Cinema PlusV05.03) C:\Users\Tomča\AppData\Roaming\FHIGIC.exe
2015-01-10 17:44 - 2015-01-10 17:44 - 0000093 _____ () C:\Users\Tomča\AppData\Local\fusioncache.dat
2015-02-07 17:35 - 2015-02-07 17:35 - 0000000 ___SH () C:\Users\Tomča\AppData\Local\LumaEmu
2015-05-16 18:40 - 2015-05-16 18:40 - 0007606 _____ () C:\Users\Tomča\AppData\Local\Resmon.ResmonCfg
2015-02-03 11:41 - 2015-02-03 11:41 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some content of TEMP:
====================
C:\Users\Tomča\AppData\Local\Temp\Quarantine.exe
C:\Users\Tomča\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-07 15:05
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (TI31014200A) (Fixed) (Total:687.19 GB) (Free:121.55 GB) NTFS
Available physical RAM: 2608.13 MB
Total physical RAM: 4047.22 MB
Percentage of memory in use: 35%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Tomča.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\FHIGIC.job => C:\Users\Tomý˙a\AppData\Roaming\FHIGIC.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Tomča.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\Tomča\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Tomča\Downloads\[theory11_support]_re-_holiday_contest.eml:OECustomProperty
==================== Security Center ==================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Tom�a\Desktop" je 237555 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Abnormální využití RAM v nečinnosti
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte. Doporučujim odinstalovat AdvancedSystemCare. Důvod: viewtopic.php?f=14&t=127320&hilit=iobit .
Na ploše máte příliš mnoho dat:
Start
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\MountPoints2: E - "E:\setup.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Tomča\AppData\Local\Temp
Task: C:\WINDOWS\Tasks\FHIGIC.job => C:\Users\Tomý˙a\AppData\Roaming\FHIGIC.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Tomča\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Tomča\Downloads\[theory11_support]_re-_holiday_contest.eml:OECustomProperty
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte. Doporučujim odinstalovat AdvancedSystemCare. Důvod: viewtopic.php?f=14&t=127320&hilit=iobit .
Na ploše máte příliš mnoho dat:
Vytvořte podsložku v C:\Users\Tomča, do které přesuňte data z plochy a na plochu si dejte pro snazší přístup zástupce. Takové množství dat zpomaluje start.Velikost slozky "C:\Users\Tom�a\Desktop" je 237555 MB.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
tommymacho
- Návštěvník
- Příspěvky: 12
- Registrován: 16 kvě 2015 17:50
Re: Abnormální využití RAM v nečinnosti
AdvancedSystemCare bych raději neodinstalovával, nepoužívám jej jako ochranu proti malware ale jako čištění RAM což opravdu pomohlo, snížil využití o cca 40% což nemůže být náhoda.
Plochu vyčistím, děkuji.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
Ran by Tomča at 2015-05-16 22:51:48 Run:1
Running from C:\Users\Tomča\Desktop
Loaded Profiles: Tomča (Available profiles: Tomča & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\MountPoints2: E - "E:\setup.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Tomča\AppData\Local\Temp
Task: C:\WINDOWS\Tasks\FHIGIC.job => C:\Users\Tomý˙a\AppData\Roaming\FHIGIC.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Tomča\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Tomča\Downloads\[theory11_support]_re-_holiday_contest.eml:OECustomProperty
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-3997287831-3372067910-2735212-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"C:\Users\Tomča\AppData\Local\Temp" directory move:
Could not move "C:\Users\Tomča\AppData\Local\Temp" directory. => Scheduled to move on reboot.
C:\WINDOWS\Tasks\FHIGIC.job => Moved successfully.
"C:\Users\Tomča\OneDrive" => ":ms-properties" ADS not found.
C:\Users\Tomča\Downloads\[theory11_support]_re-_holiday_contest.eml => ":OECustomProperty" ADS removed successfully.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-16 22:53:01)<=
C:\Users\Tomča\AppData\Local\Temp => Moved successfully.
==== End of Fixlog 22:53:02 ====
Plochu vyčistím, děkuji.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
Ran by Tomča at 2015-05-16 22:51:48 Run:1
Running from C:\Users\Tomča\Desktop
Loaded Profiles: Tomča (Available profiles: Tomča & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\...\MountPoints2: E - "E:\setup.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Tomča\AppData\Local\Temp
Task: C:\WINDOWS\Tasks\FHIGIC.job => C:\Users\Tomý˙a\AppData\Roaming\FHIGIC.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Tomča\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Tomča\Downloads\[theory11_support]_re-_holiday_contest.eml:OECustomProperty
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-3997287831-3372067910-2735212-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-3997287831-3372067910-2735212-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"C:\Users\Tomča\AppData\Local\Temp" directory move:
Could not move "C:\Users\Tomča\AppData\Local\Temp" directory. => Scheduled to move on reboot.
C:\WINDOWS\Tasks\FHIGIC.job => Moved successfully.
"C:\Users\Tomča\OneDrive" => ":ms-properties" ADS not found.
C:\Users\Tomča\Downloads\[theory11_support]_re-_holiday_contest.eml => ":OECustomProperty" ADS removed successfully.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-16 22:53:01)<=
C:\Users\Tomča\AppData\Local\Temp => Moved successfully.
==== End of Fixlog 22:53:02 ====
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Abnormální využití RAM v nečinnosti
Nenutím vás, ale už jsem viděl mnoho oper systému poškozených právě tímto čínským šmejdem. To je ale vaše věc. Vše smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
tommymacho
- Návštěvník
- Příspěvky: 12
- Registrován: 16 kvě 2015 17:50
Re: Abnormální využití RAM v nečinnosti
Předpokládám že RAM se vyčistila ještě o něco více, jinak to bude rozdíl spíše skrytý.
Mohl bych se zeptat jaký problém jsem přesně měl?
Mohl bych se zeptat jaký problém jsem přesně měl?
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Abnormální využití RAM v nečinnosti
Pár AdWarů a nějaké zbytečnosti.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
tommymacho
- Návštěvník
- Příspěvky: 12
- Registrován: 16 kvě 2015 17:50
Re: Abnormální využití RAM v nečinnosti
Doporučil byste mi nějaký sw na lepší ochranu? Myslím něco opravdu vyzkoušeného.
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Abnormální využití RAM v nečinnosti
Z free antivirů doporučujeme Avast, nebo Aviru. Z těch placených si můžete vybrat zde: http://forum.viry.cz/viewforum.php?f=29 , všechny lze doporučit. Základem je však chovat se obezřetně na internetu a při otevírání pošty, neklikat na vše, co se nabízí a nechodit do jeho "temných zákoutí".
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
tommymacho
- Návštěvník
- Příspěvky: 12
- Registrován: 16 kvě 2015 17:50
Re: Abnormální využití RAM v nečinnosti
Mockrát děkuji.
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Abnormální využití RAM v nečinnosti
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?