Dobrý den, manželka si něčím zavirovala počítač a stále jí skáčou reklamy v prohlížeči.
Logfile of random's system information tool 1.15 (written by random/random)
Run by Deny at 2017-03-05 13:48:43
Microsoft Windows 10 Pro
System drive C: has 8 GB (8%) free of 105 GB
Total RAM: 7679 MB (71% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:48:52, on 5.3.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0713)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Deny_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O4 - HKCU\..\Run: [NetLimiter] "C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{26d9bdf7-b9a1-4f1c-8c37-c253c61b71f8}: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CCS\Services\Tcpip\..\{5c94752b-eb68-4add-9da5-229a793977dd}: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CCS\Services\Tcpip\..\{f13c9154-9f3d-4f57-b2f3-6a69075f9efb}: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CS1\Services\Tcpip\..\{26d9bdf7-b9a1-4f1c-8c37-c253c61b71f8}: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: McAfee Application Installer Cleanup (0179631487579402) (0179631487579402mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\017963~1.EXE
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NetLimiter 4 Service (nlsvc) - Locktime Software - C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Service KMSELDI - @ByELDI - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: Intel Security True Key Helper Service (TrueKeyServiceHelper) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9928 bytes
====== Enumerating Processes ======
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe"
"C:\Program Files\TrueKey\McTkSchedulerService.exe"
"C:\Program Files\KMSpico\Service_KMS.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe"
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe" /minimized
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Deny\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=56.0.2924.87 --initial-client-data=0x1b0,0x1b4,0x1b8,0x1ac,0x1bc,0x73797598,0x737975bc,0x737975a4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=5320 --on-initialized-event-handle=596 --parent-handle=600 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled/InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_10/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/WebFontsInterventionV2/Default/ --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,19,20,23,26,40,71 --gpu-vendor-id=0x1002 --gpu-device-id=0x9710 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.970.100.9001 --gpu-driver-date=1-13-2015 --service-request-channel-token=7863EFD0A0249990FB99A065E2C7A561 --mojo-platform-channel-handle=1272 --ignored=" --type=renderer " /prefetch:2
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/*PluginPowerSaverTiny/Enabled2/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_10/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=054DFDFDCA9889A0B1DCE55AA31FFEFA --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=054DFDFDCA9889A0B1DCE55AA31FFEFA --renderer-client-id=26 --mojo-platform-channel-handle=4188 /prefetch:1
C:\WINDOWS\system32\taskeng.exe
C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe /run
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/*PluginPowerSaverTiny/Enabled2/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_10/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=A4F05A085E5FD8C56DEADBFD0840F470 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=A4F05A085E5FD8C56DEADBFD0840F470 --renderer-client-id=129 --mojo-platform-channel-handle=8508 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/*PluginPowerSaverTiny/Enabled2/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_10/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=4E826070E90D92F1E95FDFEE032D2D94 --lang=cs --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=4E826070E90D92F1E95FDFEE032D2D94 --renderer-client-id=151 --mojo-platform-channel-handle=9920 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/*PluginPowerSaverTiny/Enabled2/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_10/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=5678E594FF0B1CEF8395CB4139E37898 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=5678E594FF0B1CEF8395CB4139E37898 --renderer-client-id=155 --mojo-platform-channel-handle=10880 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --ppapi-flash-args --lang=cs --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --service-request-channel-token=99DDBFCB1D784AD17CD814B581092FF1 --mojo-platform-channel-handle=6284 --ignored=" --type=renderer " /prefetch:3
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe715_ Global\UsGthrCtrlFltPipeMssGthrPipe715 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 632 636 644 8192 640
"C:\Users\Deny\Downloads\RSITx64.exe"
====== Scheduled tasks folder ======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\AutoPico Daily Restart - "C:\Program Files\KMSpico\AutoPico.exe" /silent
C:\WINDOWS\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\GoogleUpdateTaskUserS-1-5-21-565801332-904124149-31075428-1001UA - C:\Users\Deny\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\PPI Update - C:\WINDOWS\explorer.exe "http://insightcdn.online/download/index.php?mn=9995"
C:\WINDOWS\system32\tasks\{5835B1AE-48E1-46C1-91DF-98636A60AA55} - C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" -c /uninstall PROPLUSR /dll OSETUP.DLL
C:\WINDOWS\system32\tasks\{5F64B540-E8CF-02EB-AA6E-7ED3F1921630} - C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe /run
C:\WINDOWS\system32\tasks\{72623A87-5C81-41CF-ACAC-2FA41C3D60C7} - C:\WINDOWS\system32\pcalua.exe -a "F:\INSTALAČKY\ZONER 6\start.exe" -d "F:\INSTALAČKY\ZONER 6"
C:\WINDOWS\system32\tasks\{B876BB85-347E-7683-5516-41A8F150DF0C} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\49f008a6\144ef826.dll"
C:\WINDOWS\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\WINDOWS\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe Reboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\SpaceMan.exe /Repair
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\WINDOWS\system32\MRT.exe /EHB /Q
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\StorageSense - %windir%\system32\rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan - C:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges
C:\WINDOWS\system32\tasks\Microsoft\Microsoft Antimalware\MpIdleTask - C:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask
=========Mozilla firefox=========
ProfilePath - C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default
prefs.js - "browser.search.useDBForOrder" - true
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.221 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.221 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\extensions.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Yahoo Default Search Addon - extension - {de71f09a-3342-48c5-95c1-4b0f17567554} - C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\extensions\{de71f09a-3342-48c5-95c1-4b0f17567554}.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Diagnostics - extension - diagnostics@mozilla.org - C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\features\{2e16a641-4896-41c6-a6c4-30b3eee57b59}\diagnostics@mozilla.org.xpi
Send HSTS Priming Requests - extension - hsts-priming@mozilla.org - C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\features\{2e16a641-4896-41c6-a6c4-30b3eee57b59}\hsts-priming@mozilla.org.xpi
SHA-1 deprecation staged rollout - extension - disableSHA1rollout@mozilla.org - C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\features\{2e16a641-4896-41c6-a6c4-30b3eee57b59}\disableSHA1rollout@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\features\{2e16a641-4896-41c6-a6c4-30b3eee57b59}\aushelper@mozilla.org.xpi
C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\pluginreg.dat
Plugin - Adobe Acrobat - 15.23.20053.15062 - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
Plugin - VLC Web Plugin - 2.2.4.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
Plugin - Google Update - 1.3.32.7 - C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - Software602 Form Filler - 4.15.0.0 - C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll
Plugin - Microsoft Office 2010 - 14.0.4730.1010 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
Plugin - Microsoft Office 2010 - 14.0.4761.1000 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
Plugin - Shockwave Flash - 24.0.0.221 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll
=========Google Chrome=========
C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension efaidnbmnnnibpcajpcglclefindmkaj 1 Adobe Acrobat 15.1.0.6
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lmjegmlicamnimmfhcmpkclmigmmcbeh 1 Application Launcher for Drive (by Google) 3.2
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage:
default_search_provider.search_url:
C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6}]
True Key Helper - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08 1048800]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - True Key - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08 1048800]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"=C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [2016-12-06 56368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages" = scecli
C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath" = %SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
====== List of files/folders created in the last 1 month ======
2017-03-05 13:48:43 ----D---- C:\rsit
2017-03-05 13:48:43 ----D---- C:\Program Files\trend micro
2017-03-02 15:15:01 ----D---- C:\ProgramData\a8411654-7ec5-1
2017-03-02 15:15:01 ----D---- C:\ProgramData\a8411654-5a93-0
2017-03-01 15:15:01 ----D---- C:\ProgramData\a8411654-7fa5-1
2017-03-01 15:15:01 ----D---- C:\ProgramData\a8411654-2377-0
2017-02-28 23:30:45 ----D---- C:\ProgramData\{54ed4768-712c-0}
2017-02-28 23:30:44 ----D---- C:\ProgramData\{76936101-612c-0}
2017-02-28 23:30:44 ----D---- C:\ProgramData\{6cb913ec-112c-1}
2017-02-28 21:16:34 ----D---- C:\ProgramData\a8411654-6be5-1
2017-02-28 21:16:34 ----D---- C:\ProgramData\a8411654-14b7-0
2017-02-28 09:15:02 ----D---- C:\ProgramData\a8411654-4681-0
2017-02-28 09:15:01 ----D---- C:\ProgramData\a8411654-7c81-1
2017-02-27 15:15:01 ----D---- C:\ProgramData\a8411654-37a1-0
2017-02-27 15:15:01 ----D---- C:\ProgramData\a8411654-0395-1
2017-02-27 09:15:01 ----D---- C:\ProgramData\a8411654-7db5-1
2017-02-27 09:15:01 ----D---- C:\ProgramData\a8411654-36c5-0
2017-02-27 03:15:01 ----D---- C:\ProgramData\a8411654-48b1-1
2017-02-27 03:15:01 ----D---- C:\ProgramData\a8411654-2dd3-0
2017-02-26 21:15:01 ----D---- C:\ProgramData\a8411654-2a17-0
2017-02-26 21:15:01 ----D---- C:\ProgramData\a8411654-13d1-1
2017-02-26 17:30:14 ----D---- C:\Users\Deny\AppData\Roaming\Software602
2017-02-26 17:29:37 ----A---- C:\WINDOWS\system32\NiXPS.dll
2017-02-26 17:29:37 ----A---- C:\WINDOWS\system32\602localui.dll
2017-02-26 17:29:37 ----A---- C:\WINDOWS\system32\602localmon.dll
2017-02-26 17:29:37 ----A---- C:\WINDOWS\system32\602convert.dll
2017-02-26 17:29:09 ----D---- C:\Users\Deny\AppData\Roaming\602XML
2017-02-26 17:29:02 ----D---- C:\Users\Deny\AppData\Roaming\602Installer
2017-02-26 17:28:57 ----D---- C:\Program Files (x86)\Software602
2017-02-26 15:15:01 ----D---- C:\ProgramData\a8411654-4371-1
2017-02-26 15:15:01 ----D---- C:\ProgramData\a8411654-2617-0
2017-02-24 09:15:01 ----D---- C:\ProgramData\a8411654-5f37-0
2017-02-24 09:15:01 ----D---- C:\ProgramData\a8411654-11b5-1
2017-02-23 22:23:29 ----D---- C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}
2017-02-23 22:23:00 ----D---- C:\ProgramData\{61b82af1-112c-0}
2017-02-23 22:22:58 ----D---- C:\ProgramData\{08034e4f-212c-1}
2017-02-19 10:30:58 ----ASH---- C:\pagefile.sys
====== List of files/folders modified in the last 1 month ======
2017-03-05 13:48:52 ----D---- C:\WINDOWS\Prefetch
2017-03-05 13:48:43 ----RD---- C:\Program Files
2017-03-05 12:59:10 ----D---- C:\WINDOWS\Temp
2017-03-05 12:59:05 ----D---- C:\WINDOWS\system32\sru
2017-03-04 22:08:33 ----D---- C:\WINDOWS\AppReadiness
2017-03-03 23:03:16 ----D---- C:\WINDOWS\Microsoft.NET
2017-03-03 22:19:23 ----HD---- C:\Program Files\WindowsApps
2017-03-02 15:15:01 ----HD---- C:\ProgramData
2017-03-02 12:38:28 ----D---- C:\WINDOWS\system32\config
2017-03-01 14:53:23 ----D---- C:\WINDOWS\system32\NDF
2017-02-28 20:59:45 ----RD---- C:\Program Files (x86)
2017-02-27 17:23:51 ----D---- C:\WINDOWS\System32
2017-02-27 17:23:51 ----D---- C:\WINDOWS\INF
2017-02-27 17:23:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-26 17:30:01 ----SHD---- C:\WINDOWS\Installer
2017-02-26 17:29:37 ----D---- C:\WINDOWS\SysWOW64
2017-02-26 17:28:58 ----D---- C:\Program Files (x86)\Common Files
2017-02-26 17:27:41 ----D---- C:\Deny2015-16
2017-02-26 12:08:27 ----D---- C:\WINDOWS\WinSxS
2017-02-26 11:00:32 ----D---- C:\Program Files\TrueKey
2017-02-24 08:59:52 ----D---- C:\WINDOWS\CbsTemp
2017-02-24 08:59:41 ----D---- C:\WINDOWS\system32\MRT
2017-02-24 08:57:53 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-02-23 22:23:33 ----D---- C:\WINDOWS\system32\Tasks
2017-02-23 22:23:33 ----D---- C:\ProgramData\{FDD00CB7-4A7B-BB1C-CF95-6489D79B1E26}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{F7B1BF6C-401A-08C7-57AC-857BE4325722}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{F3798AA6-44D2-3D0D-A5D6-CC8383CC0AA2}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{E9BF0A00-5E14-BDAB-94EA-E5CCEC2E64D6}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{D39CE552-6437-52F9-8BC9-503009E7D460}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{C2ECFBD0-7547-4C7B-2A92-C23F6FC78A82}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{9D75CF3A-2ADE-7891-FDDE-2287BF82B413}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{84AB8978-3300-3ED3-D3FB-4F4BE5692127}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{831058B4-34BB-EF1F-2726-988ACD209E7C}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{8112E788-36B9-5023-2ED1-193265FBF774}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{7CD8CDFF-CB73-7A54-AA73-FD871A3F9F64}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{73748CEB-C4DF-3B40-B80D-F9366C640936}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{4B7EAE1C-FCD5-19B7-23E9-E4EEBA89DF32}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{31656199-86CE-D632-8A72-FB56DE195B88}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{250B6240-92A0-D5EB-AEEC-ECCBF8FBA005}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{1CE0E518-AB4B-52B3-E5F0-696CCF5F9A12}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{035FC58D-B4F4-7226-8CC9-3EB18BC9BEA1}
2017-02-23 22:23:33 ----D---- C:\ProgramData\{0315E282-B4BE-5529-2A8C-D5688788669F}
2017-02-23 22:23:32 ----D---- C:\ProgramData\{F4308321-439B-348A-0421-44F51780EA44}
2017-02-23 22:23:32 ----D---- C:\ProgramData\{DEF84855-6953-FFFE-3634-6C58A8C6CFD9}
2017-02-23 22:23:32 ----D---- C:\ProgramData\{BE9AADE6-0931-1A4D-7D2D-EF72429C7335}
