Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kontrola logu, trojský kůň

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Sephontaine
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 25 čer 2010 10:52

Kontrola logu, trojský kůň

#1 Příspěvek od Sephontaine »

Dobrý den.
Chtěl bych Vás požádat o kontrolu logu.
Eset mi hlásí, že byla nelezena infiltrace Kriptik.FNBN - trojký kůň.
A že byla vyléčena smazáním. Bohužel těchto oznámení přišlo asi 500, protože se po smazání znovu objevil.
Na základě toho mi bylo esetem doporučeno použití online scanneru v nouzovém režimu. Scanner bohužel nic nenašel.

Log přikládám a děkuji za případnou pomoc.

Logfile of random's system information tool 1.14 (written by random/random)
Run by Sephonatine at 2017-01-19 15:37:31
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 56 GB (56%) free of 100 GB
Total RAM: 8190 MB (70% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:37:35, on 19.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Pro\ScreenHunter.exe
C:\Program Files (x86)\StarMicronics\PrinterSoftware\StarMicronicsCloudUploader.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Sephonatine\AppData\Local\Akamai\netsession_win.exe
C:\Users\Sephonatine\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Sephonatine_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StarMicronicsCloudUploader_PSA] C:\Program Files (x86)\StarMicronics\PrinterSoftware\StarMicronicsCloudUploader.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Bonus.SSR.FR12] "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [WinSubst] C:\Program Files\WorkSoft\WinSubst\winsubst.exe -r
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Sephonatine\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: ScreenHunter 6.0 Pro.lnk = C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Pro\ScreenHunter.exe
O4 - Global Startup: MLO.lnk = C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool10 (NitroDriverReadSpool10) - Nitro Software, Inc. - C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
O23 - Service: NitroUpdateService - Unknown owner - C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12158 bytes

======Enumerating Processes======

C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\taskhost.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\AEADISRV.EXE
"C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"
"C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe"
"C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Pro\ScreenHunter.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\StarMicronics\PrinterSoftware\StarMicronicsCloudUploader.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" /logon
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Sephonatine\AppData\Local\Akamai\netsession_win.exe
C:\Users\Sephonatine\AppData\Local\Akamai\netsession_win.exe
"C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE"
"C:\totalcmd\TOTALCMD.EXE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\Sephonatine\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users

\Sephonatine\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=55.0.2883.87 --

handshake-handle=0xa4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2260 --on-initialized-event-handle=328 --parent-handle=332 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-

features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAut

oImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash

emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,Sw

ReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-

features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,Secur

ityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-

eager/AutofillCreditCardSigninPromo/Default/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/Data

ReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableWin32kLockDown

MimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/InstanceID/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampli

ng/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/Pass

wordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarn

ing/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsi

ngIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsolationExtensions/C

ontrol/StrictSecureCookies/Default/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-

Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_25/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-

Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --disable-direct-composition --

supports-dual-gpus=false --gpu-driver-bug-workarounds=6,16,17,18,21,37,65 --gpu-vendor-id=0x10de --gpu-device-id=0x0291 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.908 --gpu-driver-date=1-30-2015

--service-request-channel-token=47471B045B4DCEDE58382A4FDF0F0EF1 --mojo-platform-channel-handle=1008 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-

features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAut

oImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash

emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,Sw

ReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-

features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,Secur

ityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-

eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/Da

taReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableWin32kLockD

ownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/*InstanceID/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSa

mpling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disable

d/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1Identit

yUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*Sa

feBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsolationExt

ensions/Control/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-

Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_25/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20

-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-

token=19A80FF791BEA18898793F33EB5B98B3 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-

settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-

texture-

target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3

553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,35

53;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-

accelerated-video-decode --service-request-channel-token=19A80FF791BEA18898793F33EB5B98B3 --mojo-platform-channel-handle=2084 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-

features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAut

oImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash

emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,Sw

ReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-

features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,Secur

ityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-

eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/Da

taReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableWin32kLockD

ownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/*InstanceID/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSa

mpling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disable

d/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1Identit

yUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*Sa

feBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsolationExt

ensions/Control/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-

Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_25/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20

-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-

token=4AA190C1E1DFFD66F1E9AB7C809EA21C --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-

settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-

texture-

target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3

553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,35

53;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-

accelerated-video-decode --service-request-channel-token=4AA190C1E1DFFD66F1E9AB7C809EA21C --mojo-platform-channel-handle=2088 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-

features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAut

oImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash

emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,Sw

ReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-

features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,Secur

ityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-

eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/Da

taReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableWin32kLockD

ownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrash

Sampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disab

led/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1Iden

tityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled

/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsolatio

nExtensions/Control/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-

Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_25/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-

Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-

token=956719319B1DC96E93D2153B5D8DBEBD --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-

settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-

texture-

target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3

553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,35

53;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-

accelerated-video-decode --service-request-channel-token=956719319B1DC96E93D2153B5D8DBEBD --mojo-platform-channel-handle=4120 /prefetch:1
C:\Windows\system32\taskeng.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-

features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAut

oImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash

emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,Sw

ReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-

features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,Secur

ityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-

eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*D

ataReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableWin32kLock

DownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCra

shSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Dis

abled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1Id

entityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabl

ed/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/*SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsola

tionExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-

Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_25/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-

Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-

token=8971CD0C5C61DF56A732972BA7299576 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-

settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-

texture-

target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3

553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,35

53;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-

accelerated-video-decode --service-request-channel-token=8971CD0C5C61DF56A732972BA7299576 --mojo-platform-channel-handle=3268 /prefetch:1
"E:\Programy pro odvirování\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\User_Feed_Synchronization-{47E61BA6-10E2-4A70-923A-62D470643722} - C:\Windows\system32\msfeedssync.exe sync
C:\Windows\system32\tasks\{93CF447B-DC09-7B7D-2E02-FDAB473CC492} - C:\Users\Sephonatine\AppData\Roaming\{BFC4671E-AAA0-FC5F-1643-9AD6933ADB61}\imwxwyels.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-3085042485-4064706601-1522929472-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Sephonatine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.205 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.205 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll


C:\Users\Sephonatine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\addons.json
Web Developer - extension - {c45c406e-ab73-11d8-be73-000a95be3b12}
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
SEO Profesional Toolbar - extension - seo@profesional
Firebug - extension - firebug@software.joehewitt.com
SEO Doctor - extension - seodoctor@prelovac.com
YSlow - extension - yslow@yahoo-inc.com
CSS Usage - extension - csscoverage@spaghetticoder.org

