Prosím o preventivní kontrolu logu (podezření na sniffing)

Zpráva

obr4z · #1 Příspěvek od **obr4z** » 15 čer 2016 09:14

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jan Novák at 2016-06-15 10:11:08
Microsoft Windows 8.1
System drive C: has 117 GB (50%) free of 232 GB
Total RAM: 16337 MB (89% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:11:10, on 15. 6. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Users\Miroslav\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\trend micro\Jan Novák.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [Services] C:\windows\SvcFiles\msde.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Miroslav\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [DIMProbíhá stahování aktualizace...1425077801437] "C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Draw\DIM.EXE" "c:\programdata\corel\downloads\540229932_410003\1425077801437\dim_params.xml" -Launch=3 -uibase="c:\users\miroslav\appdata\roaming\corel\messages\540229932_410003\cz\messagecache1\workflow"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_32355425123F7F9C052AB58FA7004C44] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8B99B1A-27EA-46D5-877A-68647B777EB8}: NameServer = 8.8.8.8,8.8.4.4
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Vzdálené plochy Chrome (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Corel License Validation Service V2 x64, Powered by arvato (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12797 bytes

======Listing Processes======

wininit.exe

C:\windows\system32\lsass.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
atieclxx
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\windows\system32\svchost.exe -k apphost
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
dashost.exe {55c9ada1-96bc-4ffe-81da6057d9c7b863}
"C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe" --type=host --daemon-pipe=548
C:\windows\System32\svchost.exe -k HPZ12
"C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe"
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
C:\windows\System32\svchost.exe -k HPZ12
"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe"
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalServicePeerNet
taskeng.exe {4C450FA1-315F-46C4-9012-75EC2B576A32}
taskhostex.exe
C:\windows\Explorer.EXE
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\IDT\WDM\Beats64.exe"
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=51.0.2704.84 --handshake-handle=0x148
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,*UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ClientSideDetectionModel/Model0/CrossDevicePromo/1DaySingleProfile/DirectWriteFontProxy/UseDirectWriteFontProxy/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableMediaRouter/Disabled/ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/Unused_2/OutOfProcessPac/Default/PageRevisitInstrumentation/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Default/PreRead/Default/*QUIC/EnabledNoId/RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/ResourcePriorities/Control50Permanent/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_08/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --type=gpu-process --channel="4552.0.510248292\1376456816" --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,12,13,25,54 --gpu-vendor-id=0x1002 --gpu-device-id=0x6811 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.301.1001.1001 --mojo-platform-channel-handle=1100 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,*UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/CrossDevicePromo/1DaySingleProfile/DirectWriteFontProxy/UseDirectWriteFontProxy/DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/*PageRevisitInstrumentation/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Default/PreRead/Default/*QUIC/EnabledNoId/RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50Permanent/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_08/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=D085E1D6AC78E6C9EA7416C571729E53 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="4552.1.1974319929\109216948" --mojo-platform-channel-handle=2144 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,*UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/CrossDevicePromo/1DaySingleProfile/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/*PageRevisitInstrumentation/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Default/PreRead/Default/*QUIC/EnabledNoId/RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50Permanent/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_08/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=A33ABC5AA6A7A1B0E95E47C7FE226FA2 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="4552.2.24247049\1298245241" --mojo-platform-channel-handle=2292 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,*UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/CrossDevicePromo/1DaySingleProfile/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/*PageRevisitInstrumentation/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Default/PreRead/Default/*QUIC/EnabledNoId/RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50Permanent/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_08/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=FE13D87B92E583ED523BB886A52E2EA6 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="4552.3.2009090068\514158410" --mojo-platform-channel-handle=2172 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,*UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/CrossDevicePromo/1DaySingleProfile/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/*PageRevisitInstrumentation/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Default/PreRead/Default/*QUIC/EnabledNoId/RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50Permanent/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_08/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=245559D4EC1E8AA3D7718AE0663B9D91 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="4552.4.1642620938\1570260417" --mojo-platform-channel-handle=1456 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,*UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/CrossDevicePromo/1DaySingleProfile/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/*PageRevisitInstrumentation/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Default/PreRead/Default/*QUIC/EnabledNoId/RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50Permanent/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_08/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=DC8A40B8ADE4AE919B6E6054A24A5E73 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="4552.6.33072379\470965301" --mojo-platform-channel-handle=2580 /prefetch:1
"C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe" -sync_complete
"C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe"
"C:\Users\Miroslav\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe" --type=gpu-process --channel="5080.0.237906318\1707574632" --no-sandbox --lang=en-US --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,14,27 --gpu-vendor-id=0x1002 --gpu-device-id=0x6811 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.301.1001.1001 --lang=en-US /prefetch:822062411
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
taskeng.exe {77EBA08E-D795-416E-A9CB-2A4C9428E5D3}
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Users\Miroslav\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\DropboxUpdateTaskUserS-1-5-21-931785541-2971233630-2540198836-1001Core.job - C:\Users\Miroslav\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\windows\tasks\DropboxUpdateTaskUserS-1-5-21-931785541-2971233630-2540198836-1001UA.job - C:\Users\Miroslav\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-02-12 6718864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-13 553896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-13 211880]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-02-12 4220304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-11-21 36352]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03 557768]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2014-03-28 1703424]
"BeatsOSDApp"=C:\Program Files\IDT\WDM\beats64.exe [2014-03-28 41664]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2015-12-17 170256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"AdobeBridge"= []
"Dropbox Update"=C:\Users\Miroslav\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 134512]
"DIMProbíhá stahování aktualizace...1425077801437"=C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Draw\DIM.EXE [2014-03-14 272696]
"GoogleChromeAutoLaunch_32355425123F7F9C052AB58FA7004C44"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2016-06-04 941720]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-01-24 766688]
"Lachesis"=C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [2009-11-10 248320]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2012-09-23 3477640]
"Razer Synapse"=C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [2015-05-15 590656]
"Services"=C:\windows\SvcFiles\msde.exe [2016-04-19 3760824]

C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-02-12 6718864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-02-12 4220304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"ConsentPromptBehaviorAdmin"=0
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"VIDC.CFHD"=CFHD.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2016-06-15 10:05:16 ----D---- C:\rsit
2016-06-15 10:05:16 ----D---- C:\Program Files\trend micro
2016-06-15 07:18:53 ----D---- C:\Akustika
2016-06-14 09:17:23 ----D---- C:\Program Files (x86)\Tor Browser
2016-05-25 09:08:01 ----D---- C:\Program Files (x86)\STORMWARE

======List of files/folders modified in the last 1 month======

2016-06-15 10:11:01 ----RD---- C:\windows\System32
2016-06-15 10:11:01 ----D---- C:\windows\Inf
2016-06-15 10:11:01 ----A---- C:\windows\system32\PerfStringBackup.INI
2016-06-15 10:10:56 ----D---- C:\windows\Prefetch
2016-06-15 10:08:49 ----D---- C:\windows\Temp
2016-06-15 10:06:41 ----D---- C:\Windows
2016-06-15 10:05:16 ----RD---- C:\Program Files
2016-06-15 10:00:00 ----D---- C:\windows\system32\sru
2016-06-15 09:57:01 ----D---- C:\windows\system32\NDF
2016-06-15 07:13:30 ----D---- C:\windows\AppReadiness
2016-06-15 07:13:27 ----HD---- C:\Program Files\WindowsApps
2016-06-15 07:03:44 ----D---- C:\windows\sdmf
2016-06-14 16:07:06 ----SHD---- C:\windows\Installer
2016-06-14 16:07:06 ----HD---- C:\Config.Msi
2016-06-14 16:07:06 ----D---- C:\VST
2016-06-14 16:07:04 ----SHD---- C:\System Volume Information
2016-06-14 16:06:58 ----RD---- C:\Program Files (x86)
2016-06-14 11:58:52 ----D---- C:\windows\Microsoft.NET
2016-06-14 08:59:00 ----D---- C:\Users\Miroslav\AppData\Roaming\uTorrent
2016-06-14 08:58:47 ----D---- C:\Users\Miroslav\AppData\Roaming\vlc
2016-06-14 07:00:18 ----D---- C:\windows\SoftwareDistribution
2016-06-13 12:45:34 ----D---- C:\Users\Miroslav\AppData\Roaming\XnView
2016-06-09 16:46:12 ----D---- C:\Users\Miroslav\AppData\Roaming\Dropbox
2016-06-09 08:27:30 ----D---- C:\Users\Miroslav\AppData\Roaming\Notepad++
2016-06-09 08:27:30 ----D---- C:\Program Files (x86)\Notepad++
2016-06-08 16:04:13 ----D---- C:\Program Files (x86)\Eleco
2016-06-02 14:09:25 ----D---- C:\Program Files (x86)\Google
2016-05-25 16:54:37 ----D---- C:\ProgramData\Package Cache
2016-05-25 09:08:08 ----RSD---- C:\windows\assembly
2016-05-25 09:08:01 ----D---- C:\windows\apppatch
2016-05-25 09:08:01 ----D---- C:\Program Files (x86)\Common Files
2016-05-16 10:26:31 ----D---- C:\windows\system32\config