2017-02-23 22:23:32 ----D---- C:\ProgramData\{BB14ED77-0CBF-5ADC-5A8E-5591D24556D5}
2017-02-23 22:23:32 ----D---- C:\ProgramData\{B8A13C6B-0F0A-8BC0-3E15-3E4D0D52AFE1}
2017-02-23 22:23:32 ----D---- C:\ProgramData\{9A23EFB3-2D88-5818-8276-AF90BE73A703}
2017-02-23 22:23:32 ----D---- C:\ProgramData\{68898190-DF22-363B-1A43-A7CDDD64F2B5}
2017-02-23 22:23:32 ----D---- C:\ProgramData\{4E1CFB3B-F9B7-4C90-A294-C14870EA21CE}
2017-02-23 22:23:32 ----D---- C:\ProgramData\{2EE23CD3-9949-8B78-29C7-4F164AD8696F}
2017-02-23 22:23:32 ----D---- C:\ProgramData\{21073AB8-96AC-8D13-2B6D-F859A727393A}
2017-02-23 22:23:32 ----D---- C:\ProgramData\{19161B94-AEBD-AC3F-2E1F-6D857933C94D}
2017-02-23 22:23:32 ----D---- C:\ProgramData\{10E5A13C-A74E-1697-6C3A-DDDEE5DA4705}
2017-02-23 22:23:32 ----D---- C:\ProgramData\{0B44BB64-BCEF-0CCF-6E16-B749B213F58C}
2017-02-23 22:23:31 ----D---- C:\ProgramData\{8744C162-30EF-76C9-9DE1-6E2C6697D8DE}
2017-02-23 22:23:31 ----D---- C:\ProgramData\{6E27ED0A-D98C-5AA1-2D09-90F1F5426858}
2017-02-23 22:23:05 ----D---- C:\ProgramData\a8411654-5ca5-1
2017-02-23 22:23:00 ----D---- C:\ProgramData\a8411654-50a3-0
2017-02-23 22:22:57 ----D---- C:\ProgramData\{22883ee5-112c-0}
2017-02-23 22:22:50 ----D---- C:\ProgramData\{2b9e2898-012c-0}
2017-02-23 22:22:37 ----D---- C:\ProgramData\{18ee05b0-712c-1}
2017-02-20 09:29:55 ----D---- C:\Program Files (x86)\McAfee
2017-02-19 11:35:02 ----D---- C:\WINDOWS\Minidump
2017-02-18 23:21:40 ----D---- C:\Users\Deny\AppData\Roaming\vlc
2017-02-14 23:10:40 ----D---- C:\WINDOWS\system32\Macromed
2017-02-14 23:10:37 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-02-10 09:31:15 ----D---- C:\Windows
2017-02-06 20:45:15 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 nldrv;nldrv; C:\WINDOWS\system32\drivers\nldrv.sys [2016-12-06 142888]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-01-13 11922944]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-01-13 359936]
R3 b57nd60a;@netb57va.inf,%SvcDispName%;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\WINDOWS\System32\drivers\b57nd60a.sys [2015-10-30 452608]
R3 dtlitescsibus;@oem3.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2015-11-15 30264]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 nlsvc;NetLimiter 4 Service; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [2016-12-06 323632]
R2 OneSyncSvc_12e736f2;Sync Host_12e736f2; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 Service KMSELDI;Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [2015-07-22 985280]
R2 TrueKey;Intel Security True Key; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [2017-02-06 996824]
R2 TrueKeyScheduler;Intel Security True Key Scheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [2017-02-06 16248]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 0179631487579402mcinstcleanup;McAfee Application Installer Cleanup (0179631487579402); C:\WINDOWS\TEMP\017963~1.EXE [2016-03-02 922152]
S2 OneSyncSvc_146fecf;Sync Host_146fecf; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_1546000;Sync Host_1546000; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_1be40716;Sync Host_1be40716; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_1ea115a;Sync Host_1ea115a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_26f1a;Sync Host_26f1a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_27df6;Sync Host_27df6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_280b2;Sync Host_280b2; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_293235c;Sync Host_293235c; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_2f95a;Sync Host_2f95a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_30f97;Sync Host_30f97; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_34416;Sync Host_34416; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_37e9611;Sync Host_37e9611; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_3f02786;Sync Host_3f02786; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_4868376;Sync Host_4868376; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_7cad39f;Sync Host_7cad39f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_d3bf09;Sync Host_d3bf09; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2015-11-15 654848]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-24 43696]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [2016-07-19 327944]
S3 MessagingService_12e736f2;MessagingService_12e736f2; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_146fecf;MessagingService_146fecf; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_1546000;MessagingService_1546000; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_1be40716;MessagingService_1be40716; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_1ea115a;MessagingService_1ea115a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_26f1a;MessagingService_26f1a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_27df6;MessagingService_27df6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_280b2;MessagingService_280b2; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_293235c;MessagingService_293235c; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_2f95a;MessagingService_2f95a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_30f97;MessagingService_30f97; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_34416;MessagingService_34416; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_37e9611;MessagingService_37e9611; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_3f02786;MessagingService_3f02786; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_4868376;MessagingService_4868376; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_7cad39f;MessagingService_7cad39f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_d3bf09;MessagingService_d3bf09; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-28 172488]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PimIndexMaintenanceSvc_12e736f2;Contact Data_12e736f2; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_146fecf;Contact Data_146fecf; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_1546000;Contact Data_1546000; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_1be40716;Contact Data_1be40716; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_1ea115a;Contact Data_1ea115a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_26f1a;Contact Data_26f1a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_27df6;Contact Data_27df6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_280b2;Contact Data_280b2; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_293235c;Contact Data_293235c; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_2f95a;Contact Data_2f95a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_30f97;Contact Data_30f97; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_34416;Contact Data_34416; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_37e9611;Contact Data_37e9611; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_3f02786;Contact Data_3f02786; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_4868376;Contact Data_4868376; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_7cad39f;Contact Data_7cad39f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_d3bf09;Contact Data_d3bf09; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 TrueKeyServiceHelper;Intel Security True Key Helper Service; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [2017-02-06 86864]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zanesený prohlížeč
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Zanesený prohlížeč
Krasny den Vam preju 
V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan (Skenovani), pote na Clean (Cisteni)
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Zanesený prohlížeč
Omlouvám se za pozdní odpověd, zde je log:
# AdwCleaner v6.044 - Logfile created 21/03/2017 at 17:10:35
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-20.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Deny - DENY-PRACOVNÍ
# Running from : C:\Users\Deny\Desktop\adwcleaner_6.044.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\ProgramData\49f008a6
[-] Folder deleted: C:\ProgramData\a8411654-0193-0
[-] Folder deleted: C:\ProgramData\a8411654-0395-1
[-] Folder deleted: C:\ProgramData\a8411654-0625-0
[-] Folder deleted: C:\ProgramData\a8411654-0be7-0
[-] Folder deleted: C:\ProgramData\a8411654-0da5-1
[-] Folder deleted: C:\ProgramData\a8411654-0de1-1
[-] Folder deleted: C:\ProgramData\a8411654-0ee3-1
[-] Folder deleted: C:\ProgramData\a8411654-1051-0
[-] Folder deleted: C:\ProgramData\a8411654-11b5-1
[-] Folder deleted: C:\ProgramData\a8411654-13d1-1
[-] Folder deleted: C:\ProgramData\a8411654-14b7-0
[-] Folder deleted: C:\ProgramData\a8411654-15b3-0
[-] Folder deleted: C:\ProgramData\a8411654-1623-1
[-] Folder deleted: C:\ProgramData\a8411654-1b43-0
[-] Folder deleted: C:\ProgramData\a8411654-1bb3-0
[-] Folder deleted: C:\ProgramData\a8411654-1c57-0
[-] Folder deleted: C:\ProgramData\a8411654-1d15-1
[-] Folder deleted: C:\ProgramData\a8411654-1eb5-0
[-] Folder deleted: C:\ProgramData\a8411654-1fa5-0
[-] Folder deleted: C:\ProgramData\a8411654-20a3-0
[-] Folder deleted: C:\ProgramData\a8411654-2377-0
[-] Folder deleted: C:\ProgramData\a8411654-2433-1
[-] Folder deleted: C:\ProgramData\a8411654-2617-0
[-] Folder deleted: C:\ProgramData\a8411654-2905-0
[-] Folder deleted: C:\ProgramData\a8411654-2a17-0
[-] Folder deleted: C:\ProgramData\a8411654-2a85-0
[-] Folder deleted: C:\ProgramData\a8411654-2ab5-1
[-] Folder deleted: C:\ProgramData\a8411654-2dd3-0
[-] Folder deleted: C:\ProgramData\a8411654-3135-1
[-] Folder deleted: C:\ProgramData\a8411654-36c5-0
[-] Folder deleted: C:\ProgramData\a8411654-37a1-0
[-] Folder deleted: C:\ProgramData\a8411654-38a7-1
[-] Folder deleted: C:\ProgramData\a8411654-3a73-0
[-] Folder deleted: C:\ProgramData\a8411654-3b25-0
[-] Folder deleted: C:\ProgramData\a8411654-3cf7-1
[-] Folder deleted: C:\ProgramData\a8411654-3d51-1
[-] Folder deleted: C:\ProgramData\a8411654-3d53-1
[-] Folder deleted: C:\ProgramData\a8411654-4005-0
[-] Folder deleted: C:\ProgramData\a8411654-4203-1
[-] Folder deleted: C:\ProgramData\a8411654-4371-1
[-] Folder deleted: C:\ProgramData\a8411654-4681-0
[-] Folder deleted: C:\ProgramData\a8411654-46c7-1
[-] Folder deleted: C:\ProgramData\a8411654-48b1-1
[-] Folder deleted: C:\ProgramData\a8411654-48b5-1
[-] Folder deleted: C:\ProgramData\a8411654-4a35-0
[-] Folder deleted: C:\ProgramData\a8411654-4d63-1
[-] Folder deleted: C:\ProgramData\a8411654-50a3-0
[-] Folder deleted: C:\ProgramData\a8411654-5247-0
[-] Folder deleted: C:\ProgramData\a8411654-55e1-1
[-] Folder deleted: C:\ProgramData\a8411654-5731-0
[-] Folder deleted: C:\ProgramData\a8411654-5a93-0
[-] Folder deleted: C:\ProgramData\a8411654-5ca5-1
[-] Folder deleted: C:\ProgramData\a8411654-5f37-0
[-] Folder deleted: C:\ProgramData\a8411654-5fe3-1
[-] Folder deleted: C:\ProgramData\a8411654-6731-1
[-] Folder deleted: C:\ProgramData\a8411654-6775-0
[-] Folder deleted: C:\ProgramData\a8411654-69f7-0
[-] Folder deleted: C:\ProgramData\a8411654-6be5-1
[-] Folder deleted: C:\ProgramData\a8411654-7081-1
[-] Folder deleted: C:\ProgramData\a8411654-7875-0
[-] Folder deleted: C:\ProgramData\a8411654-7c81-1
[-] Folder deleted: C:\ProgramData\a8411654-7db5-1
[-] Folder deleted: C:\ProgramData\a8411654-7ec5-1
[-] Folder deleted: C:\ProgramData\a8411654-7fa5-1
[-] Folder deleted: C:\ProgramData\bb8241e5-2543-1
[-] Folder deleted: C:\ProgramData\bb8241e5-28f5-0
[-] Folder deleted: C:\ProgramData\{04e853d9-212c-1}
[-] Folder deleted: C:\ProgramData\{05870e9d-612c-0}
[-] Folder deleted: C:\ProgramData\{08034e4f-212c-1}
[-] Folder deleted: C:\ProgramData\{18ee05b0-712c-1}
[-] Folder deleted: C:\ProgramData\{22883ee5-112c-0}
[-] Folder deleted: C:\ProgramData\{22ef436a-712c-1}
[-] Folder deleted: C:\ProgramData\{24445bee-012c-0}
[-] Folder deleted: C:\ProgramData\{28af2189-612c-0}
[-] Folder deleted: C:\ProgramData\{2b9e2898-012c-0}
[-] Folder deleted: C:\ProgramData\{2f5e353a-612c-0}
[-] Folder deleted: C:\ProgramData\{32c94e36-312c-1}
[-] Folder deleted: C:\ProgramData\{34e41a5f-412c-1}
[-] Folder deleted: C:\ProgramData\{441d5c3c-512c-0}
[-] Folder deleted: C:\ProgramData\{4cb81e5e-712c-0}
[-] Folder deleted: C:\ProgramData\{519742ea-412c-0}
[-] Folder deleted: C:\ProgramData\{54ed4768-712c-0}
[-] Folder deleted: C:\ProgramData\{61b82af1-112c-0}
[-] Folder deleted: C:\ProgramData\{691409cd-412c-0}
[-] Folder deleted: C:\ProgramData\{6cb913ec-112c-1}
[-] Folder deleted: C:\ProgramData\{70970721-712c-1}
[-] Folder deleted: C:\ProgramData\{76936101-612c-0}
[-] Folder deleted: C:\ProgramData\{77c4156c-012c-1}
[-] Folder deleted: C:\Program Files (x86)\SystemHealer
***** [ Files ] *****
[-] File deleted: C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\extensions\{de71f09a-3342-48c5-95c1-4b0f17567554}.xpi
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: PPI Update
***** [ Registry ] *****
[-] Key deleted: HKU\S-1-5-21-565801332-904124149-31075428-1001\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{26d9bdf7-b9a1-4f1c-8c37-c253c61b71f8} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5c94752b-eb68-4add-9da5-229a793977dd} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f13c9154-9f3d-4f57-b2f3-6a69075f9efb} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{26d9bdf7-b9a1-4f1c-8c37-c253c61b71f8} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5c94752b-eb68-4add-9da5-229a793977dd} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f13c9154-9f3d-4f57-b2f3-6a69075f9efb} [NameServer]
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [7409 Bytes] - [21/03/2017 17:10:35]
C:\AdwCleaner\AdwCleaner[S0].txt - [7302 Bytes] - [21/03/2017 17:09:20]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7555 Bytes] ##########
# AdwCleaner v6.044 - Logfile created 21/03/2017 at 17:10:35
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-20.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Deny - DENY-PRACOVNÍ
# Running from : C:\Users\Deny\Desktop\adwcleaner_6.044.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\ProgramData\49f008a6
[-] Folder deleted: C:\ProgramData\a8411654-0193-0
[-] Folder deleted: C:\ProgramData\a8411654-0395-1
[-] Folder deleted: C:\ProgramData\a8411654-0625-0
[-] Folder deleted: C:\ProgramData\a8411654-0be7-0
[-] Folder deleted: C:\ProgramData\a8411654-0da5-1
[-] Folder deleted: C:\ProgramData\a8411654-0de1-1
[-] Folder deleted: C:\ProgramData\a8411654-0ee3-1
[-] Folder deleted: C:\ProgramData\a8411654-1051-0
[-] Folder deleted: C:\ProgramData\a8411654-11b5-1
[-] Folder deleted: C:\ProgramData\a8411654-13d1-1
[-] Folder deleted: C:\ProgramData\a8411654-14b7-0
[-] Folder deleted: C:\ProgramData\a8411654-15b3-0
[-] Folder deleted: C:\ProgramData\a8411654-1623-1
[-] Folder deleted: C:\ProgramData\a8411654-1b43-0
[-] Folder deleted: C:\ProgramData\a8411654-1bb3-0
[-] Folder deleted: C:\ProgramData\a8411654-1c57-0
[-] Folder deleted: C:\ProgramData\a8411654-1d15-1
[-] Folder deleted: C:\ProgramData\a8411654-1eb5-0
[-] Folder deleted: C:\ProgramData\a8411654-1fa5-0
[-] Folder deleted: C:\ProgramData\a8411654-20a3-0
[-] Folder deleted: C:\ProgramData\a8411654-2377-0