C:\Users\Sephonatine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\extensions.json
Web Developer - extension - {c45c406e-ab73-11d8-be73-000a95be3b12} - C:\Users\Sephonatine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
YSlow - extension - yslow@yahoo-inc.com - C:\Users\Sephonatine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\extensions\yslow@yahoo-inc.com.xpi
CSS Usage - extension - csscoverage@spaghetticoder.org - C:\Users\Sephonatine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\extensions\csscoverage@spaghetticoder.org.xpi
Firebug - extension - firebug@software.joehewitt.com - C:\Users\Sephonatine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\extensions\firebug@software.joehewitt.com.xpi
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\Sephonatine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
SEO Doctor - extension - seodoctor@prelovac.com - C:\Users\Sephonatine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\extensions\seodoctor@prelovac.com.xpi
SEOProfesional - extension - seo@profesional - C:\Users\Sephonatine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\extensions\seo@profesional.xpi

C:\Users\Sephonatine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\pluginreg.dat
Plugin - Adobe Acrobat - 11.0.19.15 - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
Plugin - Adobe Acrobat - 11.0.19.15 - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
Plugin - Google Update - 1.3.32.7 - C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - Nitro PDF plugin for Firefox and Chrome - 10.5.9.9 - C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll
Plugin - Shockwave Flash - 23.0.0.205 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll
Plugin - Foxit PhantomPDF Plugin for Mozilla - 2.2.4.903 - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

=========Google Chrome=========

C:\Users\Sephonatine\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock 3.8.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension lmjegmlicamnimmfhcmpkclmigmmcbeh 1 Application Launcher for Drive (by Google) 3.2
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension ninejjcohidippngpapiilnmkgllmakh 1 YSlow 3.1.2
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage:
default_search_provider.search_url:
C:\Users\Sephonatine\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"=C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [2009-05-18 3866624]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-01-29 2585744]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-01-29 1514528]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"=C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [2012-03-20 3340288]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2016-05-30 4293120]
"Akamai NetSession Interface"=C:\Users\Sephonatine\AppData\Local\Akamai\netsession_win.exe [2012-05-26 4327744]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-01-20 7404312]
"CCleaner"=C:\Program Files\CCleaner\CCleaner64.exe [2015-01-20 7404312]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2016-11-30 23818360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2015-09-16 2089056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM Tray Agent]
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [2014-11-18 255072]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-06-05 1310720]
"StarMicronicsCloudUploader_PSA"=C:\Program Files (x86)\StarMicronics\PrinterSoftware\StarMicronicsCloudUploader.exe [2015-10-29 16384]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"Bonus.SSR.FR12"=C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [2014-05-11 1472312]
"WinSubst"=C:\Program Files\WorkSoft\WinSubst\winsubst.exe [2002-09-18 245760]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2016-03-11 1314432]
"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2016-06-11 2779136]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MLO.lnk - C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe

C:\Users\Sephonatine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ScreenHunter 6.0 Pro.lnk - C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Pro\ScreenHunter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - "C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2017-01-19 15:34:35 ----D---- C:\rsit
2017-01-19 15:34:35 ----D---- C:\Program Files\trend micro
2017-01-19 11:20:16 ----A---- C:\Windows\ntbtlog.txt
2017-01-19 11:03:31 ----D---- C:\Users\Sephonatine\AppData\Roaming\tor
2017-01-19 11:03:30 ----A---- C:\Users\Sephonatine\AppData\Roaming\tor.exe
2017-01-19 11:02:12 ----HD---- C:\Users\Sephonatine\AppData\Roaming\{BFC4671E-AAA0-FC5F-1643-9AD6933ADB61}
2017-01-10 17:06:45 ----N---- C:\Windows\system32\fpres6-x64.dll
2017-01-10 17:06:45 ----N---- C:\Windows\system32\fpmon6.dll
2017-01-09 15:09:57 ----D---- C:\CSHdata
2017-01-09 15:09:55 ----D---- C:\Program Files (x86)\CSH

======List of files/folders modified in the last 1 month======

2017-01-19 15:37:37 ----D---- C:\Windows\Temp
2017-01-19 15:34:41 ----D---- C:\Windows\system32\drivers\etc
2017-01-19 15:34:35 ----RD---- C:\Program Files
2017-01-19 15:34:01 ----D---- C:\Windows\system32\config
2017-01-19 15:25:13 ----SHD---- C:\Windows\Installer
2017-01-19 15:25:12 ----SHD---- C:\Config.Msi
2017-01-19 15:24:24 ----AD---- C:\Windows
2017-01-19 15:23:11 ----D---- C:\SCREENHUNTER
2017-01-19 11:10:52 ----D---- C:\Users\Sephonatine\AppData\Roaming\Downloaded Installations
2017-01-19 11:03:34 ----D---- C:\Windows\system32\Tasks
2017-01-19 10:46:51 ----SHD---- C:\System Volume Information
2017-01-18 19:47:26 ----D---- C:\Users\Sephonatine\AppData\Roaming\KeePass
2017-01-18 19:17:09 ----D---- C:\ORGANIZACE - MLO
2017-01-18 07:23:24 ----D---- C:\Windows\inf
2017-01-17 19:45:25 ----D---- C:\Windows\System32
2017-01-17 19:45:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-01-12 10:49:42 ----D---- C:\Windows\SysWOW64
2017-01-12 08:23:53 ----D---- C:\ProgramData\CanonIJPLM
2017-01-11 16:16:39 ----D---- C:\Podací archy
2017-01-10 17:02:36 ----D---- C:\server-hLAVNÍ
2017-01-10 07:17:45 ----D---- C:\Windows\system32\catroot2
2017-01-09 15:23:25 ----D---- C:\Faktury
2017-01-09 15:09:55 ----RD---- C:\Program Files (x86)
2016-12-23 13:51:57 ----D---- C:\ASol