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\windows\System32\drivers\iaStorA.sys [2013-11-21 632168]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2014-08-04 386680]
R2 rzpmgrk;rzpmgrk; \??\C:\windows\system32\drivers\rzpmgrk.sys [2015-02-05 37184]
R2 rzpnk;rzpnk; \??\C:\windows\system32\drivers\rzpnk.sys [2015-03-03 129600]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2014-01-25 13259776]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2014-01-25 625152]
R3 AmUStor;@oem52.inf,%AmUStor.SvcDesc%;AM USB Stroage Driver; C:\windows\system32\drivers\AmUStor.SYS [2013-07-19 83224]
R3 AtiHDAudioService;@oem71.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\windows\system32\drivers\AtihdWB6.sys [2014-03-11 222720]
R3 ICCWDT;@oem70.inf,%ICCWDT.SVCDESC%;Intel(R) Watchdog Timer Driver (Intel(R) WDT); C:\windows\System32\drivers\ICCWDT.sys [2012-05-17 26136]
R3 MEIx64;@oem15.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\windows\System32\drivers\TeeDriverx64.sys [2013-08-12 99288]
R3 RTL8168;@oem51.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\windows\system32\DRIVERS\Rt630x64.sys [2013-11-26 830680]
R3 rzendpt;@oem84.inf,%rzendpt.SvcDesc%;rzendpt; C:\windows\System32\drivers\rzendpt.sys [2014-12-30 39592]
R3 rzudd;@oem97.inf,%Razer.SvcDesc%;Razer Keyboard Driver; C:\windows\System32\drivers\rzudd.sys [2014-12-30 177832]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\windows\system32\DRIVERS\stwrt64.sys [2014-01-07 551936]
S0 amdkmafd;@oem16.inf,%AMDKMAFD_svcdesc%;AMD Audio Bus Lower Filter; C:\windows\System32\drivers\amdkmafd.sys [2012-09-23 21160]
S3 axscsidrv;axscsidrv; C:\windows\system32\drivers\axscsidrv.sys [2014-11-28 293888]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2013-08-22 53248]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2013-08-22 118272]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2014-04-11 1200128]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2014-03-18 81920]
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\windows\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
S3 HTCAND64;@oem101.inf,%HTCAND64.SvcDesc%;HTC Device Driver; C:\windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 htcnprot;@oem105.inf,%NDISPROT_Desc%;HTC NDIS Protocol Driver; C:\windows\system32\DRIVERS\htcnprot.sys [2013-10-17 36928]
S3 HtcVCom32;@oem103.inf,%OEMSerialPortName00%;HTC Diagnostic Port; C:\windows\system32\DRIVERS\HtcVComV64.sys [2010-03-09 121800]
S3 lachesis35g;@oem59.inf,%Razer.SvcDesc%;Razer Lachesis 5600 Driver; C:\windows\System32\drivers\lachesis35g.sys [2012-12-10 11776]
S3 Netaapl;@oem69.inf,%Netaapl.Service.DispName%;Apple Mobile Device Ethernet Service; C:\windows\system32\DRIVERS\netaapl64.sys [2014-08-16 23040]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2014-03-18 167424]
S3 Rockey_USB;@oem103.inf,%RockeyUSB.SVCDESC%;Feitian ROCKEY4 USB Service; C:\windows\system32\DRIVERS\Rockey4USB.sys [2016-04-06 23592]
S3 ROCKEYNT;@oem103.inf,%Rockey.SVCDESC%;Feitian ROCKEY4 Device Service; C:\windows\system32\DRIVERS\Rockey4.sys [2016-04-06 36904]
S3 RSUSBSTOR;@oem55.inf,%RSUSBSTOR.SvcDesc%;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2013-07-09 263896]
S3 silabenm;@oem109.inf,%silabenm.SvcDesc%;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\windows\system32\DRIVERS\silabenm.sys [2014-04-11 23552]
S3 silabser;@oem109.inf,%silabser.SvcDesc%;Silicon Labs CP210x USB to UART Bridge Driver; C:\windows\system32\DRIVERS\silabser.sys [2014-04-11 79360]
S3 USBAAPL64;@oem111.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2015-06-17 54784]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2013-08-22 44544]
S3 VaneFltr;@oem59.inf,%SvcDispName%;Lachesis Mouse Driver; C:\windows\system32\drivers\Lachesis.sys [2009-10-16 29952]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-04-22 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2014-01-25 239616]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\windows\system32\svchost.exe [2013-08-22 37768]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-07 77104]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2014-02-07 31192]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 chromoting;Služba Vzdálené plochy Chrome; C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe [2016-04-14 68488]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-11-21 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-05-11 733696]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-08-12 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-08-12 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-08-12 390616]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2013-08-22 37768]
R2 NovaPdfServer;novaPDF Server; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [2016-01-21 51824]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2013-08-22 37768]
R2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2013-09-13 337776]
R2 Razer Game Scanner Service;Razer Game Scanner; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2015-02-05 187072]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2014-03-28 340480]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12 107848]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-10 50784]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2015-01-12 1357104]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12 107848]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-05-11 822232]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2015-12-17 644880]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 51727736]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 w3logsvc;@%windir%\system32\inetsrv\iisres.dll,-30014; C:\windows\system32\svchost.exe [2013-08-22 37768]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\windows\system32\svchost.exe [2013-08-22 37768]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 15 čer 2016 12:29

Krasny den Vam preju

Otestujte na virustotal.com C:\windows\SvcFiles\msde.exe - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan (Skenovani), pote na Cleaning (Cisteni)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

obr4z · #3 Příspěvek od **obr4z** » 15 čer 2016 12:52

Dekuji, Vam take!

https://virustotal.com/cs/file/f733e52b ... 465990866/

# AdwCleaner v5.200 - Log vytvořen 15/06/2016 v 13:45:44
# Aktualizováno 14/06/2016 by ToolsLib
# Databáze : 2016-06-15.1 [Server]
# Operační system : Windows 8.1 (X64)
# Uživatelské jméno : Mirek Dostál - PC-KANCELAR
# Spuštěno z : C:\Users\Miroslav\Desktop\adwcleaner_5.200.exe
# Nastavení : Čištění
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

***** [ Složky ] *****

[-] Složka Smazáno : C:\ProgramData\apn
[#] Složka Smazáno : C:\ProgramData\Application Data\apn
[-] Složka Smazáno : C:\Users\Miroslav\AppData\Local\MediaDrug
[-] Složka Smazáno : C:\Users\Miroslav\AppData\Roaming\Easeware
[-] Složka Smazáno : C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci
[-] Složka Smazáno : C:\Users\Miroslav\AppData\Local\VirtualStore\Program Files (x86)\ytd

***** [ Soubory ] *****

[-] Soubor Smazáno : C:\windows\Reimage.ini

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Klíč Smazáno : HKLM\SOFTWARE\8dfab60d-6af4-4378-a36a-3d62375bcdeb
[-] Klíč Smazáno : HKLM\SOFTWARE\b523dc61-a18d-472e-a61a-8a020a40e213
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1875-n-bc.exe
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Klíč Smazáno : HKCU\Software\Appscion
[-] Klíč Smazáno : HKCU\Software\OB
[-] Klíč Smazáno : HKCU\Software\Reimage
[-] Klíč Smazáno : HKCU\Software\WEBAPP
[-] Klíč Smazáno : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Klíč Smazáno : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Klíč Smazáno : [x64] HKLM\SOFTWARE\Reimage
[-] Klíč Smazáno : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Klíč Smazáno : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Klíč Smazáno : HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer

***** [ Prohlížeče ] *****

[-] [C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Smazáno : libedajeiljdoodmokbppgapcfbignci

*************************

:: "Tracing" klíče smazány
:: Nastavení Winsock vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5506 bytů] - [15/06/2016 13:45:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [6115 bytů] - [15/06/2016 13:44:57]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5652 bytů] ##########

#4 Příspěvek od **altrok** » 15 čer 2016 13:01

Jedna se o pracovni PC nebo soukrome?