[-] Folder deleted: C:\ProgramData\a8411654-2433-1
[-] Folder deleted: C:\ProgramData\a8411654-2617-0
[-] Folder deleted: C:\ProgramData\a8411654-2905-0
[-] Folder deleted: C:\ProgramData\a8411654-2a17-0
[-] Folder deleted: C:\ProgramData\a8411654-2a85-0
[-] Folder deleted: C:\ProgramData\a8411654-2ab5-1
[-] Folder deleted: C:\ProgramData\a8411654-2dd3-0
[-] Folder deleted: C:\ProgramData\a8411654-3135-1
[-] Folder deleted: C:\ProgramData\a8411654-36c5-0
[-] Folder deleted: C:\ProgramData\a8411654-37a1-0
[-] Folder deleted: C:\ProgramData\a8411654-38a7-1
[-] Folder deleted: C:\ProgramData\a8411654-3a73-0
[-] Folder deleted: C:\ProgramData\a8411654-3b25-0
[-] Folder deleted: C:\ProgramData\a8411654-3cf7-1
[-] Folder deleted: C:\ProgramData\a8411654-3d51-1
[-] Folder deleted: C:\ProgramData\a8411654-3d53-1
[-] Folder deleted: C:\ProgramData\a8411654-4005-0
[-] Folder deleted: C:\ProgramData\a8411654-4203-1
[-] Folder deleted: C:\ProgramData\a8411654-4371-1
[-] Folder deleted: C:\ProgramData\a8411654-4681-0
[-] Folder deleted: C:\ProgramData\a8411654-46c7-1
[-] Folder deleted: C:\ProgramData\a8411654-48b1-1
[-] Folder deleted: C:\ProgramData\a8411654-48b5-1
[-] Folder deleted: C:\ProgramData\a8411654-4a35-0
[-] Folder deleted: C:\ProgramData\a8411654-4d63-1
[-] Folder deleted: C:\ProgramData\a8411654-50a3-0
[-] Folder deleted: C:\ProgramData\a8411654-5247-0
[-] Folder deleted: C:\ProgramData\a8411654-55e1-1
[-] Folder deleted: C:\ProgramData\a8411654-5731-0
[-] Folder deleted: C:\ProgramData\a8411654-5a93-0
[-] Folder deleted: C:\ProgramData\a8411654-5ca5-1
[-] Folder deleted: C:\ProgramData\a8411654-5f37-0
[-] Folder deleted: C:\ProgramData\a8411654-5fe3-1
[-] Folder deleted: C:\ProgramData\a8411654-6731-1
[-] Folder deleted: C:\ProgramData\a8411654-6775-0
[-] Folder deleted: C:\ProgramData\a8411654-69f7-0
[-] Folder deleted: C:\ProgramData\a8411654-6be5-1
[-] Folder deleted: C:\ProgramData\a8411654-7081-1
[-] Folder deleted: C:\ProgramData\a8411654-7875-0
[-] Folder deleted: C:\ProgramData\a8411654-7c81-1
[-] Folder deleted: C:\ProgramData\a8411654-7db5-1
[-] Folder deleted: C:\ProgramData\a8411654-7ec5-1
[-] Folder deleted: C:\ProgramData\a8411654-7fa5-1
[-] Folder deleted: C:\ProgramData\bb8241e5-2543-1
[-] Folder deleted: C:\ProgramData\bb8241e5-28f5-0
[-] Folder deleted: C:\ProgramData\{04e853d9-212c-1}
[-] Folder deleted: C:\ProgramData\{05870e9d-612c-0}
[-] Folder deleted: C:\ProgramData\{08034e4f-212c-1}
[-] Folder deleted: C:\ProgramData\{18ee05b0-712c-1}
[-] Folder deleted: C:\ProgramData\{22883ee5-112c-0}
[-] Folder deleted: C:\ProgramData\{22ef436a-712c-1}
[-] Folder deleted: C:\ProgramData\{24445bee-012c-0}
[-] Folder deleted: C:\ProgramData\{28af2189-612c-0}
[-] Folder deleted: C:\ProgramData\{2b9e2898-012c-0}
[-] Folder deleted: C:\ProgramData\{2f5e353a-612c-0}
[-] Folder deleted: C:\ProgramData\{32c94e36-312c-1}
[-] Folder deleted: C:\ProgramData\{34e41a5f-412c-1}
[-] Folder deleted: C:\ProgramData\{441d5c3c-512c-0}
[-] Folder deleted: C:\ProgramData\{4cb81e5e-712c-0}
[-] Folder deleted: C:\ProgramData\{519742ea-412c-0}
[-] Folder deleted: C:\ProgramData\{54ed4768-712c-0}
[-] Folder deleted: C:\ProgramData\{61b82af1-112c-0}
[-] Folder deleted: C:\ProgramData\{691409cd-412c-0}
[-] Folder deleted: C:\ProgramData\{6cb913ec-112c-1}
[-] Folder deleted: C:\ProgramData\{70970721-712c-1}
[-] Folder deleted: C:\ProgramData\{76936101-612c-0}
[-] Folder deleted: C:\ProgramData\{77c4156c-012c-1}
[-] Folder deleted: C:\Program Files (x86)\SystemHealer
***** [ Files ] *****
[-] File deleted: C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\extensions\{de71f09a-3342-48c5-95c1-4b0f17567554}.xpi
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: PPI Update
***** [ Registry ] *****
[-] Key deleted: HKU\S-1-5-21-565801332-904124149-31075428-1001\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{26d9bdf7-b9a1-4f1c-8c37-c253c61b71f8} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5c94752b-eb68-4add-9da5-229a793977dd} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f13c9154-9f3d-4f57-b2f3-6a69075f9efb} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{26d9bdf7-b9a1-4f1c-8c37-c253c61b71f8} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5c94752b-eb68-4add-9da5-229a793977dd} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f13c9154-9f3d-4f57-b2f3-6a69075f9efb} [NameServer]
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [7409 Bytes] - [21/03/2017 17:10:35]
C:\AdwCleaner\AdwCleaner[S0].txt - [7302 Bytes] - [21/03/2017 17:09:20]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7555 Bytes] ##########
Re: Zanesený prohlížeč
Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Zanesený prohlížeč
Log addition.txt se nevytvořil
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Deny (administrator) on DENY-PRACOVNÍ (21-03-2017 23:18:05)
Running from C:\Users\Deny\Desktop
Loaded Profiles: Deny (Available Profiles: Deny)
Platform: Windows 10 Pro Version 1511 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe
(forum.viry.cz) C:\Users\Deny\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{26d9bdf7-b9a1-4f1c-8c37-c253c61b71f8}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{5c94752b-eb68-4add-9da5-229a793977dd}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{c4544e4f-d6cd-4554-aebc-d4acdd76f7da}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f13c9154-9f3d-4f57-b2f3-6a69075f9efb}: [DhcpNameServer] 10.0.1.1
Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)
FireFox:
========
FF DefaultProfile: 4lhy7pbi.default
FF ProfilePath: C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default [2017-03-21]
FF Extension: (2020 3D Viewer for IKEA) - C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\Extensions\2020Player_IKEA@2020Technologies.com [2017-03-05]
FF Extension: (Adblock Plus) - C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default [2017-03-21]
CHR Extension: (Prezentace Google) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-30]
CHR Extension: (Dokumenty Google) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-30]
CHR Extension: (Disk Google) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-30]
CHR Extension: (YouTube) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Tabulky Google) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-16]
CHR Extension: (Gmail) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
CHR HKU\S-1-5-21-565801332-904124149-31075428-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-11-15] (Macrovision Europe Ltd.) [File not signed]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [985280 2015-07-22] (@ByELDI) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 athur; C:\WINDOWS\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Qualcomm Atheros Communications, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-11-15] (Disc Soft Ltd)
U5 NetPeeker; C:\Windows\System32\Drivers\NetPeeker.sys [1757648 2016-06-12] (eMing Software Inc.)
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [3870464 2015-10-01] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-21 23:18 - 2017-03-21 23:18 - 00011167 _____ C:\Users\Deny\Desktop\FRST.txt
2017-03-21 23:18 - 2017-03-21 23:18 - 00000000 ____D C:\FRST
2017-03-21 23:00 - 2017-03-21 23:17 - 02424832 _____ (Farbar) C:\Users\Deny\Desktop\FRST64.exe
2017-03-21 22:57 - 2017-03-21 23:17 - 00112640 _____ (forum.viry.cz) C:\Users\Deny\Desktop\FRSTLauncher.exe
2017-03-21 17:29 - 2017-03-21 17:29 - 02204736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-21 17:07 - 2017-03-21 17:10 - 00000000 ____D C:\AdwCleaner
2017-03-21 17:06 - 2017-03-21 17:07 - 04031440 _____ C:\Users\Deny\Desktop\adwcleaner_6.044.exe
2017-03-15 13:47 - 2017-03-15 13:47 - 00058697 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20161201-20161231_cislo-8(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00058004 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20170101-20170131_cislo-1.pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00052873 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160901-20160930_cislo-5(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00051541 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160801-20160831_cislo-4(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00050497 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160501-20160630_cislo-2(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00048088 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20161101-20161130_cislo-7(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00047935 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20161001-20161031_cislo-6(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00045620 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160701-20160731_cislo-3(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00044998 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160330-20160430_cislo-1(1).pdf
2017-03-13 16:34 - 2017-03-13 16:53 - 321087299 _____ C:\Users\Deny\Downloads\StarArt-Husová-rekonstrukce - Kopie(1).rar
2017-03-13 11:15 - 2017-03-13 11:15 - 00909639 _____ C:\Users\Deny\Downloads\Street-Art web stránka.json
2017-03-06 23:18 - 2017-03-06 23:51 - 735531724 _____ C:\Users\Deny\Downloads\21_Day_Drawing_Challenge (201702).zip
2017-03-05 13:48 - 2017-03-05 13:49 - 00000000 ____D C:\rsit
2017-03-05 13:48 - 2017-03-05 13:48 - 01324032 _____ C:\Users\Deny\Downloads\RSITx64.exe
2017-03-05 13:48 - 2017-03-05 13:48 - 00000000 ____D C:\Program Files\trend micro
2017-02-28 22:08 - 2017-02-28 22:08 - 00058697 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20161201-20161231_cislo-8.pdf
2017-02-28 22:07 - 2017-02-28 22:07 - 00052873 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160901-20160930_cislo-5.pdf
2017-02-28 22:07 - 2017-02-28 22:07 - 00051541 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160801-20160831_cislo-4.pdf
2017-02-28 22:07 - 2017-02-28 22:07 - 00050497 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160501-20160630_cislo-2.pdf
2017-02-28 22:07 - 2017-02-28 22:07 - 00048088 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20161101-20161130_cislo-7.pdf
2017-02-28 22:07 - 2017-02-28 22:07 - 00047935 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20161001-20161031_cislo-6.pdf
2017-02-28 22:07 - 2017-02-28 22:07 - 00045620 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160701-20160731_cislo-3.pdf
2017-02-28 22:06 - 2017-02-28 22:06 - 00044998 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160330-20160430_cislo-1.pdf
2017-02-26 17:33 - 2017-02-26 17:33 - 01522088 _____ C:\Users\Deny\Downloads\Zadost o dotaci workshopy unor 2017.fo
2017-02-26 17:30 - 2017-02-26 17:30 - 00000000 ____D C:\Users\Deny\AppData\Roaming\Software602
2017-02-26 17:29 - 2017-02-26 17:29 - 00001196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software602 Form Filler.lnk
2017-02-26 17:29 - 2017-02-26 17:29 - 00001184 _____ C:\Users\Public\Desktop\Software602 Form Filler.lnk
2017-02-26 17:29 - 2017-02-26 17:29 - 00000000 ____D C:\Users\Deny\AppData\Roaming\602XML
2017-02-26 17:29 - 2017-02-26 17:29 - 00000000 ____D C:\Users\Deny\AppData\Roaming\602Installer
2017-02-26 17:29 - 2016-08-05 13:16 - 01762368 _____ C:\WINDOWS\system32\602convert.dll
2017-02-26 17:29 - 2015-07-14 13:27 - 00036864 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\602localmon.dll
2017-02-26 17:29 - 2014-02-05 14:51 - 00022528 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\602localui.dll
2017-02-26 17:29 - 2011-01-18 13:49 - 04940800 _____ (NiXPS NV) C:\WINDOWS\system32\NiXPS.dll
2017-02-26 17:28 - 2017-02-26 17:28 - 00000000 ____D C:\Program Files (x86)\Software602
2017-02-26 17:25 - 2017-02-26 17:25 - 01513649 _____ C:\Users\Deny\Downloads\RKPP+D1-D2+2017+-+Zadost+o+poskytnuti+dotace(1).fo
2017-02-26 17:13 - 2017-02-26 17:22 - 85926344 _____ C:\Users\Deny\Downloads\software602_form_filler(1).exe
2017-02-26 11:11 - 2017-02-26 11:11 - 01513649 _____ C:\Users\Deny\Downloads\RKPP+D1-D2+2017+-+Zadost+o+poskytnuti+dotace.fo
2017-02-23 22:23 - 2017-02-23 22:23 - 00003970 _____ C:\WINDOWS\System32\Tasks\{5F64B540-E8CF-02EB-AA6E-7ED3F1921630}
2017-02-23 22:23 - 2017-02-23 22:23 - 00000000 ____D C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}
2017-02-19 23:47 - 2017-02-19 23:48 - 03552817 _____ C:\Users\Deny\Downloads\erasmus-plus-programme-guide_cs.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-21 23:17 - 2016-11-21 17:47 - 00000000 ____D C:\Users\Deny\AppData\LocalLow\Mozilla
2017-03-21 23:14 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-21 23:11 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-21 23:08 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2017-03-21 22:11 - 2016-05-05 08:30 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-21 22:11 - 2016-05-05 08:30 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-21 17:47 - 2015-11-17 15:57 - 00000000 ____D C:\Users\Deny\Documents\Soubory aplikace Outlook
2017-03-21 17:41 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-21 17:29 - 2015-11-15 19:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-21 17:28 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-03-21 17:20 - 2017-02-15 14:04 - 00000000 ____D C:\Users\Deny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-03-21 17:20 - 2016-10-07 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-03-21 17:10 - 2015-12-10 18:15 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-21 17:10 - 2015-12-10 18:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-21 17:10 - 2015-11-15 19:47 - 00000000 ____D C:\Users\Deny
2017-03-21 16:58 - 2016-11-18 16:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-21 16:58 - 2016-09-02 09:37 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-21 16:58 - 2016-09-02 09:28 - 00000000 ____D C:\Program Files\TrueKey
2017-03-21 16:58 - 2015-11-15 16:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 23:07 - 2016-10-07 20:53 - 00000000 ____D C:\Program Files\KMSpico
2017-03-16 15:48 - 2015-11-15 20:35 - 00750014 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-16 15:48 - 2015-11-15 20:35 - 00150658 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-16 15:48 - 2015-11-15 19:55 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-15 14:09 - 2016-09-02 09:28 - 00004458 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-15 14:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-15 14:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-13 23:21 - 2015-11-17 13:05 - 00000000 ____D C:\Deny2015-16
2017-03-12 21:02 - 2015-11-16 20:36 - 00000000 ____D C:\Users\Deny\AppData\Roaming\vlc
2017-03-10 05:42 - 2015-10-30 08:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-10 05:42 - 2015-10-30 08:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-06 16:34 - 2017-01-28 09:34 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-06 16:34 - 2015-11-15 20:09 - 00002423 _____ C:\Users\Deny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-06 16:34 - 2015-11-15 20:09 - 00000000 ___RD C:\Users\Deny\OneDrive
2017-03-01 14:53 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-23 22:23 - 2017-01-23 15:15 - 00000000 ____D C:\ProgramData\{831058B4-34BB-EF1F-2726-988ACD209E7C}