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is not digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2016-11-14 84616]
R0 EUBAKUP;EUBAKUP; C:\Windows\system32\drivers\eubakup.sys [2015-12-10 60968]
R0 EUBKMON;EUBKMON; C:\Windows\system32\drivers\EUBKMON.sys [2015-12-10 48168]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2009-04-06 13368]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-11-14 262792]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-11-14 197248]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2016-11-14 208520]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2016-11-14 61568]
R1 EUDSKACS;EUDSKACS; \??\C:\Windows\system32\drivers\eudskacs.sys [2015-12-10 18472]
R1 EUFDDISK;EUFDDISK; \??\C:\Windows\system32\drivers\EuFdDisk.sys [2015-12-10 192552]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2016-09-12 920168]
R1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [2016-09-12 121248]
R1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [2016-09-12 195936]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2016-09-12 149256]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2007-02-17 296816]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2016-11-14 153216]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-06-05 475136]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-21 19968]
R3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-09-28 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-09-28 47672]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-14 15416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-01-31 189288]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2009-05-19 339360]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-02 28704]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-01-29 38032]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 epmntdrv;epmntdrv; \??\C:\Windows\syswow64\epmntdrv.sys [2014-11-18 14944]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\syswow64\EuGdiDrv.sys [2014-11-18 10208]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2009-06-05 111616]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-11-14 2771848]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2009-05-29 625184]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-29 1148560]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2013-06-28 84616]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZinw12.dll
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-05-29 207904]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-01-29 1706128]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 878400]
R2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZipm12.dll
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-09-20 7500048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-04 107848]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2016-05-30 1467072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-04 107848]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-12-15 172488]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\system32\storsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [2012-05-13 18432]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [2012-04-19 8177664]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2016-01-29 21833360]

-----------------EOF-----------------
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Kontrola logu, trojský kůň

#2 Příspěvek od altrok »

Krasny den Vam preju :bye:



:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).


:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan (Skenovani), pote na Clean (Cisteni)
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Sephontaine
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 25 čer 2010 10:52

Re: Kontrola logu, trojský kůň

#3 Příspěvek od Sephontaine »

Děkuji
Provedeno

# AdwCleaner v6.042 - Log vytvořen 19/01/2017 v 16:48:42
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-18.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Sephontaine - Sephontaine-PC
# Spuštěno z : C:\Users\Sephontaine\Desktop\adwcleaner_6.042.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****

[-] Úloha smazána: tor


***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\Conduit


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1083 Bajty] - [19/01/2017 16:48:42]
C:\AdwCleaner\AdwCleaner[S0].txt - [1530 Bajty] - [19/01/2017 16:48:28]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1229 Bajty] ##########
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Kontrola logu, trojský kůň

#4 Příspěvek od altrok »

:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Sephontaine
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 25 čer 2010 10:52

Re: Kontrola logu, trojský kůň

#5 Příspěvek od Sephontaine »