Logy prosim nedavejte do code/quote - hure se to cte.

Soubor C:\windows\SvcFiles\msde.exe poznavate?

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pred zacatkem skenovani navic zatrhnete volby 90 days a Addition.txt

obr4z · #5 Příspěvek od **obr4z** » 15 čer 2016 13:24

jde o pracovni pc

soubor C:\windows\SvcFiles\msde.exe neznam a netusim, jak se tam dostal

i pres vypnuty fw a defender mi to hlasi chybejici soubor http://vyosek.ic.cz/pro_usery/FRSTLauncher.exe takze spoustim FRST bez launcheru..

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
Ran by Mirek Dostál (administrator) on PC-KANCELAR (15-06-2016 14:19:50)
Running from C:\Users\Miroslav\Desktop
Loaded Profiles: Mirek Dostál (Available Profiles: Mirek Dostál)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Miroslav\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Ghisler Software GmbH) C:\Program Files\TotalCMD\TOTALCMD64.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-03-28] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-03-28] (Hewlett-Packard )
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-01-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lachesis] => C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [248320 2009-11-10] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590656 2015-05-15] (Razer Inc.)
HKLM-x32\...\Run: [Services] => C:\windows\SvcFiles\msde.exe
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [Dropbox Update] => C:\Users\Miroslav\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [DIMProb�h� stahov�n� aktualizace...1425077801437] => C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Draw\DIM.EXE [272696 2014-03-14] (Corel Corporation)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [GoogleChromeAutoLaunch_32355425123F7F9C052AB58FA7004C44] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-04] (Google Inc.)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\MountPoints2: {3f0e22cd-5386-11e4-8268-a0d3c13f7eff} - "G:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\MountPoints2: {896b8f15-8040-11e4-826b-a0d3c13f7eff} - "F:\SETUP.EXE"
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2015-01-10] (Autodesk, Inc.)
Startup: C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2016-06-09]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{D8B99B1A-27EA-46D5-877A-68647B777EB8}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-931785541-2971233630-2540198836-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-13] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-13] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-13] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-05-06] [not signed]

Chrome:
=======
CHR HomePage: Default -> search-results.com/?gct=hp
CHR StartupUrls: Default -> "hxxps://www.google.cz/"
CHR Profile: C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Překladač Google) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-18]
CHR Extension: (Disk Google) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-02]
CHR Extension: (Vyhledávání Google) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dropbox for Gmail) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-07]
CHR Extension: (Tabulky Google) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Page Analytics (by Google)) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2016-06-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-07-27]
CHR Extension: (Dropbox) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-06-30]
CHR Extension: (Převod měn) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjehaadplpgckpgeoddpnijogjaldela [2015-03-12]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2016-06-15]
CHR Extension: (Mapy Google) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18]
CHR Extension: (SPOI Options) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\medeknkggnkeffoahbphecmjoakbpiab [2016-04-04]
CHR Extension: (BetterTweetDeck) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\micblkellenpbfapmcpcfhcoeohhnpob [2016-05-09]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-08-03]
CHR Extension: (Hangouts Google) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-11]
CHR Extension: (Save to Pocket) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-06-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe [68488 2016-04-14] (Google Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51824 2016-01-21] (Microsoft)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-03-28] (IDT, Inc.) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2014-11-28] (Alcohol Soft Development Team)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) [File not signed]
S3 lachesis35g; C:\Windows\System32\drivers\lachesis35g.sys [11776 2012-12-10] (Razer USA Ltd) [File not signed]
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
S3 ROCKEYNT; C:\Windows\system32\DRIVERS\Rockey4.sys [36904 2016-04-06] (Feitian Technologies Co., Ltd.)
S3 Rockey_USB; C:\Windows\system32\DRIVERS\Rockey4USB.sys [23592 2016-04-06] (Feitian Technologies Co., Ltd.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-04] (Duplex Secure Ltd.)
S3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-03-24] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-03-24] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-15 14:19 - 2016-06-15 14:19 - 00024348 _____ C:\Users\Miroslav\Desktop\FRST.txt
2016-06-15 14:16 - 2016-06-15 14:16 - 02385920 _____ (Farbar) C:\Users\Miroslav\Desktop\FRST64.exe
2016-06-15 13:44 - 2016-06-15 13:45 - 00000000 ____D C:\AdwCleaner
2016-06-15 13:41 - 2016-06-15 13:41 - 03703360 _____ C:\Users\Miroslav\Desktop\adwcleaner_5.200.exe
2016-06-15 13:39 - 2016-06-15 13:39 - 03760824 _____ C:\Users\Miroslav\Downloads\msde.exe
2016-06-15 11:04 - 2016-06-15 11:04 - 08787048 _____ ( ) C:\Users\Miroslav\Downloads\ipscan24.exe
2016-06-15 11:04 - 2016-06-15 11:04 - 01989357 _____ () C:\Users\Miroslav\Downloads\ipscan-win64-3.3.exe
2016-06-15 11:04 - 2016-06-15 11:04 - 01930060 _____ () C:\Users\Miroslav\Downloads\ipscan-win32-3.3.exe
2016-06-15 11:04 - 2016-06-15 11:04 - 00000000 ____D C:\Users\Miroslav\.swt
2016-06-15 10:05 - 2016-06-15 10:11 - 00000000 ____D C:\Program Files\trend micro
2016-06-15 10:05 - 2016-06-15 10:05 - 00000000 ____D C:\rsit
2016-06-15 10:02 - 2016-06-15 10:02 - 01222144 _____ C:\Users\Miroslav\Desktop\RSITx64.exe
2016-06-15 08:29 - 2016-06-15 12:39 - 00009416 _____ C:\Users\Miroslav\Desktop\16.06.15 NAKUP.xlsx
2016-06-15 07:20 - 2016-06-15 07:20 - 00079026 _____ C:\Users\Miroslav\Downloads\pair_report-2016-06-15-07-16-47 (291 pair).csv
2016-06-15 07:18 - 2016-06-15 11:01 - 00000000 ____D C:\Akustika
2016-06-14 14:16 - 2016-06-14 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcČR 500
2016-06-14 10:30 - 2016-06-14 10:30 - 00000432 _____ C:\Users\Miroslav\advanced_ip_scanner_MAC.bin
2016-06-14 09:40 - 2016-06-14 09:40 - 00001382 _____ C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\O.lnk
2016-06-14 09:17 - 2016-06-14 09:17 - 00000000 ____D C:\Program Files (x86)\Tor Browser
2016-06-14 09:00 - 2016-06-14 09:00 - 01278464 _____ C:\Users\Miroslav\Downloads\Export_Excel_Lite.xls
2016-06-14 08:59 - 2016-06-14 08:59 - 00078583 _____ C:\Users\Miroslav\Downloads\pair_report-2016-06-14-08-36-22.csv
2016-06-14 08:26 - 2016-06-14 08:48 - 00000000 ____D C:\Users\Miroslav\Downloads\torrent
2016-06-09 13:18 - 2016-06-09 13:18 - 00254430 _____ C:\Users\Miroslav\Downloads\newsletter-2-2016-novela-zakona-o-ochran-spotrebitele.pdf
2016-06-09 08:28 - 2016-06-09 08:27 - 00001056 _____ C:\Users\Miroslav\Desktop\Notepad++.lnk
2016-06-09 08:26 - 2016-06-09 08:26 - 00000274 _____ C:\Users\Miroslav\Desktop\beskydkrby.js
2016-06-09 08:25 - 2016-06-09 08:25 - 00003630 _____ C:\Users\Miroslav\Desktop\beskydkrby.css
2016-06-08 09:21 - 2016-06-08 09:21 - 00000000 ____D C:\Users\Miroslav\Downloads\EAN
2016-06-06 12:09 - 2016-06-06 12:09 - 00000000 ____D C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-25 09:08 - 2016-05-25 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STORMWARE Office
2016-05-25 09:08 - 2016-05-25 09:08 - 00000000 ____D C:\Program Files (x86)\STORMWARE
2016-05-13 14:29 - 2016-05-13 14:29 - 00000767 _____ C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ahk 3.lnk
2016-05-12 14:26 - 2016-05-12 14:36 - 02215936 _____ C:\Users\Miroslav\Documents\Webová databáze majetku.accdb
2016-05-12 10:37 - 2016-05-12 10:37 - 00000000 ____D C:\Users\Miroslav\AppData\Local\CEF
2016-04-25 14:54 - 2016-06-08 16:01 - 00000000 ____D C:\Users\Miroslav\Desktop\Heureka
2016-04-25 08:15 - 2016-06-14 16:07 - 00000000 ____D C:\VST
2016-04-19 08:40 - 2016-06-15 07:03 - 00000000 ____D C:\windows\sdmf
2016-04-19 08:40 - 2016-04-19 08:40 - 00000000 ____D C:\windows\SvcFiles
2016-04-18 14:48 - 2016-04-18 14:48 - 00001480 _____ C:\Users\Miroslav\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2016-04-18 08:51 - 2016-04-28 23:08 - 00000000 ____D C:\Users\Miroslav\AppData\Roaming\YouTube Downloader
2016-04-15 17:41 - 2016-04-15 18:16 - 00000000 ____D C:\Users\Miroslav\Desktop\Model pruhledova vlozka
2016-04-14 12:37 - 2016-04-14 12:37 - 00000201 ____H C:\Users\Miroslav\Desktop\1501053 Šenkeříková Jankovice krb model 4.dwl2
2016-04-14 12:37 - 2016-04-14 12:37 - 00000050 ____H C:\Users\Miroslav\Desktop\1501053 Šenkeříková Jankovice krb model 4.dwl
2016-04-14 12:32 - 2016-04-14 12:35 - 00000201 ____H C:\Users\Miroslav\Desktop\1601017 Kořínek Lázníky krb zadní přikládání model 05.dwl2
2016-04-14 12:32 - 2016-04-14 12:35 - 00000050 ____H C:\Users\Miroslav\Desktop\1601017 Kořínek Lázníky krb zadní přikládání model 05.dwl
2016-04-07 21:28 - 2016-04-07 21:28 - 00000000 ____H C:\Users\Miroslav\Documents\Default.rdp
2016-04-06 08:34 - 2016-04-06 08:34 - 00000000 ____D C:\Users\Miroslav\AppData\Roaming\Softland
2016-04-06 08:26 - 2016-04-06 08:26 - 00036904 _____ (Feitian Technologies Co., Ltd.) C:\windows\system32\Drivers\Rockey4.sys
2016-04-06 08:26 - 2016-04-06 08:26 - 00023592 _____ (Feitian Technologies Co., Ltd.) C:\windows\system32\Drivers\Rockey4USB.sys
2016-04-06 08:26 - 2016-04-06 08:26 - 00007680 _____ C:\windows\system32\Ry4CoInst.dll
2016-04-06 08:26 - 2016-04-06 08:26 - 00001870 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KROS 4.lnk
2016-04-06 08:26 - 2016-04-06 08:26 - 00001858 _____ C:\Users\Public\Desktop\KROS 4.lnk
2016-04-06 08:26 - 2016-04-06 08:26 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-04-06 08:26 - 2016-02-23 11:41 - 04194304 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\windows\SysWOW64\cdintf400.dll
2016-04-06 08:24 - 2016-04-06 08:24 - 00000000 ____D C:\windows\SysWOW64\Binaries
2016-04-06 08:21 - 2016-04-06 08:37 - 00000000 ____D C:\KrosData
2016-04-06 08:20 - 2016-04-06 08:26 - 00000000 ____D C:\Program Files (x86)\Kros
2016-04-06 08:15 - 2016-04-06 08:15 - 00000000 ____D C:\ProgramData\Softland
2016-04-06 08:14 - 2016-04-06 08:14 - 00000000 ____D C:\Program Files\Softland
2016-04-06 08:14 - 2016-04-06 08:14 - 00000000 ____D C:\Program Files (x86)\Softland