2017-02-23 22:23 - 2017-01-23 15:15 - 00000000 ____D C:\ProgramData\{4B7EAE1C-FCD5-19B7-23E9-E4EEBA89DF32}
2017-02-23 22:23 - 2017-01-23 09:59 - 00000000 ____D C:\ProgramData\{84AB8978-3300-3ED3-D3FB-4F4BE5692127}
2017-02-23 22:23 - 2017-01-23 09:59 - 00000000 ____D C:\ProgramData\{0315E282-B4BE-5529-2A8C-D5688788669F}
2017-02-23 22:23 - 2017-01-19 15:33 - 00000000 ____D C:\ProgramData\{C2ECFBD0-7547-4C7B-2A92-C23F6FC78A82}
2017-02-23 22:23 - 2017-01-19 15:33 - 00000000 ____D C:\ProgramData\{BB14ED77-0CBF-5ADC-5A8E-5591D24556D5}
2017-02-23 22:23 - 2017-01-18 09:15 - 00000000 ____D C:\ProgramData\{E9BF0A00-5E14-BDAB-94EA-E5CCEC2E64D6}
2017-02-23 22:23 - 2017-01-18 09:15 - 00000000 ____D C:\ProgramData\{250B6240-92A0-D5EB-AEEC-ECCBF8FBA005}
2017-02-23 22:23 - 2017-01-17 15:15 - 00000000 ____D C:\ProgramData\{F7B1BF6C-401A-08C7-57AC-857BE4325722}
2017-02-23 22:23 - 2017-01-17 15:15 - 00000000 ____D C:\ProgramData\{B8A13C6B-0F0A-8BC0-3E15-3E4D0D52AFE1}
2017-02-23 22:23 - 2017-01-16 17:33 - 00000000 ____D C:\ProgramData\{9D75CF3A-2ADE-7891-FDDE-2287BF82B413}
2017-02-23 22:23 - 2017-01-16 17:33 - 00000000 ____D C:\ProgramData\{8744C162-30EF-76C9-9DE1-6E2C6697D8DE}
2017-02-23 22:23 - 2017-01-14 21:15 - 00000000 ____D C:\ProgramData\{DEF84855-6953-FFFE-3634-6C58A8C6CFD9}
2017-02-23 22:23 - 2017-01-14 21:15 - 00000000 ____D C:\ProgramData\{10E5A13C-A74E-1697-6C3A-DDDEE5DA4705}
2017-02-23 22:23 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\{4E1CFB3B-F9B7-4C90-A294-C14870EA21CE}
2017-02-23 22:23 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\{19161B94-AEBD-AC3F-2E1F-6D857933C94D}
2017-02-23 22:23 - 2017-01-13 15:15 - 00000000 ____D C:\ProgramData\{31656199-86CE-D632-8A72-FB56DE195B88}
2017-02-23 22:23 - 2017-01-13 15:15 - 00000000 ____D C:\ProgramData\{035FC58D-B4F4-7226-8CC9-3EB18BC9BEA1}
2017-02-23 22:23 - 2017-01-12 21:15 - 00000000 ____D C:\ProgramData\{FDD00CB7-4A7B-BB1C-CF95-6489D79B1E26}
2017-02-23 22:23 - 2017-01-12 21:15 - 00000000 ____D C:\ProgramData\{8112E788-36B9-5023-2ED1-193265FBF774}
2017-02-23 22:23 - 2017-01-12 15:15 - 00000000 ____D C:\ProgramData\{F3798AA6-44D2-3D0D-A5D6-CC8383CC0AA2}
2017-02-23 22:23 - 2017-01-12 15:15 - 00000000 ____D C:\ProgramData\{73748CEB-C4DF-3B40-B80D-F9366C640936}
2017-02-23 22:23 - 2017-01-12 00:31 - 00000000 ____D C:\ProgramData\{6E27ED0A-D98C-5AA1-2D09-90F1F5426858}
2017-02-23 22:23 - 2017-01-12 00:31 - 00000000 ____D C:\ProgramData\{0B44BB64-BCEF-0CCF-6E16-B749B213F58C}
2017-02-23 22:23 - 2017-01-11 18:34 - 00000000 ____D C:\ProgramData\{9A23EFB3-2D88-5818-8276-AF90BE73A703}
2017-02-23 22:23 - 2017-01-11 18:34 - 00000000 ____D C:\ProgramData\{1CE0E518-AB4B-52B3-E5F0-696CCF5F9A12}
2017-02-23 22:23 - 2016-12-19 21:16 - 00000000 ____D C:\ProgramData\{D39CE552-6437-52F9-8BC9-503009E7D460}
2017-02-23 22:23 - 2016-12-19 21:16 - 00000000 ____D C:\ProgramData\{BE9AADE6-0931-1A4D-7D2D-EF72429C7335}
2017-02-23 22:23 - 2016-12-16 21:15 - 00000000 ____D C:\ProgramData\{F4308321-439B-348A-0421-44F51780EA44}
2017-02-23 22:23 - 2016-12-16 21:15 - 00000000 ____D C:\ProgramData\{2EE23CD3-9949-8B78-29C7-4F164AD8696F}
2017-02-23 22:23 - 2016-12-16 15:16 - 00000000 ____D C:\ProgramData\{68898190-DF22-363B-1A43-A7CDDD64F2B5}
2017-02-23 22:23 - 2016-12-16 15:16 - 00000000 ____D C:\ProgramData\{21073AB8-96AC-8D13-2B6D-F859A727393A}
2017-02-23 22:23 - 2016-11-25 21:47 - 00000000 ____D C:\ProgramData\{7CD8CDFF-CB73-7A54-AA73-FD871A3F9F64}
2017-02-21 22:13 - 2015-11-17 13:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-20 09:30 - 2016-09-02 09:38 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-02-19 11:35 - 2016-06-12 20:51 - 00000000 ____D C:\WINDOWS\Minidump
==================== Files in the root of some directories =======
2016-06-17 07:54 - 2016-06-17 07:54 - 0001459 _____ () C:\Users\Deny\AppData\Roaming\26.svg
2016-06-17 07:54 - 2016-06-17 07:54 - 0003634 _____ () C:\Users\Deny\AppData\Roaming\Adobe-GB1-1
2016-10-04 18:54 - 2016-10-04 18:54 - 0059632 _____ () C:\Users\Deny\AppData\Roaming\bifurcations.jfh
2016-06-17 07:53 - 2016-06-17 07:53 - 0000333 _____ () C:\Users\Deny\AppData\Roaming\descript.ion
2016-06-17 07:53 - 2016-06-17 07:53 - 0002472 _____ () C:\Users\Deny\AppData\Roaming\dfrg.png
2016-10-28 07:43 - 2016-10-28 07:43 - 0038446 _____ () C:\Users\Deny\AppData\Roaming\Hodnoty oddělené čárkami (Windows).ADR
2016-10-07 20:40 - 2016-10-07 20:44 - 0059986 _____ () C:\Users\Deny\AppData\Roaming\Introvert.R
2016-10-04 18:54 - 2016-10-04 18:54 - 0000354 _____ () C:\Users\Deny\AppData\Roaming\waveguides.jkw
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-09 23:17
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:102.24 GB) (Free:0.35 GB) NTFS
Drive d: () (Fixed) (Total:195.31 GB) (Free:29.74 GB) NTFS
Drive e: (Transcend) (Fixed) (Total:149.01 GB) (Free:29.1 GB) FAT32
Available physical RAM: 5608.91 MB
Total physical RAM: 7679.39 MB
Percentage of memory in use: 26%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F9DED0E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Disk: 1 (Size: 149.1 GB) (Disk ID: B3C6207D)
Partition 1: (Not Active) - (Size=149 GB) - (Type=0C)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Deny\Desktop" je 8082 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Deny (administrator) on DENY-PRACOVNÍ (21-03-2017 23:18:05)
Running from C:\Users\Deny\Desktop
Loaded Profiles: Deny (Available Profiles: Deny)
Platform: Windows 10 Pro Version 1511 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe
(forum.viry.cz) C:\Users\Deny\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{26d9bdf7-b9a1-4f1c-8c37-c253c61b71f8}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{5c94752b-eb68-4add-9da5-229a793977dd}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{c4544e4f-d6cd-4554-aebc-d4acdd76f7da}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f13c9154-9f3d-4f57-b2f3-6a69075f9efb}: [DhcpNameServer] 10.0.1.1
Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)
FireFox:
========
FF DefaultProfile: 4lhy7pbi.default
FF ProfilePath: C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default [2017-03-21]
FF Extension: (2020 3D Viewer for IKEA) - C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\Extensions\2020Player_IKEA@2020Technologies.com [2017-03-05]
FF Extension: (Adblock Plus) - C:\Users\Deny\AppData\Roaming\Mozilla\Firefox\Profiles\4lhy7pbi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default [2017-03-21]
CHR Extension: (Prezentace Google) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-30]
CHR Extension: (Dokumenty Google) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-30]
CHR Extension: (Disk Google) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-30]
CHR Extension: (YouTube) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Tabulky Google) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-16]
CHR Extension: (Gmail) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Deny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
CHR HKU\S-1-5-21-565801332-904124149-31075428-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-11-15] (Macrovision Europe Ltd.) [File not signed]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [985280 2015-07-22] (@ByELDI) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 athur; C:\WINDOWS\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Qualcomm Atheros Communications, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-11-15] (Disc Soft Ltd)
U5 NetPeeker; C:\Windows\System32\Drivers\NetPeeker.sys [1757648 2016-06-12] (eMing Software Inc.)
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [3870464 2015-10-01] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-21 23:18 - 2017-03-21 23:18 - 00011167 _____ C:\Users\Deny\Desktop\FRST.txt
2017-03-21 23:18 - 2017-03-21 23:18 - 00000000 ____D C:\FRST
2017-03-21 23:00 - 2017-03-21 23:17 - 02424832 _____ (Farbar) C:\Users\Deny\Desktop\FRST64.exe
2017-03-21 22:57 - 2017-03-21 23:17 - 00112640 _____ (forum.viry.cz) C:\Users\Deny\Desktop\FRSTLauncher.exe
2017-03-21 17:29 - 2017-03-21 17:29 - 02204736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-21 17:07 - 2017-03-21 17:10 - 00000000 ____D C:\AdwCleaner
2017-03-21 17:06 - 2017-03-21 17:07 - 04031440 _____ C:\Users\Deny\Desktop\adwcleaner_6.044.exe
2017-03-15 13:47 - 2017-03-15 13:47 - 00058697 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20161201-20161231_cislo-8(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00058004 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20170101-20170131_cislo-1.pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00052873 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160901-20160930_cislo-5(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00051541 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160801-20160831_cislo-4(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00050497 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160501-20160630_cislo-2(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00048088 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20161101-20161130_cislo-7(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00047935 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20161001-20161031_cislo-6(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00045620 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160701-20160731_cislo-3(1).pdf
2017-03-15 13:47 - 2017-03-15 13:47 - 00044998 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160330-20160430_cislo-1(1).pdf
2017-03-13 16:34 - 2017-03-13 16:53 - 321087299 _____ C:\Users\Deny\Downloads\StarArt-Husová-rekonstrukce - Kopie(1).rar
2017-03-13 11:15 - 2017-03-13 11:15 - 00909639 _____ C:\Users\Deny\Downloads\Street-Art web stránka.json
2017-03-06 23:18 - 2017-03-06 23:51 - 735531724 _____ C:\Users\Deny\Downloads\21_Day_Drawing_Challenge (201702).zip
2017-03-05 13:48 - 2017-03-05 13:49 - 00000000 ____D C:\rsit
2017-03-05 13:48 - 2017-03-05 13:48 - 01324032 _____ C:\Users\Deny\Downloads\RSITx64.exe
2017-03-05 13:48 - 2017-03-05 13:48 - 00000000 ____D C:\Program Files\trend micro
2017-02-28 22:08 - 2017-02-28 22:08 - 00058697 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20161201-20161231_cislo-8.pdf
2017-02-28 22:07 - 2017-02-28 22:07 - 00052873 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160901-20160930_cislo-5.pdf
2017-02-28 22:07 - 2017-02-28 22:07 - 00051541 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160801-20160831_cislo-4.pdf
2017-02-28 22:07 - 2017-02-28 22:07 - 00050497 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160501-20160630_cislo-2.pdf
2017-02-28 22:07 - 2017-02-28 22:07 - 00048088 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20161101-20161130_cislo-7.pdf
2017-02-28 22:07 - 2017-02-28 22:07 - 00047935 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20161001-20161031_cislo-6.pdf
2017-02-28 22:07 - 2017-02-28 22:07 - 00045620 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160701-20160731_cislo-3.pdf
2017-02-28 22:06 - 2017-02-28 22:06 - 00044998 _____ C:\Users\Deny\Downloads\Vypis_z_uctu-2300970219_20160330-20160430_cislo-1.pdf
2017-02-26 17:33 - 2017-02-26 17:33 - 01522088 _____ C:\Users\Deny\Downloads\Zadost o dotaci workshopy unor 2017.fo
2017-02-26 17:30 - 2017-02-26 17:30 - 00000000 ____D C:\Users\Deny\AppData\Roaming\Software602
2017-02-26 17:29 - 2017-02-26 17:29 - 00001196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software602 Form Filler.lnk
2017-02-26 17:29 - 2017-02-26 17:29 - 00001184 _____ C:\Users\Public\Desktop\Software602 Form Filler.lnk
2017-02-26 17:29 - 2017-02-26 17:29 - 00000000 ____D C:\Users\Deny\AppData\Roaming\602XML
2017-02-26 17:29 - 2017-02-26 17:29 - 00000000 ____D C:\Users\Deny\AppData\Roaming\602Installer
2017-02-26 17:29 - 2016-08-05 13:16 - 01762368 _____ C:\WINDOWS\system32\602convert.dll
2017-02-26 17:29 - 2015-07-14 13:27 - 00036864 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\602localmon.dll
2017-02-26 17:29 - 2014-02-05 14:51 - 00022528 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\602localui.dll
2017-02-26 17:29 - 2011-01-18 13:49 - 04940800 _____ (NiXPS NV) C:\WINDOWS\system32\NiXPS.dll
2017-02-26 17:28 - 2017-02-26 17:28 - 00000000 ____D C:\Program Files (x86)\Software602
2017-02-26 17:25 - 2017-02-26 17:25 - 01513649 _____ C:\Users\Deny\Downloads\RKPP+D1-D2+2017+-+Zadost+o+poskytnuti+dotace(1).fo
2017-02-26 17:13 - 2017-02-26 17:22 - 85926344 _____ C:\Users\Deny\Downloads\software602_form_filler(1).exe
2017-02-26 11:11 - 2017-02-26 11:11 - 01513649 _____ C:\Users\Deny\Downloads\RKPP+D1-D2+2017+-+Zadost+o+poskytnuti+dotace.fo
2017-02-23 22:23 - 2017-02-23 22:23 - 00003970 _____ C:\WINDOWS\System32\Tasks\{5F64B540-E8CF-02EB-AA6E-7ED3F1921630}
2017-02-23 22:23 - 2017-02-23 22:23 - 00000000 ____D C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}
2017-02-19 23:47 - 2017-02-19 23:48 - 03552817 _____ C:\Users\Deny\Downloads\erasmus-plus-programme-guide_cs.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-21 23:17 - 2016-11-21 17:47 - 00000000 ____D C:\Users\Deny\AppData\LocalLow\Mozilla
2017-03-21 23:14 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-21 23:11 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-21 23:08 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2017-03-21 22:11 - 2016-05-05 08:30 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-21 22:11 - 2016-05-05 08:30 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-21 17:47 - 2015-11-17 15:57 - 00000000 ____D C:\Users\Deny\Documents\Soubory aplikace Outlook
2017-03-21 17:41 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-21 17:29 - 2015-11-15 19:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-21 17:28 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-03-21 17:20 - 2017-02-15 14:04 - 00000000 ____D C:\Users\Deny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-03-21 17:20 - 2016-10-07 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-03-21 17:10 - 2015-12-10 18:15 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-21 17:10 - 2015-12-10 18:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-21 17:10 - 2015-11-15 19:47 - 00000000 ____D C:\Users\Deny
2017-03-21 16:58 - 2016-11-18 16:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-21 16:58 - 2016-09-02 09:37 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-21 16:58 - 2016-09-02 09:28 - 00000000 ____D C:\Program Files\TrueKey
2017-03-21 16:58 - 2015-11-15 16:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 23:07 - 2016-10-07 20:53 - 00000000 ____D C:\Program Files\KMSpico
2017-03-16 15:48 - 2015-11-15 20:35 - 00750014 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-16 15:48 - 2015-11-15 20:35 - 00150658 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-16 15:48 - 2015-11-15 19:55 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-15 14:09 - 2016-09-02 09:28 - 00004458 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-15 14:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-15 14:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-13 23:21 - 2015-11-17 13:05 - 00000000 ____D C:\Deny2015-16