FRST - log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
Ran by Sephontaine (administrator) on Sephontaine-PC (19-01-2017 17:01:29)
Running from C:\Users\Sephontaine\Desktop
Loaded Profiles: Sephontaine (Available Profiles: Sephontaine)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Nitro Software, Inc.) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
() C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
(Akamai Technologies, Inc) C:\Users\Sephontaine\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(mylifeorganized.net) C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe
(Wisdom Software Inc. ) C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Pro\ScreenHunter.exe
(Akamai Technologies, Inc) C:\Users\Sephontaine\AppData\Local\Akamai\netsession_win.exe
(Star Micronics Co., Ltd.) C:\Program Files (x86)\StarMicronics\PrinterSoftware\StarMicronicsCloudUploader.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2016-01-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [StarMicronicsCloudUploader_PSA] => C:\Program Files (x86)\StarMicronics\PrinterSoftware\StarMicronicsCloudUploader.exe [16384 2015-10-29] (Star Micronics Co., Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2014-05-11] (ABBYY Production LLC.)
HKLM-x32\...\Run: [WinSubst] => C:\Program Files\WorkSoft\WinSubst\winsubst.exe [245760 2002-09-18] (WorkSoft, Ltd.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-03-11] (CANON INC.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [3340288 2012-03-20] ()
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4293120 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sephontaine\AppData\Local\Akamai\netsession_win.exe [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\MountPoints2: {a78baf2e-8563-11e6-a41d-001fc672016e} - L:\SETUP.EXE /AUTORUN
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MLO.lnk [2016-09-30]
ShortcutTarget: MLO.lnk -> C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe (mylifeorganized.net)
Startup: C:\Users\Sephontaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScreenHunter 6.0 Pro.lnk [2016-10-24]
ShortcutTarget: ScreenHunter 6.0 Pro.lnk -> C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Pro\ScreenHunter.exe (Wisdom Software Inc. )
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{57EDC000-FDF5-4B25-84BF-E3D7E0B831F7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B467A161-FEA1-4EE0-AFB5-19A2917FF366}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7nfr0dy7.default
FF ProfilePath: C:\Users\Sephontaine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default [2017-01-19]
FF Extension: (CSS Usage) - C:\Users\Sephontaine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\Extensions\csscoverage@spaghetticoder.org.xpi [2016-10-05]
FF Extension: (Firebug) - C:\Users\Sephontaine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-11]
FF Extension: (SEOProfesional) - C:\Users\Sephontaine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\Extensions\seo@profesional.xpi [2017-01-12]
FF Extension: (SEO Doctor) - C:\Users\Sephontaine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\Extensions\seodoctor@prelovac.com.xpi [2017-01-12]
FF Extension: (YSlow) - C:\Users\Sephontaine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\Extensions\yslow@yahoo-inc.com.xpi [2016-10-05]
FF Extension: (Web Developer) - C:\Users\Sephontaine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-10-05]
FF Extension: (Adblock Plus) - C:\Users\Sephontaine\AppData\Roaming\Mozilla\Firefox\Profiles\7nfr0dy7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-27] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-27] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2016-07-22] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Sephontaine\AppData\Local\Google\Chrome\User Data\Default [2017-01-19]
CHR Extension: (Prezentace Google) - C:\Users\Sephontaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-04]
CHR Extension: (Dokumenty Google) - C:\Users\Sephontaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-04]
CHR Extension: (Disk Google) - C:\Users\Sephontaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-04]
CHR Extension: (YouTube) - C:\Users\Sephontaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-04]
CHR Extension: (Tabulky Google) - C:\Users\Sephontaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\Sephontaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-04]
CHR Extension: (AdBlock) - C:\Users\Sephontaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Sephontaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-17]
CHR Extension: (YSlow) - C:\Users\Sephontaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh [2016-10-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Sephontaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Sephontaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-04]
CHR Extension: (Chrome Media Router) - C:\Users\Sephontaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-06-03] (CHENGDU YIWO Tech Development Co., Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2771848 2016-11-14] (ESET)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-05-29] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2016-01-29] (NVIDIA Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [327320 2016-07-22] (Nitro Software, Inc.)
S3 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [417944 2016-07-22] ()
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-05-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2016-01-29] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2016-01-29] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 wampapache; c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-09-28] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-09-28] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-14] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153216 2016-11-14] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208520 2016-11-14] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61568 2016-11-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84616 2016-11-14] (ESET)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2015-12-10] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2016-01-29] (NVIDIA Corporation)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [195936 2016-09-12] (Oracle Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-19 17:01 - 2017-01-19 17:01 - 00019280 _____ C:\Users\Sephontaine\Desktop\FRST.txt
2017-01-19 17:01 - 2017-01-19 17:01 - 00000000 ____D C:\FRST
2017-01-19 16:46 - 2017-01-19 16:48 - 00000000 ____D C:\AdwCleaner
2017-01-19 16:46 - 2017-01-19 16:46 - 03988944 _____ C:\Users\Sephontaine\Desktop\adwcleaner_6.042.exe
2017-01-19 15:36 - 2017-01-19 15:36 - 00023040 ___SH C:\Users\Sephontaine\Thumbs.db
2017-01-19 15:34 - 2017-01-19 15:40 - 00000000 ____D C:\rsit
2017-01-19 15:34 - 2017-01-19 15:37 - 00000000 ____D C:\Program Files\trend micro
2017-01-19 15:30 - 2017-01-19 15:29 - 02419712 _____ (Farbar) C:\Users\Sephontaine\Desktop\FRST64.exe
2017-01-19 12:26 - 2017-01-19 12:27 - 06770304 _____ (ESET spol. s r.o.) C:\Users\Sephontaine\Downloads\ESETOnlineScanner_CSY.exe
2017-01-19 11:20 - 2017-01-19 12:25 - 00328216 _____ C:\Windows\ntbtlog.txt
2017-01-19 11:03 - 2017-01-19 11:40 - 00000000 ____D C:\Users\Sephontaine\AppData\Roaming\tor
2017-01-19 11:03 - 2017-01-19 11:03 - 03351566 _____ C:\Users\Sephontaine\AppData\Roaming\tor.exe
2017-01-19 11:03 - 2017-01-19 11:03 - 00003070 _____ C:\Windows\System32\Tasks\{93CF447B-DC09-7B7D-2E02-FDAB473CC492}
2017-01-19 11:02 - 2017-01-19 11:44 - 00000000 ___HD C:\Users\Sephontaine\AppData\Roaming\{BFC4671E-AAA0-FC5F-1643-9AD6933ADB61}
2017-01-10 17:06 - 2017-01-10 17:06 - 00000000 ____D C:\Users\Sephontaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FinePrint
2017-01-10 17:06 - 2009-12-16 08:19 - 00397312 ____N (FinePrint Software, LLC) C:\Windows\system32\fpres6-x64.dll
2017-01-10 17:06 - 2009-12-14 14:23 - 00278528 ____N (FinePrint Software, LLC) C:\Windows\system32\fpmon6.dll
2017-01-09 15:14 - 2017-01-09 15:15 - 00000000 ____D C:\Users\Sephontaine\Desktop\Nedůležité
2017-01-09 15:09 - 2017-01-09 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programy CSH
2017-01-09 15:09 - 2017-01-09 15:09 - 00000000 ____D C:\Program Files (x86)\CSH
2017-01-09 15:09 - 2017-01-09 15:09 - 00000000 ____D C:\CSHdata
2016-12-22 16:26 - 2016-12-22 16:26 - 01486066 _____ C:\Users\Sephontaine\Documents\Zavřeno-Vánoce-2017.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-19 16:59 - 2009-07-14 05:45 - 00037904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-19 16:59 - 2009-07-14 05:45 - 00037904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-19 16:53 - 2016-10-17 07:36 - 00000000 ___RD C:\Users\Sephontaine\Disk Google
2017-01-19 16:52 - 2016-10-24 10:37 - 00000000 ____D C:\SCREENHUNTER
2017-01-19 16:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-19 15:36 - 2016-07-29 21:00 - 00000000 ____D C:\Users\Sephontaine
2017-01-19 15:25 - 2016-09-28 18:00 - 00000000 ____D C:\Users\Sephontaine\AppData\Local\Akamai
2017-01-19 12:27 - 2016-08-04 06:43 - 00000000 ____D C:\Users\Sephontaine\AppData\Local\ESET
2017-01-19 11:21 - 2016-08-03 06:46 - 00000000 ____D C:\Users\Sephontaine\AppData\Local\ElevatedDiagnostics
2017-01-19 11:10 - 2016-10-04 16:45 - 00000000 ____D C:\Users\Sephontaine\AppData\Roaming\Downloaded Installations
2017-01-19 10:01 - 2016-09-28 17:51 - 00000000 ____D C:\Users\Sephontaine\Documents\FinePrint soubory
2017-01-19 09:38 - 2016-07-30 20:40 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{47E61BA6-10E2-4A70-923A-62D470643722}
2017-01-19 08:19 - 2016-10-03 08:00 - 00000000 ____D C:\Users\Sephontaine\AppData\Local\eMagicOne Store Manager for Zen Cart
2017-01-19 07:40 - 2016-11-21 07:24 - 00000000 ____D C:\Users\Sephontaine\AppData\LocalLow\Mozilla
2017-01-18 19:47 - 2016-10-18 18:32 - 00000600 _____ C:\Users\Sephontaine\AppData\Roaming\winscp.rnd
2017-01-18 19:47 - 2016-10-18 16:40 - 00000600 _____ C:\Users\Sephontaine\AppData\Local\PUTTY.RND
2017-01-18 19:47 - 2016-10-17 07:39 - 00000000 ____D C:\Users\Sephontaine\AppData\Roaming\KeePass
2017-01-18 19:17 - 2016-09-30 07:47 - 00000000 ____D C:\ORGANIZACE - MLO
2017-01-18 10:37 - 2016-12-16 18:48 - 00000000 ____D C:\Users\Sephontaine\Documents\Bandicam
2017-01-18 07:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-17 19:45 - 2016-07-30 06:50 - 00670342 _____ C:\Windows\system32\perfh005.dat
2017-01-17 19:45 - 2016-07-30 06:50 - 00142042 _____ C:\Windows\system32\perfc005.dat
2017-01-17 19:45 - 2009-07-14 06:13 - 01583642 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-17 15:21 - 2016-09-28 17:55 - 00000000 ____D C:\Users\Sephontaine\AppData\Local\CutePDF Writer
2017-01-12 10:49 - 2016-09-30 16:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-01-12 10:48 - 2016-09-28 18:24 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 08:23 - 2016-10-03 08:12 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-01-11 16:16 - 2016-10-05 09:13 - 00000000 ____D C:\Podací archy
2017-01-10 17:02 - 2016-09-30 07:14 - 00001249 _____ C:\Users\Sephontaine\Desktop\SIS21 – rok 2017.lnk
2017-01-10 17:02 - 2016-09-30 07:13 - 00000000 ____D C:\server-hLAVNÍ
2017-01-09 15:23 - 2016-10-05 11:52 - 00000000 ____D C:\Faktury
2016-12-23 13:51 - 2016-11-23 10:28 - 00000000 ____D C:\ASol
2016-12-22 16:27 - 2016-07-29 21:00 - 00000000 ___RD C:\Users\Sephontaine\Documents