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-15 14:19 - 2015-03-11 17:39 - 00000000 ____D C:\FRST
2016-06-15 14:08 - 2015-06-16 16:58 - 00000968 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-931785541-2971233630-2540198836-1001UA.job
2016-06-15 14:08 - 2015-05-18 07:27 - 00000984 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-15 13:52 - 2014-08-05 07:28 - 00000000 ____D C:\Users\Miroslav\Documents\Soubory aplikace Outlook
2016-06-15 13:52 - 2014-07-11 11:28 - 00724228 _____ C:\windows\system32\perfh005.dat
2016-06-15 13:52 - 2014-07-11 11:28 - 00167054 _____ C:\windows\system32\perfc005.dat
2016-06-15 13:52 - 2014-03-18 17:32 - 01748858 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-15 13:52 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-06-15 13:48 - 2015-05-18 07:27 - 00000980 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-15 13:48 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-06-15 13:08 - 2015-06-16 16:58 - 00000916 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-931785541-2971233630-2540198836-1001Core.job
2016-06-15 12:45 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2016-06-15 12:34 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-06-15 11:04 - 2014-08-04 09:59 - 00000000 ____D C:\Users\Miroslav
2016-06-15 10:20 - 2014-08-04 10:04 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-931785541-2971233630-2540198836-1001
2016-06-15 09:57 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\NDF
2016-06-15 08:39 - 2014-08-06 10:00 - 05830144 ___SH C:\Users\Miroslav\Desktop\Thumbs.db
2016-06-15 07:23 - 2014-08-18 09:27 - 00000000 ___RD C:\Users\Miroslav\Dropbox
2016-06-15 07:13 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-15 07:06 - 2014-08-05 09:12 - 00000000 ____D C:\Users\Miroslav\AppData\Local\Adobe
2016-06-14 16:59 - 2014-09-03 07:55 - 00000000 ____D C:\Users\Miroslav\Documents\Reg
2016-06-14 15:26 - 2014-08-14 14:53 - 04779520 ___SH C:\Users\Miroslav\Downloads\Thumbs.db
2016-06-14 08:59 - 2014-11-28 12:32 - 00000000 ____D C:\Users\Miroslav\AppData\Roaming\uTorrent
2016-06-14 08:58 - 2014-09-25 11:42 - 00000000 ____D C:\Users\Miroslav\AppData\Roaming\vlc
2016-06-13 12:45 - 2014-08-04 13:50 - 00000000 ____D C:\Users\Miroslav\AppData\Roaming\XnView
2016-06-09 16:46 - 2014-08-18 09:26 - 00000000 ____D C:\Users\Miroslav\AppData\Roaming\Dropbox
2016-06-09 16:45 - 2015-06-16 16:58 - 00000000 ____D C:\Users\Miroslav\AppData\Local\Dropbox
2016-06-09 08:27 - 2015-01-16 13:16 - 00000000 ____D C:\Users\Miroslav\AppData\Roaming\Notepad++
2016-06-09 08:27 - 2015-01-16 13:16 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-06-09 07:09 - 2015-03-12 08:21 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-09 07:09 - 2015-03-12 08:21 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-08 16:36 - 2015-03-10 13:24 - 00000000 ____D C:\Users\Miroslav\Desktop\text
2016-06-08 16:04 - 2015-04-10 13:40 - 00000000 ____D C:\Program Files (x86)\Eleco
2016-06-02 14:09 - 2014-08-04 10:08 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-25 16:54 - 2015-07-16 13:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-25 09:08 - 2016-01-06 13:41 - 00002436 _____ C:\Users\Public\Desktop\POHODA.lnk
2016-05-16 11:28 - 2015-05-11 09:00 - 00000000 ____D C:\Users\Miroslav\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2015-03-30 11:45 - 2015-03-30 11:45 - 0000132 _____ () C:\Users\Miroslav\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2016-04-18 14:48 - 2016-04-18 14:48 - 0001480 _____ () C:\Users\Miroslav\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2015-03-18 21:20 - 2015-03-18 21:20 - 0005120 _____ () C:\Users\Miroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-19 13:31 - 2015-03-19 13:31 - 0029696 _____ () C:\Users\Miroslav\AppData\Local\MSGBOX.EXE
2015-01-06 18:06 - 2015-11-10 16:30 - 0007597 _____ () C:\Users\Miroslav\AppData\Local\resmon.resmoncfg
2015-08-12 21:20 - 2015-08-12 21:20 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-18 16:02 - 2014-08-18 16:02 - 0000445 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Miroslav\AppData\Local\Temp\libeay32.dll
C:\Users\Miroslav\AppData\Local\Temp\msvcr120.dll
C:\Users\Miroslav\AppData\Local\Temp\smkhl.dll
C:\Users\Miroslav\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-08 07:17