2017-03-12 21:02 - 2015-11-16 20:36 - 00000000 ____D C:\Users\Deny\AppData\Roaming\vlc
2017-03-10 05:42 - 2015-10-30 08:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-10 05:42 - 2015-10-30 08:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-06 16:34 - 2017-01-28 09:34 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-06 16:34 - 2015-11-15 20:09 - 00002423 _____ C:\Users\Deny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-06 16:34 - 2015-11-15 20:09 - 00000000 ___RD C:\Users\Deny\OneDrive
2017-03-01 14:53 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-23 22:23 - 2017-01-23 15:15 - 00000000 ____D C:\ProgramData\{831058B4-34BB-EF1F-2726-988ACD209E7C}
2017-02-23 22:23 - 2017-01-23 15:15 - 00000000 ____D C:\ProgramData\{4B7EAE1C-FCD5-19B7-23E9-E4EEBA89DF32}
2017-02-23 22:23 - 2017-01-23 09:59 - 00000000 ____D C:\ProgramData\{84AB8978-3300-3ED3-D3FB-4F4BE5692127}
2017-02-23 22:23 - 2017-01-23 09:59 - 00000000 ____D C:\ProgramData\{0315E282-B4BE-5529-2A8C-D5688788669F}
2017-02-23 22:23 - 2017-01-19 15:33 - 00000000 ____D C:\ProgramData\{C2ECFBD0-7547-4C7B-2A92-C23F6FC78A82}
2017-02-23 22:23 - 2017-01-19 15:33 - 00000000 ____D C:\ProgramData\{BB14ED77-0CBF-5ADC-5A8E-5591D24556D5}
2017-02-23 22:23 - 2017-01-18 09:15 - 00000000 ____D C:\ProgramData\{E9BF0A00-5E14-BDAB-94EA-E5CCEC2E64D6}
2017-02-23 22:23 - 2017-01-18 09:15 - 00000000 ____D C:\ProgramData\{250B6240-92A0-D5EB-AEEC-ECCBF8FBA005}
2017-02-23 22:23 - 2017-01-17 15:15 - 00000000 ____D C:\ProgramData\{F7B1BF6C-401A-08C7-57AC-857BE4325722}
2017-02-23 22:23 - 2017-01-17 15:15 - 00000000 ____D C:\ProgramData\{B8A13C6B-0F0A-8BC0-3E15-3E4D0D52AFE1}
2017-02-23 22:23 - 2017-01-16 17:33 - 00000000 ____D C:\ProgramData\{9D75CF3A-2ADE-7891-FDDE-2287BF82B413}
2017-02-23 22:23 - 2017-01-16 17:33 - 00000000 ____D C:\ProgramData\{8744C162-30EF-76C9-9DE1-6E2C6697D8DE}
2017-02-23 22:23 - 2017-01-14 21:15 - 00000000 ____D C:\ProgramData\{DEF84855-6953-FFFE-3634-6C58A8C6CFD9}
2017-02-23 22:23 - 2017-01-14 21:15 - 00000000 ____D C:\ProgramData\{10E5A13C-A74E-1697-6C3A-DDDEE5DA4705}
2017-02-23 22:23 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\{4E1CFB3B-F9B7-4C90-A294-C14870EA21CE}
2017-02-23 22:23 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\{19161B94-AEBD-AC3F-2E1F-6D857933C94D}
2017-02-23 22:23 - 2017-01-13 15:15 - 00000000 ____D C:\ProgramData\{31656199-86CE-D632-8A72-FB56DE195B88}
2017-02-23 22:23 - 2017-01-13 15:15 - 00000000 ____D C:\ProgramData\{035FC58D-B4F4-7226-8CC9-3EB18BC9BEA1}
2017-02-23 22:23 - 2017-01-12 21:15 - 00000000 ____D C:\ProgramData\{FDD00CB7-4A7B-BB1C-CF95-6489D79B1E26}
2017-02-23 22:23 - 2017-01-12 21:15 - 00000000 ____D C:\ProgramData\{8112E788-36B9-5023-2ED1-193265FBF774}
2017-02-23 22:23 - 2017-01-12 15:15 - 00000000 ____D C:\ProgramData\{F3798AA6-44D2-3D0D-A5D6-CC8383CC0AA2}
2017-02-23 22:23 - 2017-01-12 15:15 - 00000000 ____D C:\ProgramData\{73748CEB-C4DF-3B40-B80D-F9366C640936}
2017-02-23 22:23 - 2017-01-12 00:31 - 00000000 ____D C:\ProgramData\{6E27ED0A-D98C-5AA1-2D09-90F1F5426858}
2017-02-23 22:23 - 2017-01-12 00:31 - 00000000 ____D C:\ProgramData\{0B44BB64-BCEF-0CCF-6E16-B749B213F58C}
2017-02-23 22:23 - 2017-01-11 18:34 - 00000000 ____D C:\ProgramData\{9A23EFB3-2D88-5818-8276-AF90BE73A703}
2017-02-23 22:23 - 2017-01-11 18:34 - 00000000 ____D C:\ProgramData\{1CE0E518-AB4B-52B3-E5F0-696CCF5F9A12}
2017-02-23 22:23 - 2016-12-19 21:16 - 00000000 ____D C:\ProgramData\{D39CE552-6437-52F9-8BC9-503009E7D460}
2017-02-23 22:23 - 2016-12-19 21:16 - 00000000 ____D C:\ProgramData\{BE9AADE6-0931-1A4D-7D2D-EF72429C7335}
2017-02-23 22:23 - 2016-12-16 21:15 - 00000000 ____D C:\ProgramData\{F4308321-439B-348A-0421-44F51780EA44}
2017-02-23 22:23 - 2016-12-16 21:15 - 00000000 ____D C:\ProgramData\{2EE23CD3-9949-8B78-29C7-4F164AD8696F}
2017-02-23 22:23 - 2016-12-16 15:16 - 00000000 ____D C:\ProgramData\{68898190-DF22-363B-1A43-A7CDDD64F2B5}
2017-02-23 22:23 - 2016-12-16 15:16 - 00000000 ____D C:\ProgramData\{21073AB8-96AC-8D13-2B6D-F859A727393A}
2017-02-23 22:23 - 2016-11-25 21:47 - 00000000 ____D C:\ProgramData\{7CD8CDFF-CB73-7A54-AA73-FD871A3F9F64}
2017-02-21 22:13 - 2015-11-17 13:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-20 09:30 - 2016-09-02 09:38 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-02-19 11:35 - 2016-06-12 20:51 - 00000000 ____D C:\WINDOWS\Minidump
==================== Files in the root of some directories =======
2016-06-17 07:54 - 2016-06-17 07:54 - 0001459 _____ () C:\Users\Deny\AppData\Roaming\26.svg
2016-06-17 07:54 - 2016-06-17 07:54 - 0003634 _____ () C:\Users\Deny\AppData\Roaming\Adobe-GB1-1
2016-10-04 18:54 - 2016-10-04 18:54 - 0059632 _____ () C:\Users\Deny\AppData\Roaming\bifurcations.jfh
2016-06-17 07:53 - 2016-06-17 07:53 - 0000333 _____ () C:\Users\Deny\AppData\Roaming\descript.ion
2016-06-17 07:53 - 2016-06-17 07:53 - 0002472 _____ () C:\Users\Deny\AppData\Roaming\dfrg.png
2016-10-28 07:43 - 2016-10-28 07:43 - 0038446 _____ () C:\Users\Deny\AppData\Roaming\Hodnoty oddělené čárkami (Windows).ADR
2016-10-07 20:40 - 2016-10-07 20:44 - 0059986 _____ () C:\Users\Deny\AppData\Roaming\Introvert.R
2016-10-04 18:54 - 2016-10-04 18:54 - 0000354 _____ () C:\Users\Deny\AppData\Roaming\waveguides.jkw
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-09 23:17
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:102.24 GB) (Free:0.35 GB) NTFS
Drive d: () (Fixed) (Total:195.31 GB) (Free:29.74 GB) NTFS
Drive e: (Transcend) (Fixed) (Total:149.01 GB) (Free:29.1 GB) FAT32
Available physical RAM: 5608.91 MB
Total physical RAM: 7679.39 MB
Percentage of memory in use: 26%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F9DED0E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Disk: 1 (Size: 149.1 GB) (Disk ID: B3C6207D)
Partition 1: (Not Active) - (Size=149 GB) - (Type=0C)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Deny\Desktop" je 8082 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
Re: Zanesený prohlížeč
V pripade teto haveti je pro me log Addition.txt velice dulezity. Znovu spustte FRST64.exe (bez FRSTLauncheru), vpravo dole zatrhnete checkbox Addition.txt a kliknete na Scan. Nasledne se vygeneruje i Addition.txt, jehoz obsah vlozte do pristi odpovedi.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Zanesený prohlížeč
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Deny (22-03-2017 06:58:56)
Running from C:\Users\Deny\Desktop
Windows 10 Pro Version 1511 (X64) (2015-11-15 19:06:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-565801332-904124149-31075428-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-565801332-904124149-31075428-503 - Limited - Disabled)
Deny (S-1-5-21-565801332-904124149-31075428-1001 - Administrator - Enabled) => C:\Users\Deny
Guest (S-1-5-21-565801332-904124149-31075428-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-565801332-904124149-31075428-1002 - Limited - Enabled)
kanto (S-1-5-21-565801332-904124149-31075428-1004 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Canon MG8200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8200_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-565801332-904124149-31075428-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 cs)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Software602 Form Filler (HKLM-x32\...\{04703FE3-1A8B-4467-88E6-3D6A1A0FA65A}) (Version: 4.70 - Software602 a.s.)
Taskbar Hide (HKLM-x32\...\Taskbar Hide) (Version: - )
TP-LINK Wireless Client Utility (x32 Version: 7.0 - TP-LINK) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.30 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.6 - win.rar GmbH)
Zoner Media Explorer 6 (HKLM-x32\...\{766D51EF-3F9E-490F-8490-0F24910F18BC}) (Version: 6.0.4000.2 - ZONER software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00D9992A-5B70-49E5-9E13-2099A5953A58} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {03BF965A-E76C-490C-8586-34D1C63F4712} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {14B1C2C7-B905-47B4-9DBE-63D6C413525F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {16E47E20-E889-4F6D-A916-55FDDE5A685E} - System32\Tasks\{5F64B540-E8CF-02EB-AA6E-7ED3F1921630} => C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe [2017-02-23] () <==== ATTENTION
Task: {2160D4AB-38B6-481B-A1CA-58D73FBE8A6E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2A14BEC4-71FE-489E-B4D6-191880DF2E28} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2B5C2B94-9C2A-4EAE-8925-5B89E0AC7E5A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {369B877F-CE18-4F53-8877-5A838AD88DD7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {42AFE671-43F9-49B7-9432-E39CF88C9FCD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {506C4299-6CE7-4863-AE74-0D2097BDEEF2} - System32\Tasks\{5835B1AE-48E1-46C1-91DF-98636A60AA55} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" -c /uninstall PROPLUSR /dll OSETUP.DLL
Task: {5AB52C29-70B5-4E7C-B7B6-D6A9C89D959D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-07-22] (@ByELDI)
Task: {605F1C19-CABE-4A61-96D0-3E3EA44DAC95} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-565801332-904124149-31075428-1001UA => C:\Users\Deny\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {652A8B5C-BC4E-4AFA-AF4A-0CBAD7345EA9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {6D4C787D-0F6B-4CFD-94E4-082E27CFB4A2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {6F13790F-FD82-478E-B859-BA7A053228F7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {71AB459F-0912-4303-BE7F-3FFC1BD570F9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {724B0D6C-6866-4E63-8E67-B3FBCC424C38} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {77504773-3985-4A12-916D-8D6A60ED7C1C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {7769F27E-B993-4D5D-B07E-59626092B25B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {816E3563-3EF9-4693-83B3-E3CDF6643AF7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {925C17F2-A030-4474-8CF7-609815C79315} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {93FA8A90-BE31-4F2D-8A61-CFD401498949} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {9E6F9A61-B05E-4A48-8A08-F0BFA8F7512C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
Task: {A4567C55-9D5C-4AEB-B99C-7EF2BE583CB9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A47755F7-8D4E-4D08-AF96-2E4874AB6A4A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {A87D5AB7-C169-442A-9830-EAB11930C268} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AED3AF0A-E423-40A0-B74B-A0AC90060851} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B66DF9C1-5AFE-441C-83E4-67061C2D3B18} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {BF56E1C6-01A1-4F87-94DC-CDFA395C997F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {BF9F3842-4E27-48C0-8FAC-6A5948609C30} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-03-21] (Microsoft Corporation)
Task: {C675B220-9ED8-4D05-B7FF-8BA6697C54BE} - System32\Tasks\{B876BB85-347E-7683-5516-41A8F150DF0C} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\49f008a6\144ef826.dll" <==== ATTENTION
Task: {F1C32900-63B3-4A37-BABB-B733468A7DF1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {F8D15817-B731-4953-A2E3-14DD02476803} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {FB0F1985-F893-46D5-B782-DBC405483FD9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FB42EB40-208B-47A0-8F01-3AB9B96DA332} - System32\Tasks\{72623A87-5C81-41CF-ACAC-2FA41C3D60C7} => pcalua.exe -a "F:\INSTALAČKY\ZONER 6\start.exe" -d "F:\INSTALAČKY\ZONER 6"
Task: {FD5EF671-910B-48FE-9B56-19D712D3FED1} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {FFD5F670-6BE1-456A-9480-4F845BF3E4A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-11-09 19:04 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-09 19:04 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-19 13:06 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 20:56 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-09 19:04 - 2016-10-25 05:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 19:04 - 2016-10-25 05:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 19:04 - 2016-10-25 05:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 19:05 - 2016-10-25 05:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 08:43 - 2016-04-19 08:44 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2017-02-23 22:23 - 2017-02-23 22:23 - 01433088 _____ () C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe
2016-04-19 08:43 - 2016-04-19 08:44 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 08:43 - 2016-04-19 08:44 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2017-03-21 17:22 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-565801332-904124149-31075428-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Deny\Desktop\sova.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKU\S-1-5-21-565801332-904124149-31075428-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0A336899-2D5C-4CDA-A518-DF8486366B84}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC06A55B-6337-4001-8666-182B5A345535}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B72F07F7-CDB9-4BA5-B438-9BED3C40607E}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{0CA285A9-7039-4013-870D-9E04267AEBCA}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [{5A4C3C22-12DA-4961-890D-AA4489E6453F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{255F17F2-8B3C-4C7C-BA80-3A549696C4A5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4CB21205-AE3E-45BD-8C92-DE315418AA4A}C:\users\deny\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deny\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{44452E33-86B3-4FF1-9E12-FA3DFD8E868C}C:\users\deny\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deny\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{6E2E1D7B-C7FA-4516-863F-A4027E27A154}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe
FirewallRules: [{B360A459-C270-4B5F-A43A-18BE697B5448}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe
FirewallRules: [{C34DE2D0-157A-4370-9B73-AAE41E92F3E6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name: Kompatibilní myš PS/2
Description: Kompatibilní myš PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/22/2017 12:07:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deny-pracovní)
Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (03/21/2017 05:26:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: taskhostw.exe, verze: 10.0.10586.0, časové razítko: 0x5632d756
Název chybujícího modulu: ntdll.dll, verze: 10.0.10586.672, časové razítko: 0x580ee321
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000231f7
ID chybujícího procesu: 0xe14
Čas spuštění chybující aplikace: 0x01d2a25ff50008d6
Cesta k chybující aplikaci: C:\WINDOWS\system32\taskhostw.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: df260b8b-0c83-40ca-bada-5f73b7de5f79
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (03/22/2017 12:07:42 AM) (Source: DCOM) (EventID: 10010) (User: Deny-pracovní)
Description: Server App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/22/2017 12:07:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Sync Host_2d9cf byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.