==================== Files in the root of some directories =======

2017-01-19 11:03 - 2017-01-19 11:03 - 3351566 _____ () C:\Users\Sephontaine\AppData\Roaming\tor.exe
2016-10-18 18:32 - 2017-01-18 19:47 - 0000600 _____ () C:\Users\Sephontaine\AppData\Roaming\winscp.rnd
2016-10-18 16:40 - 2017-01-18 19:47 - 0000600 _____ () C:\Users\Sephontaine\AppData\Local\PUTTY.RND
2016-07-31 19:10 - 2016-09-28 11:28 - 0007614 _____ () C:\Users\Sephontaine\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2016-09-30 09:29] - [2010-11-21 04:24] - 2389504 ____A (Microsoft Corporation) 9A9C9A5E7B96DBDD5EB9868382A3CBB0

C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-13 11:46

==================== End of FRST.txt ==================================================







Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by Sephontaine (19-01-2017 17:02:11)
Running from C:\Users\Sephontaine\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-07-29 19:59:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3085042485-4064706601-1522929472-500 - Administrator - Disabled)
Guest (S-1-5-21-3085042485-4064706601-1522929472-501 - Limited - Disabled)
Sephontaine (S-1-5-21-3085042485-4064706601-1522929472-1000 - Administrator - Enabled) => C:\Users\Sephontaine
HomeGroupUser$ (S-1-5-21-3085042485-4064706601-1522929472-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 18.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version: - )
AIDA64 Extreme v5.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.60 - FinalWire Ltd.)
Akamai NetSession Interface (HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Aktualizace NVIDIA 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
Canon CanoScan LiDE 120 On-screen Manual (HKLM-x32\...\Canon CanoScan LiDE 120 On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon CanoScan LiDE 220 On-screen Manual (HKLM-x32\...\Canon CanoScan LiDE 220 On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.11.1 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.0 - Canon Inc.)
CanoScan LiDE 120 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2415) (Version: 1.02 - Canon Inc.)
CanoScan LiDE 220 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4811) (Version: 1.02 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - )
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0190 - Disc Soft Ltd)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
eMagicOne Store Manager for Zen Cart 2.7.8.1103 (HKLM-x32\...\{FDF62FAD-93D8-40EB-9C1D-A95F461B7796}_is1) (Version: 2.7.8.1103 - eMagicOne)
ESET Smart Security (HKLM\...\{D94B5945-22DD-47C9-9CA4-ED784C9B2427}) (Version: 9.0.385.1 - ESET, spol. s r.o.)
FastStone Photo Resizer 3.6 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.6 - FastStone Soft.)
FinePrint (HKLM\...\FinePrint) (Version: - )
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
Foxit PhantomPDF Business (HKLM-x32\...\{E9AA5BDC-7DFA-4CB8-96B5-F545F20EBFDB}) (Version: 7.0.3.916 - Foxit Software Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HD Tune Pro 4.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version: - )
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.3.3 - PandoraTV)
Master PDF Editor 3.5 (HKLM\...\Master PDF Editor 3.5_is1) (Version: - Code Industry Ltd.)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 cs)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Mozilla Thunderbird 31.8.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 31.8.0 (x86 cs)) (Version: 31.8.0 - Mozilla)
MyLifeOrganized v. 4.4.1 (HKLM-x32\...\MyLife Organized) (Version: 4.4.1 - MyLifeOrganized.net)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: - )
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
Oracle VM VirtualBox 5.1.6 (HKLM\...\{EEDDD7E2-A7A2-4FA9-8C32-ADB29A5096FF}) (Version: 5.1.6 - Oracle Corporation)
OSCAR Editor (x32 Version: 12.03.0004 - A4TECH) Hidden
Ovládací panel NVIDIA 309.08 (Version: 309.08 - NVIDIA Corporation) Hidden
pdfFactory Pro (HKLM\...\pdfFactory Pro) (Version: 4.75 - FinePrint Software, LLC)
Pomocník při upgradu na Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
PremiumSoft Navicat 10.0 for MySQL (HKLM-x32\...\PremiumSoft Navicat for MySQL_is1) (Version: - PremiumSoft CyberTech Ltd.)
Prostředí Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.1.2730 - Jan Fiala)
Runtime pro Helios Red (HKLM-x32\...\Runtime pro Helios Red) (Version: - )
Runtime VFP6 (HKLM-x32\...\Runtime VFP6) (Version: - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
Star Micronics Printer Software Ver3.2.1 (HKLM\...\{F9DB5F65-098C-495A-B431-B2CA51886A27}) (Version: 3.2.1 - Star Micronics Co., Ltd.)
StarMicronics OPOS CashDrawer Register (1.8.7) (HKLM-x32\...\{B210FD59-E40C-4F4B-9A09-E4CD1B66CE43}) (Version: 1.8.7.1 - )
StarMicronics OPOS POSPrinter Register (1.8.7) (HKLM-x32\...\{55566A98-BEBE-45AF-9E9F-68625B69EEDE}) (Version: 1.8.7.1 - )
STORMWARE PDF Printer 10.1.0.1871 (HKLM\...\STORMWARE PDF Printer_is1) (Version: 10.1.0.1871 - STORMWARE)
STORMWARE POHODA Start CZ (HKLM-x32\...\{EADC7016-56A5-462B-A84E-9D17C633B4EB}) (Version: 11400.180 - STORMWARE)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.52a - Ghisler Software GmbH)
Visual Foxpro 7.0 Runtime (HKLM-x32\...\{5784F336-59C0-4ADD-8170-A43FA5A39FFD}) (Version: 1.00.0000 - RHK software)
WampServer 2.2 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinSCP 5.9.2 (HKLM-x32\...\winscp3_is1) (Version: 5.9.2 - Martin Prikryl)
Wisdom-soft ScreenHunter 6.0 Pro (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Pro) (Version: - Wisdom Software Inc.)
WorkSoft WinSubst (HKLM-x32\...\WorkSoft WinSubst) (Version: 0.6 - http://www.sura.ru/uddm)
X7 Oscar Editor (HKLM-x32\...\InstallShield_{3C2379D2-337A-4FFA-9017-BDFB80EC0931}) (Version: 12.03.0004 - A4TECH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3085042485-4064706601-1522929472-1000_Classes\CLSID\{EAE592CE-F5B4-A914-006A-019EA48DBF1B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3085042485-4064706601-1522929472-1000_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {676AD10A-495D-4616-A1BE-1D4B5269AE1A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-04] (Google Inc.)
Task: {7777F980-3349-4AD4-9BB4-BB4B75A30A8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-04] (Google Inc.)
Task: {93C3DEB0-47ED-49B5-A9B1-23161E894D82} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {B67F8A73-E0BC-4C99-AF6D-30C4D3F3C1C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {BA33A055-F0C0-4406-960C-A9A508E5E60C} - System32\Tasks\{93CF447B-DC09-7B7D-2E02-FDAB473CC492} => C:\Users\Sephontaine\AppData\Roaming\{BFC4671E-AAA0-FC5F-1643-9AD6933ADB61}\imwxwyels.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-08-04 07:19 - 2015-01-31 01:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-28 17:55 - 2016-01-22 16:57 - 00089008 _____ () C:\Windows\System32\cpwmon64.dll
2016-09-28 16:06 - 2014-12-05 05:44 - 00041472 _____ () C:\Windows\system32\spool\PRTPROCS\x64\KOBK3AAP.DLL
2016-09-28 14:21 - 2014-11-02 17:45 - 00029184 _____ () C:\Program Files (x86)\PSPad editor\pspshellx64.dll
2016-10-03 08:21 - 2013-06-28 14:28 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2009-05-29 12:22 - 2009-05-29 12:22 - 00625184 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-05-29 12:21 - 2009-05-29 12:21 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-05-29 12:22 - 2009-05-29 12:22 - 00578080 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2016-09-29 19:42 - 2016-06-03 11:15 - 00278720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2009-05-29 12:22 - 2009-05-29 12:22 - 00207904 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2012-03-20 10:59 - 2012-03-20 10:59 - 03340288 _____ () C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
2015-01-21 03:06 - 2015-01-21 03:06 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2013-02-17 18:35 - 2012-12-21 19:33 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll
2010-12-02 16:56 - 2010-12-02 16:56 - 00815104 _____ () C:\Program Files (x86)\OSCAR Editor X7\Data\X7\Forms\OSD_Text\OSD_Text.dll
2011-01-09 19:45 - 2011-01-09 19:45 - 00088064 _____ () C:\Program Files (x86)\OSCAR Editor X7\DLL\DLL_MouseDeviceManager.dll
2012-02-07 10:20 - 2012-02-07 10:20 - 02413568 _____ () C:\Program Files (x86)\OSCAR Editor X7\Data\X7\Forms\ScreenCapture\ScreenCapture.dll
2011-03-21 18:33 - 2011-03-21 18:33 - 00999424 _____ () C:\Program Files (x86)\OSCAR Editor X7\Data\X7\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-09-20 13:18 - 2010-09-20 13:18 - 00085504 _____ () C:\Program Files (x86)\OSCAR Editor X7\DLL\DLL_ZoomControl.dll
2010-09-20 13:18 - 2010-09-20 13:18 - 00054272 _____ () C:\Program Files (x86)\OSCAR Editor X7\DLL\DLL_ScrollbarControl.dll
2011-04-12 14:14 - 2011-04-12 14:14 - 00063488 _____ () C:\Program Files (x86)\OSCAR Editor X7\DLL\DLL_AnalyzeGesturesInRight.dll
2010-11-01 19:16 - 2010-11-01 19:16 - 00062976 _____ () C:\Program Files (x86)\OSCAR Editor X7\DLL\DLL_AnalyzeGesturesInOne.dll
2011-08-10 12:43 - 2011-08-10 12:43 - 00118272 _____ () C:\Program Files (x86)\OSCAR Editor X7\DLL\DLL_Wheel4D.dll
2017-01-19 16:52 - 2017-01-19 16:52 - 00098816 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\win32api.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00110080 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\pywintypes27.dll
2017-01-19 16:52 - 2017-01-19 16:52 - 00364544 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\pythoncom27.dll
2017-01-19 16:52 - 2017-01-19 16:52 - 00320512 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\win32com.shell.shell.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00914432 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\_hashlib.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 01176576 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\wx._core_.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00806400 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\wx._gdi_.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00816128 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\wx._windows_.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 01067008 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\wx._controls_.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00733184 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\wx._misc_.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00682496 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\pysqlite2._sqlite.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00088064 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\_ctypes.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00686080 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\unicodedata.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00119808 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\win32file.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00108544 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\win32security.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00007168 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\hashobjs_ext.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00017920 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\thumbnails_ext.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00088064 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\usb_ext.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00012800 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\common.time34.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00018432 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\win32event.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00167936 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\win32gui.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00046080 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\_socket.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 01303552 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\_ssl.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00128512 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\_elementtree.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00127488 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\pyexpat.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00038912 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\win32inet.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00036864 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\_psutil_windows.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00524248 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\windows._lib_cacheinvalidation.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00011264 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\win32crypt.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00123392 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\wx._wizard.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00077312 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\wx._html2.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00027648 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\_multiprocessing.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00020480 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\_yappi.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00035840 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\win32process.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00078848 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\wx._animate.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00024064 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\win32pipe.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00010240 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\select.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00025600 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\win32pdh.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00017408 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\win32profile.pyd
2017-01-19 16:52 - 2017-01-19 16:52 - 00022528 ____R () C:\Users\Sephontaine\AppData\Local\Temp\_MEI11842\win32ts.pyd
2016-12-14 07:13 - 2016-12-08 08:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 07:13 - 2016-12-08 08:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-01-19 15:34 - 00003479 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost127.0.0.1