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2016
Ran by Mirek Dostál (2016-06-15 14:20:03)
Running from C:\Users\Miroslav\Desktop
Windows 8.1 (Update) (X64) (2014-08-04 07:59:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-931785541-2971233630-2540198836-500 - Administrator - Disabled)
Guest (S-1-5-21-931785541-2971233630-2540198836-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-931785541-2971233630-2540198836-1003 - Limited - Enabled)
Mirek Dostál (S-1-5-21-931785541-2971233630-2540198836-1001 - Administrator - Enabled) => C:\Users\Miroslav

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Ableton Live 9 Suite (HKLM\...\{7597F2DC-003A-476E-9281-774AB112B7BE}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 64-bit fixes (HKLM\...\{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1) (Version: - Leo Davidson / Pretentious Name)
Adobe Reader XI (11.0.16) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
AdWords Editor (HKLM-x32\...\{7690724C-0329-4830-97DE-F765D5AD7705}) (Version: 11.1.2 - Google)
aec creative : AEC-DATA download 1.0 (HKLM-x32\...\{BA962A1C-8F14-4149-8713-3567C4F129F4}_is1) (Version: 1.0 - SOFTconsult spol. s.r.o.)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{A99B0881-5ED5-7E0B-DA57-43BA750852A9}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASGvis Material Studio (HKLM-x32\...\{BE2DB46C-EA1A-434E-AABD-50EAF626EBEE}) (Version: 01.00.07 - ASGvis, LLC)
AutoCAD 2015 – Čeština (Czech) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack – Čeština (Czech) (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk AutoCAD 2015 – Čeština (Czech) (HKLM\...\AutoCAD 2015 – Čeština (Czech)) (Version: 20.0.51.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
AutoHotkey 1.1.23.05 (HKLM\...\AutoHotkey) (Version: 1.1.23.05 - Lexikos)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
CipherLab Forge Batch (HKLM-x32\...\{1C5B3EA3-2CF6-4C06-8A70-41BD8FFBA2B4}) (Version: 1.00.0036 - CipherLab Co.,Ltd.)
CipherLab Wireless DB Manager (HKLM-x32\...\{6966D6E2-21EB-4399-9D12-646B02AD526A}) (Version: 1.32.0 - CipherLab Co., Ltd)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - CZ (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FastCentrik - Pohoda (HKLM\...\{55DF26BD-AFE1-4516-B8A5-37FF0FB15002}) (Version: 0.4.2 - NetDirect)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
HEIN Active 2.0 (HKLM-x32\...\2_is1) (Version: - Hein s.r.o.)
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5510 series Nápověda (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.06 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{95EB2FCC-AE0B-40E9-B804-347C6358923B}) (Version: 51.0.2704.7 - Google Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
Import souborů SketchUp (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Inst5675 (Version: 8.01.06 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.06 - Softex Inc.) Hidden
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 75 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
Kros (Version: 8.5.939 - Softland) Hidden
KROS 4 (HKLM-x32\...\{30044428-C20A-3933-8C01-205EFF81E627}) (Version: 161.400 - ÚRS Praha)
Kros PDF (HKLM-x32\...\{a7c7484e-a1a7-4590-9841-a522c06f5218}) (Version: 161.400.1.0 - Kros a.s.)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
novaPDF 8 Printer Driver (HKLM\...\{0AC6DA67-5240-4F8B-9E69-168680B50AC5}) (Version: 8.5.939 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{77341EEE-6919-4640-B3C0-A19944DB6B66}) (Version: 8.5.939 - Softland)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.1 - pdfforge)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.5.8.2500 - Jan Fiala)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RAUCAD-TechCON (6.2) (HKLM-x32\...\{889D28AD-3F0C-48CD-B9BA-95B89A848DD6}) (Version: 6.00.0811 - Atcon systems s.r.o.)
Razer Lachesis (HKLM-x32\...\{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}) (Version: 1.10.0000 - Razer USA Ltd.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26027 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Room EQ Wizard 5.13 (HKLM-x32\...\4549-9647-2313-4375) (Version: 5.13 - John Mulcahy)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - )
Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista (HKLM-x32\...\{46C013C3-38CD-4D00-A34B-CA5742C6B0F2}) (Version: 5.40.24 - Silicon Laboratories, Inc.)
SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
Software602 Form Filler (HKLM-x32\...\{00160B3F-653A-4EA7-947E-4000D3551E9E}) (Version: 4.60 - Software602 a.s.)
STORMWARE PDF Printer 10.1.0.1871 (HKLM\...\STORMWARE PDF Printer_is1) (Version: 10.1.0.1871 - STORMWARE)
STORMWARE POHODA Klient CZ Premium (HKLM-x32\...\{47EF8306-2DC9-4BCB-B6CF-A399CC45A976}) (Version: 11300.162 - STORMWARE)
Studie vylepšování produktu HP Photosmart 5510 series (HKLM\...\{2822A493-F83B-4806-A5AA-3F17340BD8DD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.0 beta 10 - Ghisler Software GmbH)
Viber (HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Viber) (Version: 5.1.2.24 - Viber Media Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
V-Ray for SketchUp demo (HKLM-x32\...\V-Ray for SketchUp demo 2.00.24261) (Version: 2.00.24261 - Chaos Software, Ltd)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Xml Viewer (HKLM-x32\...\{F58E04CD-6E76-43C8-AAF1-482225C2910E}) (Version: 3 - MindFusion Limited)
XnView 1.98.8 (HKLM-x32\...\XnView_is1) (Version: 1.98.8 - Gougelet Pierre-e)
Základní software zařízení HP Deskjet 2050 J510 series (HKLM\...\{F61FD928-A74D-4AF9-9667-BE2BB6F2C386}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Základní software zařízení HP Photosmart 5510 series (HKLM\...\{22E8B03A-9094-45AC-910A-CB491A16A593}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\cs-CZ\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-931785541-2971233630-2540198836-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C528190-957C-4454-AF27-35717FABE299} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {1C135B24-3509-4637-85DB-E3DC82A41EE4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {3619A13E-9649-49A4-B000-DA3501BE58E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {691098B2-4E4C-4302-9B85-C1D63BBA1041} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {7060FBD0-AC92-4584-BFB3-327B8B0D931F} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: {8E353B6D-35EA-47B1-9BA7-8D21FB2C4AAC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-931785541-2971233630-2540198836-1001UA => C:\Users\Miroslav\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {935CFFFB-A968-4AD2-90A3-4631FC052BD6} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mirdos@outlook.cz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {9396C32D-3428-4CD4-BBF9-FA5B17EE0B62} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-931785541-2971233630-2540198836-1001Core => C:\Users\Miroslav\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {CC24CC2D-09A3-4506-B03F-F2807CBD286F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {D399FF32-608A-403D-8F32-A05CFCFE74D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {FED64280-4F87-4B37-913C-83C11ED06C7B} - System32\Tasks\{4BB7695E-6C15-4D5F-9EE1-4D28587A46AD} => pcalua.exe -a C:\Users\Miroslav\Downloads\sp65946.exe -d C:\Users\Miroslav\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-931785541-2971233630-2540198836-1001Core.job => C:\Users\Miroslav\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-931785541-2971233630-2540198836-1001UA.job => C:\Users\Miroslav\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Chrome Apps & Extensions Developer Tool.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ohmmkhmmmpcnpikjeljgnaoabkaalbgc