Error: (03/21/2017 11:19:49 PM) (Source: DCOM) (EventID: 10016) (User: Deny-pracovní)
Description: Nastavení oprávnění machine-default neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli Deny-pracovní\Deny (SID: S-1-5-21-565801332-904124149-31075428-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (03/21/2017 11:19:49 PM) (Source: DCOM) (EventID: 10016) (User: Deny-pracovní)
Description: Nastavení oprávnění machine-default neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli Deny-pracovní\Deny (SID: S-1-5-21-565801332-904124149-31075428-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (03/21/2017 11:08:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.
Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll
Kód chyby: 126
Error: (03/21/2017 11:08:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Služba Automatická konfigurace sítě WLAN zjistila při resetování nebo zotavení adaptéru omezené připojení.
Kód: 8 0x0 0x0
Error: (03/21/2017 11:08:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Služba Automatická konfigurace sítě WLAN zjistila při resetování nebo zotavení adaptéru omezené připojení.
Kód: 2 0xdeaddeed 0xeeec
Error: (03/21/2017 11:08:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Služba Automatická konfigurace sítě WLAN zjistila při resetování nebo zotavení adaptéru omezené připojení.
Kód: 1 0xc 0x4
Error: (03/21/2017 10:11:26 PM) (Source: DCOM) (EventID: 10016) (User: Deny-pracovní)
Description: Nastavení oprávnění machine-default neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli Deny-pracovní\Deny (SID: S-1-5-21-565801332-904124149-31075428-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (03/21/2017 10:11:26 PM) (Source: DCOM) (EventID: 10016) (User: Deny-pracovní)
Description: Nastavení oprávnění machine-default neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli Deny-pracovní\Deny (SID: S-1-5-21-565801332-904124149-31075428-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
CodeIntegrity:
===================================
Date: 2017-03-21 23:59:05.557
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-03-21 23:05:28.155
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-21 17:14:03.129
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-03-14 08:05:51.763
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-26 15:05:07.193
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-02-24 09:15:53.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-02-19 11:30:25.910
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-15 11:17:26.931
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-04 12:44:53.357
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-03 10:24:45.552
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 215 Processor
Percentage of memory in use: 19%
Total physical RAM: 7679.39 MB
Available physical RAM: 6144.12 MB
Total Virtual: 15359.39 MB
Available Virtual: 13828 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:102.24 GB) (Free:0.5 GB) NTFS
Drive d: () (Fixed) (Total:195.31 GB) (Free:29.74 GB) NTFS
Drive e: (Transcend) (Fixed) (Total:149.01 GB) (Free:29.1 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F9DED0E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: B3C6207D)
Partition 1: (Not Active) - (Size=149 GB) - (Type=0C)
==================== End of Addition.txt ============================
Ran by Deny (22-03-2017 06:58:56)
Running from C:\Users\Deny\Desktop
Windows 10 Pro Version 1511 (X64) (2015-11-15 19:06:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-565801332-904124149-31075428-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-565801332-904124149-31075428-503 - Limited - Disabled)
Deny (S-1-5-21-565801332-904124149-31075428-1001 - Administrator - Enabled) => C:\Users\Deny
Guest (S-1-5-21-565801332-904124149-31075428-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-565801332-904124149-31075428-1002 - Limited - Enabled)
kanto (S-1-5-21-565801332-904124149-31075428-1004 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Canon MG8200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8200_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-565801332-904124149-31075428-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 cs)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Software602 Form Filler (HKLM-x32\...\{04703FE3-1A8B-4467-88E6-3D6A1A0FA65A}) (Version: 4.70 - Software602 a.s.)
Taskbar Hide (HKLM-x32\...\Taskbar Hide) (Version: - )
TP-LINK Wireless Client Utility (x32 Version: 7.0 - TP-LINK) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.30 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.6 - win.rar GmbH)
Zoner Media Explorer 6 (HKLM-x32\...\{766D51EF-3F9E-490F-8490-0F24910F18BC}) (Version: 6.0.4000.2 - ZONER software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00D9992A-5B70-49E5-9E13-2099A5953A58} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {03BF965A-E76C-490C-8586-34D1C63F4712} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {14B1C2C7-B905-47B4-9DBE-63D6C413525F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {16E47E20-E889-4F6D-A916-55FDDE5A685E} - System32\Tasks\{5F64B540-E8CF-02EB-AA6E-7ED3F1921630} => C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe [2017-02-23] () <==== ATTENTION
Task: {2160D4AB-38B6-481B-A1CA-58D73FBE8A6E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2A14BEC4-71FE-489E-B4D6-191880DF2E28} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2B5C2B94-9C2A-4EAE-8925-5B89E0AC7E5A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {369B877F-CE18-4F53-8877-5A838AD88DD7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {42AFE671-43F9-49B7-9432-E39CF88C9FCD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {506C4299-6CE7-4863-AE74-0D2097BDEEF2} - System32\Tasks\{5835B1AE-48E1-46C1-91DF-98636A60AA55} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" -c /uninstall PROPLUSR /dll OSETUP.DLL
Task: {5AB52C29-70B5-4E7C-B7B6-D6A9C89D959D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-07-22] (@ByELDI)
Task: {605F1C19-CABE-4A61-96D0-3E3EA44DAC95} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-565801332-904124149-31075428-1001UA => C:\Users\Deny\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {652A8B5C-BC4E-4AFA-AF4A-0CBAD7345EA9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {6D4C787D-0F6B-4CFD-94E4-082E27CFB4A2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {6F13790F-FD82-478E-B859-BA7A053228F7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {71AB459F-0912-4303-BE7F-3FFC1BD570F9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {724B0D6C-6866-4E63-8E67-B3FBCC424C38} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {77504773-3985-4A12-916D-8D6A60ED7C1C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {7769F27E-B993-4D5D-B07E-59626092B25B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {816E3563-3EF9-4693-83B3-E3CDF6643AF7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {925C17F2-A030-4474-8CF7-609815C79315} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {93FA8A90-BE31-4F2D-8A61-CFD401498949} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {9E6F9A61-B05E-4A48-8A08-F0BFA8F7512C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
Task: {A4567C55-9D5C-4AEB-B99C-7EF2BE583CB9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A47755F7-8D4E-4D08-AF96-2E4874AB6A4A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {A87D5AB7-C169-442A-9830-EAB11930C268} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AED3AF0A-E423-40A0-B74B-A0AC90060851} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B66DF9C1-5AFE-441C-83E4-67061C2D3B18} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {BF56E1C6-01A1-4F87-94DC-CDFA395C997F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {BF9F3842-4E27-48C0-8FAC-6A5948609C30} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-03-21] (Microsoft Corporation)
Task: {C675B220-9ED8-4D05-B7FF-8BA6697C54BE} - System32\Tasks\{B876BB85-347E-7683-5516-41A8F150DF0C} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\49f008a6\144ef826.dll" <==== ATTENTION
Task: {F1C32900-63B3-4A37-BABB-B733468A7DF1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {F8D15817-B731-4953-A2E3-14DD02476803} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {FB0F1985-F893-46D5-B782-DBC405483FD9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FB42EB40-208B-47A0-8F01-3AB9B96DA332} - System32\Tasks\{72623A87-5C81-41CF-ACAC-2FA41C3D60C7} => pcalua.exe -a "F:\INSTALAČKY\ZONER 6\start.exe" -d "F:\INSTALAČKY\ZONER 6"
Task: {FD5EF671-910B-48FE-9B56-19D712D3FED1} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {FFD5F670-6BE1-456A-9480-4F845BF3E4A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-11-09 19:04 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-09 19:04 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-19 13:06 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 20:56 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-09 19:04 - 2016-10-25 05:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 19:04 - 2016-10-25 05:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 19:04 - 2016-10-25 05:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 19:05 - 2016-10-25 05:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 08:43 - 2016-04-19 08:44 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2017-02-23 22:23 - 2017-02-23 22:23 - 01433088 _____ () C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe
2016-04-19 08:43 - 2016-04-19 08:44 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 08:43 - 2016-04-19 08:44 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2017-03-21 17:22 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-565801332-904124149-31075428-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Deny\Desktop\sova.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKU\S-1-5-21-565801332-904124149-31075428-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0A336899-2D5C-4CDA-A518-DF8486366B84}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC06A55B-6337-4001-8666-182B5A345535}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B72F07F7-CDB9-4BA5-B438-9BED3C40607E}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{0CA285A9-7039-4013-870D-9E04267AEBCA}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [{5A4C3C22-12DA-4961-890D-AA4489E6453F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{255F17F2-8B3C-4C7C-BA80-3A549696C4A5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4CB21205-AE3E-45BD-8C92-DE315418AA4A}C:\users\deny\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deny\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{44452E33-86B3-4FF1-9E12-FA3DFD8E868C}C:\users\deny\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deny\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{6E2E1D7B-C7FA-4516-863F-A4027E27A154}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe
FirewallRules: [{B360A459-C270-4B5F-A43A-18BE697B5448}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe
FirewallRules: [{C34DE2D0-157A-4370-9B73-AAE41E92F3E6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name: Kompatibilní myš PS/2
Description: Kompatibilní myš PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/22/2017 12:07:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deny-pracovní)
Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (03/21/2017 05:26:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: taskhostw.exe, verze: 10.0.10586.0, časové razítko: 0x5632d756
Název chybujícího modulu: ntdll.dll, verze: 10.0.10586.672, časové razítko: 0x580ee321
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000231f7
ID chybujícího procesu: 0xe14
Čas spuštění chybující aplikace: 0x01d2a25ff50008d6
Cesta k chybující aplikaci: C:\WINDOWS\system32\taskhostw.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: df260b8b-0c83-40ca-bada-5f73b7de5f79
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (03/22/2017 12:07:42 AM) (Source: DCOM) (EventID: 10010) (User: Deny-pracovní)
Description: Server App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/22/2017 12:07:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Sync Host_2d9cf byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.
Error: (03/21/2017 11:19:49 PM) (Source: DCOM) (EventID: 10016) (User: Deny-pracovní)
Description: Nastavení oprávnění machine-default neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli Deny-pracovní\Deny (SID: S-1-5-21-565801332-904124149-31075428-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (03/21/2017 11:19:49 PM) (Source: DCOM) (EventID: 10016) (User: Deny-pracovní)
Description: Nastavení oprávnění machine-default neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli Deny-pracovní\Deny (SID: S-1-5-21-565801332-904124149-31075428-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (03/21/2017 11:08:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.
Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll
Kód chyby: 126
Error: (03/21/2017 11:08:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Služba Automatická konfigurace sítě WLAN zjistila při resetování nebo zotavení adaptéru omezené připojení.
Kód: 8 0x0 0x0
Error: (03/21/2017 11:08:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Služba Automatická konfigurace sítě WLAN zjistila při resetování nebo zotavení adaptéru omezené připojení.
Kód: 2 0xdeaddeed 0xeeec
Error: (03/21/2017 11:08:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Služba Automatická konfigurace sítě WLAN zjistila při resetování nebo zotavení adaptéru omezené připojení.
Kód: 1 0xc 0x4
Error: (03/21/2017 10:11:26 PM) (Source: DCOM) (EventID: 10016) (User: Deny-pracovní)
Description: Nastavení oprávnění machine-default neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli Deny-pracovní\Deny (SID: S-1-5-21-565801332-904124149-31075428-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (03/21/2017 10:11:26 PM) (Source: DCOM) (EventID: 10016) (User: Deny-pracovní)
Description: Nastavení oprávnění machine-default neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli Deny-pracovní\Deny (SID: S-1-5-21-565801332-904124149-31075428-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
CodeIntegrity:
===================================
Date: 2017-03-21 23:59:05.557
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-03-21 23:05:28.155
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-21 17:14:03.129
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-03-14 08:05:51.763
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-26 15:05:07.193
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-02-24 09:15:53.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-02-19 11:30:25.910
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-15 11:17:26.931
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-04 12:44:53.357
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-03 10:24:45.552
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 215 Processor
Percentage of memory in use: 19%
Total physical RAM: 7679.39 MB
Available physical RAM: 6144.12 MB
Total Virtual: 15359.39 MB
Available Virtual: 13828 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:102.24 GB) (Free:0.5 GB) NTFS
Drive d: () (Fixed) (Total:195.31 GB) (Free:29.74 GB) NTFS
Drive e: (Transcend) (Fixed) (Total:149.01 GB) (Free:29.1 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F9DED0E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: B3C6207D)
Partition 1: (Not Active) - (Size=149 GB) - (Type=0C)
==================== End of Addition.txt ============================
Re: Zanesený prohlížeč
Mate vypnutou funkci bodu obnoveni - velice doporucuji tuto funkci zapnout.
- Kliknete pravym na Tento pocitac -> Vlastnosti -> Upresnit nastaveni systemu -> nahore zalozka Ochrana systemu -> oznacte systemovy disk (vetsinou C: ) -> Konfigurovat -> vyberte Obnovit nastaveni systemu a predchozi verze souboru a ulozte klikem na Pouzit.