There are 1 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sephontaine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{95DAEBEF-E903-4882-AB56-8DCA42166BE6}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E912D35F-75BD-42E3-912E-44472EDF1409}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{95337769-4EE2-46A7-9240-CA54B213028A}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{883B9AD1-8C9C-480E-8867-E538342C10EE}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F6FA9DCD-EFDE-4D9C-BA26-561D23C7DD33}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{576DF59E-83B8-4DD7-9ACC-6ABC7282ADB2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{32D58C96-AECF-4AC3-9121-2BAD4C319638}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{342F88A6-2D58-4879-9E7D-62E8A02EC7B4}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BBAA98B0-CB62-45D7-94F4-9B82F62F663C}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D1B1801E-6CAD-4E30-97C0-EFED8B087879}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9B2E0962-4882-4BA6-983E-2779882D879C}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FE678F5E-F2B3-478A-88A1-D3C165395772}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1AF6A480-2EBB-4CB5-B77C-A4C887673DE0}] => C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{73DE3EEC-AEB2-4D1B-968E-FD2A16D0D4C3}] => C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{A8FA03E8-95C7-4821-99C4-240E962140FE}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2017 03:25:12 PM) (Source: MsiInstaller) (EventID: 11310) (User: Sephontaine-PC)
Description: Produkt: Akamai NetSession Interface - Chyba 1310 Při zápisu do souboru C:\Users\Sephontaine\AppData\Local\Akamai\admintool.exe došlo k chybě. Systémová chyba 0. Přesvědčte se, zda máte přístup do adresáře.