==================== Loaded Modules (Whitelisted) ==============

2015-10-13 06:45 - 2015-10-13 06:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-21 17:03 - 2016-01-21 17:03 - 00147432 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2016-01-21 17:03 - 2016-01-21 17:03 - 00062576 _____ () C:\Program Files\Softland\novaPDF 8\Server\CryptUtil.dll
2016-01-21 17:03 - 2016-01-21 17:03 - 00036976 _____ () C:\Program Files\Softland\novaPDF 8\Server\WAFServicePlugin.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-02-05 01:24 - 2015-02-05 01:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-08-04 13:29 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2016-05-18 00:42 - 2016-05-18 00:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-14 07:49 - 2015-03-14 07:49 - 00291840 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2013-06-05 16:51 - 2013-06-05 16:51 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 16:51 - 2013-06-05 16:51 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2016-06-09 07:09 - 2016-06-04 03:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-09 07:09 - 2016-06-04 03:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2015-05-20 04:29 - 2015-05-20 04:29 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-05-22 09:41 - 2014-11-26 03:12 - 40622592 _____ () C:\Users\Miroslav\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-05-22 09:41 - 2014-11-26 03:12 - 00911360 _____ () C:\Users\Miroslav\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-05-22 09:41 - 2014-11-26 03:12 - 00134144 _____ () C:\Users\Miroslav\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2014-07-11 02:40 - 2013-08-12 18:32 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4 [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Classes\.scr: AutoCADScriptFile => C:\windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-03-19 13:32 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\HP\HP_Metro_Sky.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SFAUpdater"
HKLM\...\StartupApproved\Run32: => "SimplePass"
HKLM\...\StartupApproved\Run32: => "Lachesis"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKLM\...\StartupApproved\Run32: => "Smart File Advisor"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Services"
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\StartupApproved\StartupFolder: => "Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk"
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\StartupApproved\Run: => "AlcoholAutomount"
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\StartupApproved\Run: => "DIMProbíhá stahování aktualizace...1425077801437"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{84B94155-456F-457C-B094-20B72705C9EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CD08E0E-B6E7-4BB5-899D-76B567DAEEB7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{41F9EA28-7EDC-4C7F-95C2-EF165F41A597}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9399C73B-A3D1-4700-966D-2A853582613B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{032A0AFA-81E8-4F04-8136-D7E605DC1A43}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe
FirewallRules: [UDP Query User{F572B419-258F-45DD-AC12-C57263024769}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe
FirewallRules: [{B96851A1-889D-419F-85F6-CF4CA0581E4D}] => (Allow) C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9F5B0729-25F9-4743-B511-B493A0003490}] => (Allow) C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{9F376DBD-6B21-4AE4-AA86-D6E249AF91B1}C:\users\miroslav\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\miroslav\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{826F35E4-E632-4ECB-9AC9-74C176AC0739}C:\users\miroslav\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\miroslav\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{88DCB516-0335-4F6D-8C33-1BEA6CF89D6E}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{35105EA1-2AB4-477F-8149-A3CCD6453619}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{8483BC6D-B8AF-47BF-ABA2-12464C0B4EB3}C:\users\miroslav\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\miroslav\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{E9A50A53-113B-4EA7-B0F0-88BDF9F3DEC2}C:\users\miroslav\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\miroslav\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{808778CD-3C23-4257-8263-441CDB91CAB2}] => (Allow) LPort=50248
FirewallRules: [TCP Query User{34EAE21F-BCEE-4C81-B615-28A24755111F}C:\program files (x86)\sketchup\sketchup 2014\sketchup.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2014\sketchup.exe
FirewallRules: [UDP Query User{6CF3D95B-DFF3-427F-9129-1A2B7897DC8B}C:\program files (x86)\sketchup\sketchup 2014\sketchup.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2014\sketchup.exe
FirewallRules: [TCP Query User{A2045C13-FFB4-4B19-81D2-CF68B37871CD}C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe] => (Block) C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{771E2EA5-E74B-4860-BCD2-54C49600C622}C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe] => (Block) C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe
FirewallRules: [{74008B6B-2004-4F24-B085-E4DAA939956E}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{1E12B4F0-88F6-4DA5-B29A-893063793DE8}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{1A342DD4-67AA-4924-9427-3B8ECD6C89E8}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe
FirewallRules: [{AE36178A-531B-46BE-BCD5-E029A108A8FA}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{FF6D70C4-C732-4A1B-99B2-E89ADD793320}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3F78B567-4E4A-4A7B-8375-5FE8204FCC6F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{67386D62-4DB2-4E5F-958F-AB2AC6036528}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C1B54025-CB8F-44CC-A8C1-5E71ED4C55CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{39FB12A3-F4C8-43B0-AB33-CF6144756D5C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{383012CF-4645-449C-8051-B404FA61C309}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{7139E1DB-CDF8-4727-925C-7CB370DC14EF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8FF45B71-EAB1-4876-B36C-2C4F13D6D2A0}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe
FirewallRules: [{6DB33E1F-F5DA-4855-9CBB-FC3214416170}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe
FirewallRules: [{7437FA11-DC8C-4B28-AC1D-CE7FB4187376}] => (Allow) LPort=8501
FirewallRules: [{CE227E5F-9079-4209-9803-AE58D470086D}] => (Allow) LPort=8501
FirewallRules: [{4B8B9E7F-0A54-4DBE-9D36-0F4B64CFA533}] => (Allow) C:\Windows\SvcFiles\msde.exe
FirewallRules: [{136E037A-175F-403C-AB67-C8845D888ADF}] => (Allow) C:\Windows\SvcFiles\msde.exe
FirewallRules: [{0E374F17-F106-4E23-A050-00D36D07552D}] => (Allow) C:\windows\SvcFiles\msde.exe
FirewallRules: [{AA28AC37-857C-450F-BC33-5A54C748AD00}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe
FirewallRules: [TCP Query User{20AF10A3-C9E0-49C7-953B-FA66D44095E6}E:\beskydkrby\mix\ean\cipherlab\forge\batch\8 series\remote console\remoteconsole.exe] => (Allow) E:\beskydkrby\mix\ean\cipherlab\forge\batch\8 series\remote console\remoteconsole.exe
FirewallRules: [UDP Query User{5FF00DF6-B77A-4DA1-B4BC-532352A586AA}E:\beskydkrby\mix\ean\cipherlab\forge\batch\8 series\remote console\remoteconsole.exe] => (Allow) E:\beskydkrby\mix\ean\cipherlab\forge\batch\8 series\remote console\remoteconsole.exe
FirewallRules: [{904537E9-C559-479A-A873-01331617CF1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

25-05-2016 09:07:55 Installed STORMWARE POHODA Klient CZ.
02-06-2016 12:22:25 Naplánovaný kontrolní bod
13-06-2016 07:15:49 Naplánovaný kontrolní bod
14-06-2016 16:06:53 Removed Advanced IP Scanner 2.4
14-06-2016 16:07:02 Removed Phoscyon 1.9.0 (64bit)

==================== Faulty Device Manager Devices =============

Name: hp DVD-RAM GHB0N
Description: Jednotka CD-ROM
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní jednotky CD-ROM)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WHC EJWPUFSXEFCD SCSI CdRom Device
Description: Jednotka CD-ROM
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní jednotky CD-ROM)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WHC EJWPUFSXEFCD SCSI CdRom Device
Description: Jednotka CD-ROM
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní jednotky CD-ROM)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2016 01:48:24 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Nelze načíst informace registru o čítači výkonu pro WSearchIdxPi pro instanci z důvodu následující chyby: Operace byla dokončena úspěšně. 0x0.

Error: (06/15/2016 01:48:24 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Sledování výkonu objektu indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Kontext: aplikace , katalog SystemIndex

Error: (06/15/2016 01:48:24 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Sledování výkonu služby indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Error: (06/15/2016 01:45:45 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Nelze načíst informace registru o čítači výkonu pro WSearchIdxPi pro instanci z důvodu následující chyby: Operace byla dokončena úspěšně. 0x0.