- Pokud si chcete hrat s velikosti mista na disku, ktere je vyuzito body obnoveni, nedoporucuji tuto hranici snizovat pod 1 GB. Pokud mate mista na disku dost, ponechte defaultni 3-5% vyuziti disku.
- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi
Kód: Vybrat vše
Start CreateRestorePoint: CloseProcesses: File: C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159 Tcpip\..\Interfaces\{26d9bdf7-b9a1-4f1c-8c37-c253c61b71f8}: [DhcpNameServer] 82.163.143.157 Tcpip\..\Interfaces\{5c94752b-eb68-4add-9da5-229a793977dd}: [DhcpNameServer] 82.163.143.157 R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [985280 2015-07-22] (@ByELDI) [File not signed] C:\Program Files\KMSpico U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath 2017-03-05 13:48 - 2017-03-05 13:49 - 00000000 ____D C:\rsit 2017-03-05 13:48 - 2017-03-05 13:48 - 01324032 _____ C:\Users\Deny\Downloads\RSITx64.exe 2017-03-05 13:48 - 2017-03-05 13:48 - 00000000 ____D C:\Program Files\trend micro Folder: C:\ProgramData\{831058B4-34BB-EF1F-2726-988ACD209E7C} 2017-02-23 22:23 - 2017-01-23 15:15 - 00000000 ____D C:\ProgramData\{831058B4-34BB-EF1F-2726-988ACD209E7C} 2017-02-23 22:23 - 2017-01-23 15:15 - 00000000 ____D C:\ProgramData\{4B7EAE1C-FCD5-19B7-23E9-E4EEBA89DF32} 2017-02-23 22:23 - 2017-01-23 09:59 - 00000000 ____D C:\ProgramData\{84AB8978-3300-3ED3-D3FB-4F4BE5692127} 2017-02-23 22:23 - 2017-01-23 09:59 - 00000000 ____D C:\ProgramData\{0315E282-B4BE-5529-2A8C-D5688788669F} 2017-02-23 22:23 - 2017-01-19 15:33 - 00000000 ____D C:\ProgramData\{C2ECFBD0-7547-4C7B-2A92-C23F6FC78A82} 2017-02-23 22:23 - 2017-01-19 15:33 - 00000000 ____D C:\ProgramData\{BB14ED77-0CBF-5ADC-5A8E-5591D24556D5} 2017-02-23 22:23 - 2017-01-18 09:15 - 00000000 ____D C:\ProgramData\{E9BF0A00-5E14-BDAB-94EA-E5CCEC2E64D6} 2017-02-23 22:23 - 2017-01-18 09:15 - 00000000 ____D C:\ProgramData\{250B6240-92A0-D5EB-AEEC-ECCBF8FBA005} 2017-02-23 22:23 - 2017-01-17 15:15 - 00000000 ____D C:\ProgramData\{F7B1BF6C-401A-08C7-57AC-857BE4325722} 2017-02-23 22:23 - 2017-01-17 15:15 - 00000000 ____D C:\ProgramData\{B8A13C6B-0F0A-8BC0-3E15-3E4D0D52AFE1} 2017-02-23 22:23 - 2017-01-16 17:33 - 00000000 ____D C:\ProgramData\{9D75CF3A-2ADE-7891-FDDE-2287BF82B413} 2017-02-23 22:23 - 2017-01-16 17:33 - 00000000 ____D C:\ProgramData\{8744C162-30EF-76C9-9DE1-6E2C6697D8DE} 2017-02-23 22:23 - 2017-01-14 21:15 - 00000000 ____D C:\ProgramData\{DEF84855-6953-FFFE-3634-6C58A8C6CFD9} 2017-02-23 22:23 - 2017-01-14 21:15 - 00000000 ____D C:\ProgramData\{10E5A13C-A74E-1697-6C3A-DDDEE5DA4705} 2017-02-23 22:23 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\{4E1CFB3B-F9B7-4C90-A294-C14870EA21CE} 2017-02-23 22:23 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\{19161B94-AEBD-AC3F-2E1F-6D857933C94D} 2017-02-23 22:23 - 2017-01-13 15:15 - 00000000 ____D C:\ProgramData\{31656199-86CE-D632-8A72-FB56DE195B88} 2017-02-23 22:23 - 2017-01-13 15:15 - 00000000 ____D C:\ProgramData\{035FC58D-B4F4-7226-8CC9-3EB18BC9BEA1} 2017-02-23 22:23 - 2017-01-12 21:15 - 00000000 ____D C:\ProgramData\{FDD00CB7-4A7B-BB1C-CF95-6489D79B1E26} 2017-02-23 22:23 - 2017-01-12 21:15 - 00000000 ____D C:\ProgramData\{8112E788-36B9-5023-2ED1-193265FBF774} 2017-02-23 22:23 - 2017-01-12 15:15 - 00000000 ____D C:\ProgramData\{F3798AA6-44D2-3D0D-A5D6-CC8383CC0AA2} 2017-02-23 22:23 - 2017-01-12 15:15 - 00000000 ____D C:\ProgramData\{73748CEB-C4DF-3B40-B80D-F9366C640936} 2017-02-23 22:23 - 2017-01-12 00:31 - 00000000 ____D C:\ProgramData\{6E27ED0A-D98C-5AA1-2D09-90F1F5426858} 2017-02-23 22:23 - 2017-01-12 00:31 - 00000000 ____D C:\ProgramData\{0B44BB64-BCEF-0CCF-6E16-B749B213F58C} 2017-02-23 22:23 - 2017-01-11 18:34 - 00000000 ____D C:\ProgramData\{9A23EFB3-2D88-5818-8276-AF90BE73A703} 2017-02-23 22:23 - 2017-01-11 18:34 - 00000000 ____D C:\ProgramData\{1CE0E518-AB4B-52B3-E5F0-696CCF5F9A12} 2017-02-23 22:23 - 2016-12-19 21:16 - 00000000 ____D C:\ProgramData\{D39CE552-6437-52F9-8BC9-503009E7D460} 2017-02-23 22:23 - 2016-12-19 21:16 - 00000000 ____D C:\ProgramData\{BE9AADE6-0931-1A4D-7D2D-EF72429C7335} 2017-02-23 22:23 - 2016-12-16 21:15 - 00000000 ____D C:\ProgramData\{F4308321-439B-348A-0421-44F51780EA44} 2017-02-23 22:23 - 2016-12-16 21:15 - 00000000 ____D C:\ProgramData\{2EE23CD3-9949-8B78-29C7-4F164AD8696F} 2017-02-23 22:23 - 2016-12-16 15:16 - 00000000 ____D C:\ProgramData\{68898190-DF22-363B-1A43-A7CDDD64F2B5} 2017-02-23 22:23 - 2016-12-16 15:16 - 00000000 ____D C:\ProgramData\{21073AB8-96AC-8D13-2B6D-F859A727393A} 2017-02-23 22:23 - 2016-11-25 21:47 - 00000000 ____D C:\ProgramData\{7CD8CDFF-CB73-7A54-AA73-FD871A3F9F64} File: C:\Users\Deny\AppData\Roaming\waveguides.jkw C:\Users\Deny\AppData\Roaming\waveguides.jkw Task: {16E47E20-E889-4F6D-A916-55FDDE5A685E} - System32\Tasks\{5F64B540-E8CF-02EB-AA6E-7ED3F1921630} => C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe [2017-02-23] () <==== ATTENTION Task: {5AB52C29-70B5-4E7C-B7B6-D6A9C89D959D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-07-22] (@ByELDI) Task: {C675B220-9ED8-4D05-B7FF-8BA6697C54BE} - System32\Tasks\{B876BB85-347E-7683-5516-41A8F150DF0C} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\49f008a6\144ef826.dll" <==== ATTENTION Task: {FB42EB40-208B-47A0-8F01-3AB9B96DA332} - System32\Tasks\{72623A87-5C81-41CF-ACAC-2FA41C3D60C7} => pcalua.exe -a "F:\INSTALAČKY\ZONER 6\start.exe" -d "F:\INSTALAČKY\ZONER 6" FirewallRules: [TCP Query User{B72F07F7-CDB9-4BA5-B438-9BED3C40607E}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe FirewallRules: [UDP Query User{0CA285A9-7039-4013-870D-9E04267AEBCA}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe C:\windows\kmsemulator.exe CMD: dir "C:\Windows\Inf" /AD CMD: dir "C:\PROGRA~1" CMD: dir "C:\PROGRA~2" CMD: dir "C:\PROGRA~3" CMD: dir "%localappdata%" CMD: dir "%appdata%" Hosts: EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Zanesený prohlížeč
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Deny (22-03-2017 14:39:05) Run:1
Running from C:\Users\Deny\Desktop
Loaded Profiles: Deny (Available Profiles: Deny)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe
Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{26d9bdf7-b9a1-4f1c-8c37-c253c61b71f8}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{5c94752b-eb68-4add-9da5-229a793977dd}: [DhcpNameServer] 82.163.143.157
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [985280 2015-07-22] (@ByELDI) [File not signed]
C:\Program Files\KMSpico
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
2017-03-05 13:48 - 2017-03-05 13:49 - 00000000 ____D C:\rsit
2017-03-05 13:48 - 2017-03-05 13:48 - 01324032 _____ C:\Users\Deny\Downloads\RSITx64.exe
2017-03-05 13:48 - 2017-03-05 13:48 - 00000000 ____D C:\Program Files\trend micro
Folder: C:\ProgramData\{831058B4-34BB-EF1F-2726-988ACD209E7C}
2017-02-23 22:23 - 2017-01-23 15:15 - 00000000 ____D C:\ProgramData\{831058B4-34BB-EF1F-2726-988ACD209E7C}
2017-02-23 22:23 - 2017-01-23 15:15 - 00000000 ____D C:\ProgramData\{4B7EAE1C-FCD5-19B7-23E9-E4EEBA89DF32}
2017-02-23 22:23 - 2017-01-23 09:59 - 00000000 ____D C:\ProgramData\{84AB8978-3300-3ED3-D3FB-4F4BE5692127}
2017-02-23 22:23 - 2017-01-23 09:59 - 00000000 ____D C:\ProgramData\{0315E282-B4BE-5529-2A8C-D5688788669F}
2017-02-23 22:23 - 2017-01-19 15:33 - 00000000 ____D C:\ProgramData\{C2ECFBD0-7547-4C7B-2A92-C23F6FC78A82}
2017-02-23 22:23 - 2017-01-19 15:33 - 00000000 ____D C:\ProgramData\{BB14ED77-0CBF-5ADC-5A8E-5591D24556D5}
2017-02-23 22:23 - 2017-01-18 09:15 - 00000000 ____D C:\ProgramData\{E9BF0A00-5E14-BDAB-94EA-E5CCEC2E64D6}
2017-02-23 22:23 - 2017-01-18 09:15 - 00000000 ____D C:\ProgramData\{250B6240-92A0-D5EB-AEEC-ECCBF8FBA005}
2017-02-23 22:23 - 2017-01-17 15:15 - 00000000 ____D C:\ProgramData\{F7B1BF6C-401A-08C7-57AC-857BE4325722}
2017-02-23 22:23 - 2017-01-17 15:15 - 00000000 ____D C:\ProgramData\{B8A13C6B-0F0A-8BC0-3E15-3E4D0D52AFE1}
2017-02-23 22:23 - 2017-01-16 17:33 - 00000000 ____D C:\ProgramData\{9D75CF3A-2ADE-7891-FDDE-2287BF82B413}
2017-02-23 22:23 - 2017-01-16 17:33 - 00000000 ____D C:\ProgramData\{8744C162-30EF-76C9-9DE1-6E2C6697D8DE}
2017-02-23 22:23 - 2017-01-14 21:15 - 00000000 ____D C:\ProgramData\{DEF84855-6953-FFFE-3634-6C58A8C6CFD9}
2017-02-23 22:23 - 2017-01-14 21:15 - 00000000 ____D C:\ProgramData\{10E5A13C-A74E-1697-6C3A-DDDEE5DA4705}
2017-02-23 22:23 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\{4E1CFB3B-F9B7-4C90-A294-C14870EA21CE}
2017-02-23 22:23 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\{19161B94-AEBD-AC3F-2E1F-6D857933C94D}
2017-02-23 22:23 - 2017-01-13 15:15 - 00000000 ____D C:\ProgramData\{31656199-86CE-D632-8A72-FB56DE195B88}
2017-02-23 22:23 - 2017-01-13 15:15 - 00000000 ____D C:\ProgramData\{035FC58D-B4F4-7226-8CC9-3EB18BC9BEA1}
2017-02-23 22:23 - 2017-01-12 21:15 - 00000000 ____D C:\ProgramData\{FDD00CB7-4A7B-BB1C-CF95-6489D79B1E26}
2017-02-23 22:23 - 2017-01-12 21:15 - 00000000 ____D C:\ProgramData\{8112E788-36B9-5023-2ED1-193265FBF774}
2017-02-23 22:23 - 2017-01-12 15:15 - 00000000 ____D C:\ProgramData\{F3798AA6-44D2-3D0D-A5D6-CC8383CC0AA2}
2017-02-23 22:23 - 2017-01-12 15:15 - 00000000 ____D C:\ProgramData\{73748CEB-C4DF-3B40-B80D-F9366C640936}
2017-02-23 22:23 - 2017-01-12 00:31 - 00000000 ____D C:\ProgramData\{6E27ED0A-D98C-5AA1-2D09-90F1F5426858}
2017-02-23 22:23 - 2017-01-12 00:31 - 00000000 ____D C:\ProgramData\{0B44BB64-BCEF-0CCF-6E16-B749B213F58C}
2017-02-23 22:23 - 2017-01-11 18:34 - 00000000 ____D C:\ProgramData\{9A23EFB3-2D88-5818-8276-AF90BE73A703}
2017-02-23 22:23 - 2017-01-11 18:34 - 00000000 ____D C:\ProgramData\{1CE0E518-AB4B-52B3-E5F0-696CCF5F9A12}
2017-02-23 22:23 - 2016-12-19 21:16 - 00000000 ____D C:\ProgramData\{D39CE552-6437-52F9-8BC9-503009E7D460}
2017-02-23 22:23 - 2016-12-19 21:16 - 00000000 ____D C:\ProgramData\{BE9AADE6-0931-1A4D-7D2D-EF72429C7335}
2017-02-23 22:23 - 2016-12-16 21:15 - 00000000 ____D C:\ProgramData\{F4308321-439B-348A-0421-44F51780EA44}
2017-02-23 22:23 - 2016-12-16 21:15 - 00000000 ____D C:\ProgramData\{2EE23CD3-9949-8B78-29C7-4F164AD8696F}
2017-02-23 22:23 - 2016-12-16 15:16 - 00000000 ____D C:\ProgramData\{68898190-DF22-363B-1A43-A7CDDD64F2B5}
2017-02-23 22:23 - 2016-12-16 15:16 - 00000000 ____D C:\ProgramData\{21073AB8-96AC-8D13-2B6D-F859A727393A}
2017-02-23 22:23 - 2016-11-25 21:47 - 00000000 ____D C:\ProgramData\{7CD8CDFF-CB73-7A54-AA73-FD871A3F9F64}
File: C:\Users\Deny\AppData\Roaming\waveguides.jkw
C:\Users\Deny\AppData\Roaming\waveguides.jkw
Task: {16E47E20-E889-4F6D-A916-55FDDE5A685E} - System32\Tasks\{5F64B540-E8CF-02EB-AA6E-7ED3F1921630} => C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe [2017-02-23] () <==== ATTENTION
Task: {5AB52C29-70B5-4E7C-B7B6-D6A9C89D959D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-07-22] (@ByELDI)
Task: {C675B220-9ED8-4D05-B7FF-8BA6697C54BE} - System32\Tasks\{B876BB85-347E-7683-5516-41A8F150DF0C} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\49f008a6\144ef826.dll" <==== ATTENTION
Task: {FB42EB40-208B-47A0-8F01-3AB9B96DA332} - System32\Tasks\{72623A87-5C81-41CF-ACAC-2FA41C3D60C7} => pcalua.exe -a "F:\INSTALAČKY\ZONER 6\start.exe" -d "F:\INSTALAČKY\ZONER 6"
FirewallRules: [TCP Query User{B72F07F7-CDB9-4BA5-B438-9BED3C40607E}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{0CA285A9-7039-4013-870D-9E04267AEBCA}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
C:\windows\kmsemulator.exe
CMD: dir "C:\Windows\Inf" /AD
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************
Error: (0) Failed to create a restore point.