Error: (01/19/2017 03:24:28 PM) (Source: MsiInstaller) (EventID: 11310) (User: Sephontaine-PC)
Description: Produkt: Akamai NetSession Interface - Chyba 1310 Při zápisu do souboru C:\Users\Sephontaine\AppData\Local\Akamai\admintool.exe došlo k chybě. Systémová chyba 0. Přesvědčte se, zda máte přístup do adresáře.

Error: (01/19/2017 07:36:39 AM) (Source: MsiInstaller) (EventID: 11310) (User: Sephontaine-PC)
Description: Produkt: Akamai NetSession Interface - Chyba 1310 Při zápisu do souboru C:\Users\Sephontaine\AppData\Local\Akamai\admintool.exe došlo k chybě. Systémová chyba 0. Přesvědčte se, zda máte přístup do adresáře.

Error: (01/19/2017 07:36:11 AM) (Source: MsiInstaller) (EventID: 11310) (User: Sephontaine-PC)
Description: Produkt: Akamai NetSession Interface - Chyba 1310 Při zápisu do souboru C:\Users\Sephontaine\AppData\Local\Akamai\admintool.exe došlo k chybě. Systémová chyba 0. Přesvědčte se, zda máte přístup do adresáře.

Error: (01/18/2017 04:31:43 PM) (Source: MsiInstaller) (EventID: 11310) (User: Sephontaine-PC)
Description: Produkt: Akamai NetSession Interface - Chyba 1310 Při zápisu do souboru C:\Users\Sephontaine\AppData\Local\Akamai\admintool.exe došlo k chybě. Systémová chyba 0. Přesvědčte se, zda máte přístup do adresáře.

Error: (01/18/2017 04:31:17 PM) (Source: MsiInstaller) (EventID: 11310) (User: Sephontaine-PC)
Description: Produkt: Akamai NetSession Interface - Chyba 1310 Při zápisu do souboru C:\Users\Sephontaine\AppData\Local\Akamai\admintool.exe došlo k chybě. Systémová chyba 0. Přesvědčte se, zda máte přístup do adresáře.

Error: (01/18/2017 04:10:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AUDIODG.EXE, verze: 6.1.7601.17514, časové razítko: 0x4ce7abf9
Název chybujícího modulu: SFSAPO64.dll, verze: 1.0.0.48, časové razítko: 0x49ef4bd9
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000e218
ID chybujícího procesu: 0x1518
Čas spuštění chybující aplikace: 0x01d271864cb269f8
Cesta k chybující aplikaci: C:\Windows\system32\AUDIODG.EXE
Cesta k chybujícímu modulu: C:\Windows\system32\SFSAPO64.dll
ID zprávy: 3dfc7478-dd90-11e6-8d41-001fc672016d

Error: (01/18/2017 12:22:06 PM) (Source: MsiInstaller) (EventID: 11310) (User: Sephontaine-PC)
Description: Produkt: Akamai NetSession Interface - Chyba 1310 Při zápisu do souboru C:\Users\Sephontaine\AppData\Local\Akamai\admintool.exe došlo k chybě. Systémová chyba 0. Přesvědčte se, zda máte přístup do adresáře.

Error: (01/18/2017 12:21:35 PM) (Source: MsiInstaller) (EventID: 11310) (User: Sephontaine-PC)
Description: Produkt: Akamai NetSession Interface - Chyba 1310 Při zápisu do souboru C:\Users\Sephontaine\AppData\Local\Akamai\admintool.exe došlo k chybě. Systémová chyba 0. Přesvědčte se, zda máte přístup do adresáře.

Error: (01/18/2017 07:22:59 AM) (Source: MsiInstaller) (EventID: 11310) (User: Sephontaine-PC)
Description: Produkt: Akamai NetSession Interface - Chyba 1310 Při zápisu do souboru C:\Users\Sephontaine\AppData\Local\Akamai\admintool.exe došlo k chybě. Systémová chyba 0. Přesvědčte se, zda máte přístup do adresáře.


System errors:
=============
Error: (01/19/2017 04:48:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (01/19/2017 04:48:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Virtuální disk byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (01/19/2017 04:48:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ForceWare IP service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/19/2017 04:48:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ForceWare Intelligent Application Manager (IAM) byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/19/2017 04:48:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Network Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/19/2017 04:48:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NitroPDFDriverCreatorReadSpool10 byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/19/2017 04:48:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Machine Debug Manager byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/19/2017 04:48:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA GeForce Experience Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/19/2017 04:48:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Andrea ADI Filters Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/19/2017 04:48:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


CodeIntegrity:
===================================
Date: 2017-01-17 09:15:02.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-17 09:15:02.532
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-17 09:15:02.530
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-22 14:56:43.114
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-22 14:56:43.114
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-22 14:56:43.104
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-19 16:48:49.401
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-19 16:48:49.399
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-19 16:48:49.397
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 10:12:35.507
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
Percentage of memory in use: 28%
Total physical RAM: 8190.43 MB
Available physical RAM: 5828.03 MB
Total Virtual: 16379.05 MB
Available Virtual: 13716.92 MB

==================== Drives ================================

Drive c: (win-7) (Fixed) (Total:97.28 GB) (Free:54.18 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (WD-120G) (Fixed) (Total:102.78 GB) (Free:13.04 GB) NTFS
Drive e: (Jednotka-E) (Fixed) (Total:98.03 GB) (Free:70.02 GB) NTFS
Drive f: () (Fixed) (Total:74.52 GB) (Free:30.95 GB) NTFS
Drive g: (HIT-A) (Fixed) (Total:244.14 GB) (Free:9.91 GB) NTFS
Drive h: (HIT-B) (Fixed) (Total:221.62 GB) (Free:139.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6874753E)
Partition 1: (Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: FAE6DBC0)
Partition 1: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 74.5 GB) (Disk ID: 6BF56BF5)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Kontrola logu, trojský kůň

#6 Příspěvek od altrok »

:arrow: Doporucuji doinstalovat aktualizace operacniho systemu (a IE 11) a aktualizovat ESET na aktualni verzi 10.


:arrow: Po restartu dejte vedet, jak se PC chova.