Error: (06/15/2016 01:45:45 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Sledování výkonu objektu indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Kontext: aplikace , katalog SystemIndex

Error: (06/15/2016 01:45:44 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Sledování výkonu služby indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Error: (06/15/2016 12:53:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WSCommCntr4.exe, verze: 4.0.3.0, časové razítko: 0x52df746e
Název chybujícího modulu: ntdll.dll, verze: 6.3.9600.17031, časové razítko: 0x530895af
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000002cc39
ID chybujícího procesu: 0xdec
Čas spuštění chybující aplikace: 0xWSCommCntr4.exe0
Cesta k chybující aplikaci: WSCommCntr4.exe1
Cesta k chybujícímu modulu: WSCommCntr4.exe2
ID zprávy: WSCommCntr4.exe3
Úplný název chybujícího balíčku: WSCommCntr4.exe4
ID aplikace související s chybujícím balíčkem: WSCommCntr4.exe5

Error: (06/15/2016 12:35:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BarU630PP.new.exe, verze: 1.0.0.0, časové razítko: 0x5735b218
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.17055, časové razítko: 0x532943a3
Kód výjimky: 0x0eedfade
Posun chyby: 0x00011d4d
ID chybujícího procesu: 0x1190
Čas spuštění chybující aplikace: 0xBarU630PP.new.exe0
Cesta k chybující aplikaci: BarU630PP.new.exe1
Cesta k chybujícímu modulu: BarU630PP.new.exe2
ID zprávy: BarU630PP.new.exe3
Úplný název chybujícího balíčku: BarU630PP.new.exe4
ID aplikace související s chybujícím balíčkem: BarU630PP.new.exe5

Error: (06/15/2016 12:34:22 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Nelze načíst informace registru o čítači výkonu pro WSearchIdxPi pro instanci z důvodu následující chyby: Operace byla dokončena úspěšně. 0x0.

Error: (06/15/2016 12:34:22 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Sledování výkonu objektu indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Kontext: aplikace , katalog SystemIndex

System errors:
=============
Error: (06/15/2016 02:16:44 PM) (Source: DCOM) (EventID: 10010) (User: pc-kancelar)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/15/2016 01:46:14 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (06/15/2016 01:45:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Office Software Protection Platform byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/15/2016 01:45:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (06/15/2016 01:45:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/15/2016 01:45:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) ME Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/15/2016 01:45:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Rapid Storage Technology byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/15/2016 01:45:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (06/15/2016 01:45:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba StarWind AE Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/15/2016 01:45:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Razer Game Scanner byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

CodeIntegrity:
===================================
Date: 2016-06-14 16:23:49.899
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-14 16:23:49.874
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-13 12:44:15.921
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-13 12:44:15.895
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-09 09:08:46.327
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-09 09:08:46.302
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-09 09:08:46.202
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-09 09:08:46.174
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-31 16:55:58.241
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-31 16:55:58.214
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 12%
Total physical RAM: 16337.06 MB
Available physical RAM: 14320.03 MB
Total Virtual: 18769.06 MB
Available Virtual: 16489.23 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:226.35 GB) (Free:112.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.65 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (DATADRIVE) (Fixed) (Total:2794.39 GB) (Free:2576.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 14418506)

Partition: GPT.

========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 73CFCDB3)

Partition: GPT.

==================== End of Addition.txt ============================

#6 Příspěvek od **altrok** » 15 čer 2016 13:54

Pohybujete se pod uctem s administratorskym opravnenim, bez doinstalovanych MS aktualizaci, v prohlizecich pouzivate starou a zranitelnou Javu, vypnuty firewall, vypnute UAC a bez antiviru - tohle je velice nebezpecne.

Pro priste - firemni PC se zde neresi. Toto forum funguje na bazi dobrovolnosti, kde ve svem volnem case pomahame domacim uzivatelum - nehodlame delat praci za firemni ajtaky, kteri jsou za ni placeni vizte pravidla fora. Priste doporucuji kontaktovat nasi sluzbu vzdalene pomoci neslape.cz - vsechno si date do nakladu a neni co resit.

Odinstalujte starou a zranitelnou verzi Javy. Pokud Javu potrebujete, pak nainstalujte novou z java.com/verify - pozor na adware pri instalaci. Pote se presvedcte, ze starsi verze jsou odinstalovane. Z hlediska bezpecnosti (zranitelnosti a exploity) je lepsi ji nemit. Aktualni je 8U91. Verze Javy, ktere v PC mate nainstalovane:

Java 7 Update 75 (64-bit)
Java 8 Update 31

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Services] => C:\windows\SvcFiles\msde.exe
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\MountPoints2: {3f0e22cd-5386-11e4-8268-a0d3c13f7eff} - "G:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\MountPoints2: {896b8f15-8040-11e4-826b-a0d3c13f7eff} - "F:\SETUP.EXE" 
CHR HomePage: Default -> search-results.com/?gct=hp
2016-06-15 10:05 - 2016-06-15 10:11 - 00000000 ____D C:\Program Files\trend micro
2016-06-15 10:05 - 2016-06-15 10:05 - 00000000 ____D C:\rsit
2016-06-15 10:02 - 2016-06-15 10:02 - 01222144 _____ C:\Users\Miroslav\Desktop\RSITx64.exe
Folder: C:\windows\SvcFiles
Folder: C:\windows\sdmf
Folder: C:\VST
AlternateDataStreams: C:\ProgramData\Temp:054203E4 [130]
FirewallRules: [{4B8B9E7F-0A54-4DBE-9D36-0F4B64CFA533}] => (Allow) C:\Windows\SvcFiles\msde.exe
FirewallRules: [{136E037A-175F-403C-AB67-C8845D888ADF}] => (Allow) C:\Windows\SvcFiles\msde.exe
FirewallRules: [{0E374F17-F106-4E23-A050-00D36D07552D}] => (Allow) C:\windows\SvcFiles\msde.exe
Hosts:
EmptyTemp:
End

obr4z · #7 Příspěvek od **obr4z** » 15 čer 2016 14:24

ok, omlouvám se, příště budu vědět (každopádně tak jako tak jsem ve firmě kromě spousty dalších funkcí něco jako ajťák já a prevenci logu řeším spíš pro svůj osobní komfort práce s pc), než že by na tom nějak stála firma..

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2016
Ran by Mirek Dostál (2016-06-15 15:12:21) Run:2
Running from C:\Users\Miroslav\Desktop
Loaded Profiles: Mirek Dostál (Available Profiles: Mirek Dostál)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Services] => C:\windows\SvcFiles\msde.exe
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\MountPoints2: {3f0e22cd-5386-11e4-8268-a0d3c13f7eff} - "G:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\MountPoints2: {896b8f15-8040-11e4-826b-a0d3c13f7eff} - "F:\SETUP.EXE"
CHR HomePage: Default -> search-results.com/?gct=hp
2016-06-15 10:05 - 2016-06-15 10:11 - 00000000 ____D C:\Program Files\trend micro
2016-06-15 10:05 - 2016-06-15 10:05 - 00000000 ____D C:\rsit
2016-06-15 10:02 - 2016-06-15 10:02 - 01222144 _____ C:\Users\Miroslav\Desktop\RSITx64.exe
Folder: C:\windows\SvcFiles
Folder: C:\windows\sdmf
Folder: C:\VST
AlternateDataStreams: C:\ProgramData\Temp:054203E4 [130]
FirewallRules: [{4B8B9E7F-0A54-4DBE-9D36-0F4B64CFA533}] => (Allow) C:\Windows\SvcFiles\msde.exe
FirewallRules: [{136E037A-175F-403C-AB67-C8845D888ADF}] => (Allow) C:\Windows\SvcFiles\msde.exe
FirewallRules: [{0E374F17-F106-4E23-A050-00D36D07552D}] => (Allow) C:\windows\SvcFiles\msde.exe
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Services => value removed successfully
"HKU\S-1-5-21-931785541-2971233630-2540198836-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f0e22cd-5386-11e4-8268-a0d3c13f7eff}" => key removed successfully
HKCR\CLSID\{3f0e22cd-5386-11e4-8268-a0d3c13f7eff} => key not found.
"HKU\S-1-5-21-931785541-2971233630-2540198836-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{896b8f15-8040-11e4-826b-a0d3c13f7eff}" => key removed successfully
HKCR\CLSID\{896b8f15-8040-11e4-826b-a0d3c13f7eff} => key not found.
Chrome HomePage => removed successfully
C:\Program Files\trend micro => moved successfully
C:\rsit => moved successfully
"C:\Users\Miroslav\Desktop\RSITx64.exe" => not found.

========================= Folder: C:\windows\SvcFiles ========================

2016-04-19 08:40 - 2016-04-19 08:40 - 3760824 _____ () C:\windows\SvcFiles\msde.exe

====== End of Folder: ======

========================= Folder: C:\windows\sdmf ========================

2016-05-12 08:59 - 2016-05-12 08:59 - 4273803 _____ () C:\windows\sdmf\31071400.dmf
2016-05-11 09:03 - 2016-05-11 09:03 - 1233445 _____ () C:\windows\sdmf\31071401.dmf
2016-05-16 07:11 - 2016-05-16 07:11 - 8049105 _____ () C:\windows\sdmf\31071402.dmf
2016-05-13 07:08 - 2016-05-13 07:08 - 7317979 _____ () C:\windows\sdmf\31071403.dmf
2016-05-18 16:34 - 2016-05-18 16:34 - 4767996 _____ () C:\windows\sdmf\31071406.dmf
2016-05-17 09:07 - 2016-05-17 09:07 - 7525427 _____ () C:\windows\sdmf\31071407.dmf
2016-05-20 07:06 - 2016-05-20 07:06 - 0984790 _____ () C:\windows\sdmf\31071408.dmf
2016-05-19 09:06 - 2016-05-19 09:06 - 0010415 _____ () C:\windows\sdmf\31071409.dmf
2016-05-04 07:07 - 2016-05-04 07:07 - 6957449 _____ () C:\windows\sdmf\31071412.dmf
2016-05-03 09:01 - 2016-05-03 09:01 - 3000360 _____ () C:\windows\sdmf\31071413.dmf
2016-05-06 07:07 - 2016-05-06 07:07 - 7384712 _____ () C:\windows\sdmf\31071414.dmf
2016-05-05 09:05 - 2016-05-05 09:05 - 9197045 _____ () C:\windows\sdmf\31071415.dmf
2016-05-09 07:03 - 2016-05-09 07:03 - 5750523 _____ () C:\windows\sdmf\31071417.dmf
2016-05-10 07:03 - 2016-05-10 07:03 - 3737884 _____ () C:\windows\sdmf\31071418.dmf
2016-06-01 07:10 - 2016-06-01 07:10 - 8308599 _____ () C:\windows\sdmf\31071420.dmf
2016-05-31 09:06 - 2016-05-31 09:06 - 4798944 _____ () C:\windows\sdmf\31071421.dmf
2016-05-23 07:06 - 2016-05-23 07:06 - 0805502 _____ () C:\windows\sdmf\31071431.dmf
2016-05-24 07:07 - 2016-05-24 07:07 - 3893055 _____ () C:\windows\sdmf\31071432.dmf
2016-05-26 09:01 - 2016-05-26 09:01 - 1088970 _____ () C:\windows\sdmf\31071434.dmf
2016-05-25 09:01 - 2016-05-25 09:01 - 1383778 _____ () C:\windows\sdmf\31071435.dmf
2016-05-30 07:03 - 2016-05-30 07:03 - 7821263 _____ () C:\windows\sdmf\31071436.dmf
2016-05-27 07:04 - 2016-05-27 07:04 - 2828934 _____ () C:\windows\sdmf\31071437.dmf
2016-04-20 07:12 - 2016-04-20 07:12 - 3441248 _____ () C:\windows\sdmf\31071508.dmf
2016-04-22 08:57 - 2016-04-22 08:57 - 0863400 _____ () C:\windows\sdmf\31071530.dmf
2016-04-21 08:58 - 2016-04-21 08:58 - 1252350 _____ () C:\windows\sdmf\31071531.dmf
2016-04-25 07:03 - 2016-04-25 07:03 - 0532675 _____ () C:\windows\sdmf\31071533.dmf
2016-04-28 21:15 - 2016-04-28 21:15 - 8714363 _____ () C:\windows\sdmf\31071534.dmf
2016-05-02 07:00 - 2016-05-02 07:00 - 0305863 _____ () C:\windows\sdmf\31071539.dmf
2016-06-13 07:03 - 2016-06-13 07:03 - 3937875 _____ () C:\windows\sdmf\31071701.dmf
2016-06-14 07:02 - 2016-06-14 07:02 - 2876216 _____ () C:\windows\sdmf\31071702.dmf
2016-06-15 07:03 - 2016-06-15 07:03 - 10462572 _____ () C:\windows\sdmf\31071705.dmf
2016-06-02 07:14 - 2016-06-02 07:14 - 5963425 _____ () C:\windows\sdmf\31071710.dmf
2016-06-06 07:06 - 2016-06-06 07:06 - 2556616 _____ () C:\windows\sdmf\31071712.dmf
2016-06-03 07:04 - 2016-06-03 07:04 - 3191419 _____ () C:\windows\sdmf\31071713.dmf
2016-06-08 07:05 - 2016-06-08 07:05 - 2122784 _____ () C:\windows\sdmf\31071717.dmf
2016-06-10 07:09 - 2016-06-10 07:09 - 6849749 _____ () C:\windows\sdmf\31071718.dmf
2016-06-09 07:02 - 2016-06-09 07:02 - 9746164 _____ () C:\windows\sdmf\31071719.dmf
2016-04-19 08:40 - 2016-04-19 08:45 - 0004207 _____ () C:\windows\sdmf\dmf.set
2016-04-19 08:40 - 2016-04-19 08:40 - 0000022 _____ () C:\windows\sdmf\iftdp.dat
2016-06-15 07:03 - 2016-06-15 07:03 - 0000000 ____D () C:\windows\sdmf\31071704
2016-06-15 07:03 - 2016-06-15 13:45 - 2294220 _____ () C:\windows\sdmf\31071704\dmf
2016-06-15 07:03 - 2016-06-15 07:03 - 0000000 ____D () C:\windows\sdmf\31071704\658307

====== End of Folder: ======

========================= Folder: C:\VST ========================

2016-04-25 08:16 - 2016-04-25 08:16 - 0000765 _____ () C:\VST\Phoscyon.ini

====== End of Folder: ======

C:\ProgramData\Temp => ":054203E4" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B8B9E7F-0A54-4DBE-9D36-0F4B64CFA533} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{136E037A-175F-403C-AB67-C8845D888ADF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E374F17-F106-4E23-A050-00D36D07552D} => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 258.1 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 15:12:27 ====

#8 Příspěvek od **altrok** » 15 čer 2016 14:33

Slozky
C:\windows\sdmf
C:\windows\SvcFiles
prosim zabalte do raru/zipu, upnete napr. na leteckaposta.cz a link ke stazeni vlozte do pristi odpovedi. Nasledne slozky muzete rucne smazat (spousteni bylo zakazano, takze uz jsou to jen mrtve zbytky).

obr4z · #9 Příspěvek od **obr4z** » 16 čer 2016 06:51

http://leteckaposta.cz/xxxxxx

#10 Příspěvek od **altrok** » 16 čer 2016 08:10

Za vzorek dekuji, poradne na nej mrknu a pak jej poskytnu antivirovym spolecnostem.

V souboru C:\windows\sdmf\31071704\dmf jsou videt casy (bez datumu), veskery zbytek dat je zasifrovan a nelze tedy bez dalsi analyzy s jistotou rict, co malware delal. Malwarebytes podobny kousek detekuje jako Worm.Spambot.

Takze jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

#11 Příspěvek od **altrok** » 17 čer 2016 11:46

Po diskuzi s pracovnikem viruslabu AVG jsme dosli k zaveru, ze soubor C:\windows\SvcFiles\msde.exe bude spise legitimni monitorovaci SW typu http://labelsoftware.cz/portfolio-label ... -asistent/ podepsany Label Software s.r.o.

Pouzivate od teto spolecnosti nejaky monitorovaci SW?

VIRY.CZ

Prosím o preventivní kontrolu logu (podezření na sniffing)

Prosím o preventivní kontrolu logu (podezření na sniffing)

Re: Prosím o preventivní kontrolu logu (podezření na sniffin

Re: Prosím o preventivní kontrolu logu (podezření na sniffin

Re: Prosím o preventivní kontrolu logu (podezření na sniffin

Re: Prosím o preventivní kontrolu logu (podezření na sniffin

Re: Prosím o preventivní kontrolu logu (podezření na sniffin

Re: Prosím o preventivní kontrolu logu (podezření na sniffin

Re: Prosím o preventivní kontrolu logu (podezření na sniffin

Re: Prosím o preventivní kontrolu logu (podezření na sniffin

Re: Prosím o preventivní kontrolu logu (podezření na sniffin

Re: Prosím o preventivní kontrolu logu (podezření na sniffin