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
File: C:\Users\Sephontaine\AppData\Roaming\{BFC4671E-AAA0-FC5F-1643-9AD6933ADB61}\imwxwyels.exe
File: C:\Program Files\WorkSoft\WinSubst\winsubst.exe
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4293120 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sephontaine\AppData\Local\Akamai\netsession_win.exe [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\MountPoints2: {a78baf2e-8563-11e6-a41d-001fc672016e} - L:\SETUP.EXE /AUTORUN
GroupPolicyScripts: Restriction <======= ATTENTION
2017-01-19 15:34 - 2017-01-19 15:40 - 00000000 ____D C:\rsit
2017-01-19 15:34 - 2017-01-19 15:37 - 00000000 ____D C:\Program Files\trend micro
2017-01-19 11:03 - 2017-01-19 11:40 - 00000000 ____D C:\Users\Sephontaine\AppData\Roaming\tor
2017-01-19 11:03 - 2017-01-19 11:03 - 03351566 _____ C:\Users\Sephontaine\AppData\Roaming\tor.exe
2017-01-19 11:03 - 2017-01-19 11:03 - 00003070 _____ C:\Windows\System32\Tasks\{93CF447B-DC09-7B7D-2E02-FDAB473CC492}
2017-01-19 11:02 - 2017-01-19 11:44 - 00000000 ___HD C:\Users\Sephontaine\AppData\Roaming\{BFC4671E-AAA0-FC5F-1643-9AD6933ADB61}
Task: {BA33A055-F0C0-4406-960C-A9A508E5E60C} - System32\Tasks\{93CF447B-DC09-7B7D-2E02-FDAB473CC492} => C:\Users\Sephontaine\AppData\Roaming\{BFC4671E-AAA0-FC5F-1643-9AD6933ADB61}\imwxwyels.exe <==== ATTENTION
Hosts:
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Sephontaine
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 25 čer 2010 10:52

Re: Kontrola logu, trojský kůň

#7 Příspěvek od Sephontaine »

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by Sephontaine (19-01-2017 17:29:13) Run:1
Running from C:\Users\Sephontaine\Desktop
Loaded Profiles: Sephontaine (Available Profiles: Sephontaine)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Users\Sephontaine\AppData\Roaming\{BFC4671E-AAA0-FC5F-1643-9AD6933ADB61}\imwxwyels.exe
File: C:\Program Files\WorkSoft\WinSubst\winsubst.exe
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4293120 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sephontaine\AppData\Local\Akamai\netsession_win.exe [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\...\MountPoints2: {a78baf2e-8563-11e6-a41d-001fc672016e} - L:\SETUP.EXE /AUTORUN
GroupPolicyScripts: Restriction <======= ATTENTION
2017-01-19 15:34 - 2017-01-19 15:40 - 00000000 ____D C:\rsit
2017-01-19 15:34 - 2017-01-19 15:37 - 00000000 ____D C:\Program Files\trend micro
2017-01-19 11:03 - 2017-01-19 11:40 - 00000000 ____D C:\Users\Sephontaine\AppData\Roaming\tor
2017-01-19 11:03 - 2017-01-19 11:03 - 03351566 _____ C:\Users\Sephontaine\AppData\Roaming\tor.exe
2017-01-19 11:03 - 2017-01-19 11:03 - 00003070 _____ C:\Windows\System32\Tasks\{93CF447B-DC09-7B7D-2E02-FDAB473CC492}
2017-01-19 11:02 - 2017-01-19 11:44 - 00000000 ___HD C:\Users\Sephontaine\AppData\Roaming\{BFC4671E-AAA0-FC5F-1643-9AD6933ADB61}
Task: {BA33A055-F0C0-4406-960C-A9A508E5E60C} - System32\Tasks\{93CF447B-DC09-7B7D-2E02-FDAB473CC492} => C:\Users\Sephontaine\AppData\Roaming\{BFC4671E-AAA0-FC5F-1643-9AD6933ADB61}\imwxwyels.exe <==== ATTENTION
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Users\Sephontaine\AppData\Roaming\{BFC4671E-AAA0-FC5F-1643-9AD6933ADB61}\imwxwyels.exe ========================

"C:\Users\Sephontaine\AppData\Roaming\{BFC4671E-AAA0-FC5F-1643-9AD6933ADB61}\imwxwyels.exe" => not found.
====== End of File: ======


========================= File: C:\Program Files\WorkSoft\WinSubst\winsubst.exe ========================

File not signed
MD5: CA26D45B4815F04EA9F8D35AB4AC4567
Creation and modification date: 2002-09-18 20:43 - 2002-09-18 20:43
Size: 0245760
Attributes: ----A
Company Name: WorkSoft, Ltd.
Internal Name: winsubst
Original Name: winsubst.exe
Product: WorkSoft WinSubst
Description: WinSubst Utility
File Version: 1.0.0.29
Product Version: 0.6
Copyright: © 2001-2002. WorkSoft,Ltd.

====== End of File: ======

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => value removed successfully
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount => value removed successfully
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value removed successfully
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
HKU\S-1-5-21-3085042485-4064706601-1522929472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78baf2e-8563-11e6-a41d-001fc672016e} => key removed successfully
HKCR\CLSID\{a78baf2e-8563-11e6-a41d-001fc672016e} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
"C:\Users\Sephontaine\AppData\Roaming\tor" => not found.
"C:\Users\Sephontaine\AppData\Roaming\tor.exe" => not found.
C:\Windows\System32\Tasks\{93CF447B-DC09-7B7D-2E02-FDAB473CC492} => moved successfully
"C:\Users\Sephontaine\AppData\Roaming\{BFC4671E-AAA0-FC5F-1643-9AD6933ADB61}" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BA33A055-F0C0-4406-960C-A9A508E5E60C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA33A055-F0C0-4406-960C-A9A508E5E60C} => key removed successfully
C:\Windows\System32\Tasks\{93CF447B-DC09-7B7D-2E02-FDAB473CC492} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{93CF447B-DC09-7B7D-2E02-FDAB473CC492} => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12828587 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 61036 B
Edge => 0 B
Chrome => 283105530 B
Firefox => 206992084 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83565 B
systemprofile32 => 66228 B
LocalService => 132246 B
NetworkService => 69620 B
Sephontaine => 41980939 B

RecycleBin => 0 B
EmptyTemp: => 520.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:29:55 ====
Nahoru
Sephontaine
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 25 čer 2010 10:52

Re: Kontrola logu, trojský kůň

#8 Příspěvek od Sephontaine »

Po restartu PC se zdá být OK.
ESET nic nehlásí.
Moc děkuji za pomoc.
Hezký den
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Kontrola logu, trojský kůň

#9 Příspěvek od altrok »

Takze jeste uklidime.
Nemate zac, rad jsem pomohl :worship:


Mejte se krasne a treba zase nekdy :bye:
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“