Processes closed successfully.
========================= File: C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe ========================
File not signed
MD5: EC1642FF64EAB362E10503BBD94DCB55
Creation and modification date: 2017-02-23 22:23 - 2017-02-23 22:23
Size: 1433088
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
====== End of File: ======
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26d9bdf7-b9a1-4f1c-8c37-c253c61b71f8}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5c94752b-eb68-4add-9da5-229a793977dd}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Service KMSELDI => key removed successfully
Service KMSELDI => service removed successfully
C:\Program Files\KMSpico => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\wpcsvc => key removed successfully
wpcsvc => service removed successfully
C:\rsit => moved successfully
C:\Users\Deny\Downloads\RSITx64.exe => moved successfully
C:\Program Files\trend micro => moved successfully
========================= Folder: C:\ProgramData\{831058B4-34BB-EF1F-2726-988ACD209E7C} ========================
====== End of Folder: ======
C:\ProgramData\{831058B4-34BB-EF1F-2726-988ACD209E7C} => moved successfully
C:\ProgramData\{4B7EAE1C-FCD5-19B7-23E9-E4EEBA89DF32} => moved successfully
C:\ProgramData\{84AB8978-3300-3ED3-D3FB-4F4BE5692127} => moved successfully
C:\ProgramData\{0315E282-B4BE-5529-2A8C-D5688788669F} => moved successfully
C:\ProgramData\{C2ECFBD0-7547-4C7B-2A92-C23F6FC78A82} => moved successfully
C:\ProgramData\{BB14ED77-0CBF-5ADC-5A8E-5591D24556D5} => moved successfully
C:\ProgramData\{E9BF0A00-5E14-BDAB-94EA-E5CCEC2E64D6} => moved successfully
C:\ProgramData\{250B6240-92A0-D5EB-AEEC-ECCBF8FBA005} => moved successfully
C:\ProgramData\{F7B1BF6C-401A-08C7-57AC-857BE4325722} => moved successfully
C:\ProgramData\{B8A13C6B-0F0A-8BC0-3E15-3E4D0D52AFE1} => moved successfully
C:\ProgramData\{9D75CF3A-2ADE-7891-FDDE-2287BF82B413} => moved successfully
C:\ProgramData\{8744C162-30EF-76C9-9DE1-6E2C6697D8DE} => moved successfully
C:\ProgramData\{DEF84855-6953-FFFE-3634-6C58A8C6CFD9} => moved successfully
C:\ProgramData\{10E5A13C-A74E-1697-6C3A-DDDEE5DA4705} => moved successfully
C:\ProgramData\{4E1CFB3B-F9B7-4C90-A294-C14870EA21CE} => moved successfully
C:\ProgramData\{19161B94-AEBD-AC3F-2E1F-6D857933C94D} => moved successfully
C:\ProgramData\{31656199-86CE-D632-8A72-FB56DE195B88} => moved successfully
C:\ProgramData\{035FC58D-B4F4-7226-8CC9-3EB18BC9BEA1} => moved successfully
C:\ProgramData\{FDD00CB7-4A7B-BB1C-CF95-6489D79B1E26} => moved successfully
C:\ProgramData\{8112E788-36B9-5023-2ED1-193265FBF774} => moved successfully
C:\ProgramData\{F3798AA6-44D2-3D0D-A5D6-CC8383CC0AA2} => moved successfully
C:\ProgramData\{73748CEB-C4DF-3B40-B80D-F9366C640936} => moved successfully
C:\ProgramData\{6E27ED0A-D98C-5AA1-2D09-90F1F5426858} => moved successfully
C:\ProgramData\{0B44BB64-BCEF-0CCF-6E16-B749B213F58C} => moved successfully
C:\ProgramData\{9A23EFB3-2D88-5818-8276-AF90BE73A703} => moved successfully
C:\ProgramData\{1CE0E518-AB4B-52B3-E5F0-696CCF5F9A12} => moved successfully
C:\ProgramData\{D39CE552-6437-52F9-8BC9-503009E7D460} => moved successfully
C:\ProgramData\{BE9AADE6-0931-1A4D-7D2D-EF72429C7335} => moved successfully
C:\ProgramData\{F4308321-439B-348A-0421-44F51780EA44} => moved successfully
C:\ProgramData\{2EE23CD3-9949-8B78-29C7-4F164AD8696F} => moved successfully
C:\ProgramData\{68898190-DF22-363B-1A43-A7CDDD64F2B5} => moved successfully
C:\ProgramData\{21073AB8-96AC-8D13-2B6D-F859A727393A} => moved successfully
C:\ProgramData\{7CD8CDFF-CB73-7A54-AA73-FD871A3F9F64} => moved successfully
========================= File: C:\Users\Deny\AppData\Roaming\waveguides.jkw ========================
File not signed
MD5: 2577E8677677D866E540FC683433DA2D
Creation and modification date: 2016-10-04 18:54 - 2016-10-04 18:54
Size: 0000354
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
====== End of File: ======
C:\Users\Deny\AppData\Roaming\waveguides.jkw => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16E47E20-E889-4F6D-A916-55FDDE5A685E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16E47E20-E889-4F6D-A916-55FDDE5A685E} => key removed successfully
C:\WINDOWS\System32\Tasks\{5F64B540-E8CF-02EB-AA6E-7ED3F1921630} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F64B540-E8CF-02EB-AA6E-7ED3F1921630} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AB52C29-70B5-4E7C-B7B6-D6A9C89D959D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AB52C29-70B5-4E7C-B7B6-D6A9C89D959D} => key removed successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C675B220-9ED8-4D05-B7FF-8BA6697C54BE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C675B220-9ED8-4D05-B7FF-8BA6697C54BE} => key removed successfully
C:\WINDOWS\System32\Tasks\{B876BB85-347E-7683-5516-41A8F150DF0C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B876BB85-347E-7683-5516-41A8F150DF0C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB42EB40-208B-47A0-8F01-3AB9B96DA332} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB42EB40-208B-47A0-8F01-3AB9B96DA332} => key removed successfully
C:\WINDOWS\System32\Tasks\{72623A87-5C81-41CF-ACAC-2FA41C3D60C7} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{72623A87-5C81-41CF-ACAC-2FA41C3D60C7} => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B72F07F7-CDB9-4BA5-B438-9BED3C40607E}C:\windows\kmsemulator.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0CA285A9-7039-4013-870D-9E04267AEBCA}C:\windows\kmsemulator.exe => value removed successfully
C:\windows\kmsemulator.exe => moved successfully
========= dir "C:\Windows\Inf" /AD =========
Volume in drive C has no label.
Volume Serial Number is 189D-02D3
Directory of C:\Windows\Inf
21.03.2017 23:08 <DIR> .
21.03.2017 23:08 <DIR> ..
15.11.2015 20:34 <DIR> .NET CLR Data
15.11.2015 20:34 <DIR> .NET CLR Networking
15.11.2015 20:34 <DIR> .NET CLR Networking 4.0.0.0
15.11.2015 20:34 <DIR> .NET Data Provider for Oracle
15.11.2015 20:34 <DIR> .NET Data Provider for SqlServer
15.11.2015 20:34 <DIR> .NETFramework
15.11.2015 20:34 <DIR> BITS
30.10.2015 10:02 <DIR> en-US
15.11.2015 20:34 <DIR> ESENT
15.11.2015 19:48 <DIR> IEM
15.11.2015 20:34 <DIR> MSDTC
15.11.2015 20:34 <DIR> MSDTC Bridge 3.0.0.0
15.11.2015 20:34 <DIR> MSDTC Bridge 4.0.0.0
15.11.2015 20:34 <DIR> PERFLIB
15.11.2015 20:34 <DIR> PNRPSvc
15.11.2015 20:34 <DIR> rdyboost
15.11.2015 20:34 <DIR> RemoteAccess
15.11.2015 20:34 <DIR> ServiceModelEndpoint 3.0.0.0
15.11.2015 20:34 <DIR> ServiceModelOperation 3.0.0.0
15.11.2015 20:34 <DIR> ServiceModelService 3.0.0.0
15.11.2015 20:34 <DIR> SMSvcHost 3.0.0.0
15.11.2015 20:34 <DIR> SMSvcHost 4.0.0.0
15.11.2015 20:34 <DIR> TAPISRV
15.11.2015 20:34 <DIR> TermService
15.11.2015 20:34 <DIR> UGatherer
15.11.2015 20:34 <DIR> UGTHRSVC
15.11.2015 20:34 <DIR> usbhub
15.11.2015 20:34 <DIR> Windows Workflow Foundation 3.0.0.0
15.11.2015 20:34 <DIR> Windows Workflow Foundation 4.0.0.0
16.03.2017 15:48 <DIR> WmiApRpl
15.11.2015 20:34 <DIR> wsearchidxpi
0 File(s) 0 bytes
33 Dir(s) 287˙911˙936 bytes free
========= End of CMD: =========
========= dir "C:\PROGRA~1" =========
Volume in drive C has no label.
Volume Serial Number is 189D-02D3
Directory of C:\PROGRA~1
22.03.2017 14:39 <DIR> .
22.03.2017 14:39 <DIR> ..
07.10.2016 21:05 <DIR> CCleaner
20.07.2016 18:11 <DIR> CMAK
02.09.2016 09:38 <DIR> Common Files
15.11.2015 20:37 <DIR> DAEMON Tools Lite
15.11.2015 19:48 <DIR> DVD Maker
02.09.2016 09:37 <DIR> Intel
02.09.2016 09:37 <DIR> Intel Security
15.12.2016 19:21 <DIR> Internet Explorer
15.11.2015 20:47 <DIR> Microsoft Office
16.11.2015 04:40 <DIR> MSBuild
16.11.2015 04:40 <DIR> Reference Assemblies
21.03.2017 16:58 <DIR> TrueKey
10.11.2016 04:08 <DIR> Windows Defender
10.11.2016 04:08 <DIR> Windows Mail
10.11.2016 04:08 <DIR> Windows Media Player
12.03.2016 11:46 <DIR> Windows Multimedia Platform
30.10.2015 08:24 <DIR> Windows NT
10.11.2016 04:08 <DIR> Windows Photo Viewer
12.03.2016 11:46 <DIR> Windows Portable Devices
17.11.2015 13:20 <DIR> WinRAR
0 File(s) 0 bytes
22 Dir(s) 287˙911˙936 bytes free
========= End of CMD: =========
========= dir "C:\PROGRA~2" =========
Volume in drive C has no label.
Volume Serial Number is 189D-02D3
Directory of C:\PROGRA~2
21.03.2017 17:10 <DIR> .
21.03.2017 17:10 <DIR> ..
17.11.2015 13:43 <DIR> Adobe
15.11.2015 21:01 <DIR> Bonjour
20.07.2016 18:11 <DIR> CMAK
26.02.2017 17:28 <DIR> Common Files
15.11.2015 20:37 <DIR> Disc Soft
05.05.2016 08:30 <DIR> Google
15.12.2016 19:21 <DIR> Internet Explorer
16.11.2015 20:15 <DIR> IrfanView
07.10.2016 20:54 <DIR> KMSPico 10.0.6
21.03.2017 16:58 <DIR> McAfee
15.11.2015 20:47 <DIR> Microsoft Analysis Services
15.11.2015 20:50 <DIR> Microsoft Office
15.11.2015 20:50 <DIR> Microsoft SQL Server Compact Edition
15.11.2015 20:50 <DIR> Microsoft Synchronization Services
15.11.2015 20:50 <DIR> Microsoft.NET
21.03.2017 16:58 <DIR> Mozilla Firefox
21.03.2017 16:58 <DIR> Mozilla Maintenance Service
16.11.2015 04:40 <DIR> MSBuild
21.07.2016 14:20 <DIR> NetPeeker
16.11.2015 04:40 <DIR> Reference Assemblies
26.02.2017 17:28 <DIR> Software602
13.06.2016 13:35 <DIR> Taskbar Hide
16.11.2015 20:35 <DIR> VideoLAN
10.11.2016 04:08 <DIR> Windows Defender
10.11.2016 04:08 <DIR> Windows Mail
13.10.2016 15:13 <DIR> Windows Media Player
12.03.2016 11:46 <DIR> Windows Multimedia Platform
30.10.2015 08:24 <DIR> Windows NT
10.11.2016 04:08 <DIR> Windows Photo Viewer
12.03.2016 11:46 <DIR> Windows Portable Devices
23.01.2016 22:19 <DIR> Zoner
0 File(s) 0 bytes
33 Dir(s) 287˙907˙840 bytes free
========= End of CMD: =========
========= dir "C:\PROGRA~3" =========
Volume in drive C has no label.
Volume Serial Number is 189D-02D3
Directory of C:\PROGRA~3
17.11.2015 14:32 <DIR> Adobe
30.10.2015 08:24 <DIR> Comms
15.11.2015 20:35 <DIR> DAEMON Tools Lite
15.11.2015 21:07 <DIR> FLEXnet
03.02.2017 12:56 <DIR> Locktime
06.09.2016 09:26 <DIR> McAfee
20.03.2017 22:56 <DIR> Microsoft Help
15.11.2015 20:08 <DIR> Microsoft OneDrive
02.09.2016 09:37 <DIR> Package Cache
30.10.2015 10:07 <DIR> regid.1991-06.com.microsoft
09.02.2016 14:18 <DIR> SoftwareDistribution
16.11.2015 19:56 <DIR> TP-LINK
02.09.2016 09:38 <DIR> TrueKey
15.11.2015 19:54 <DIR> USOPrivate
15.11.2015 19:54 <DIR> USOShared
02.11.2016 11:01 <DIR> {386BC09F-8FC0-7734-A19C-BB81533A0AD3}
23.02.2017 22:23 <DIR> {EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}
0 File(s) 0 bytes
17 Dir(s) 287˙907˙840 bytes free
========= End of CMD: =========
========= dir "%localappdata%" =========
Volume in drive C has no label.
Volume Serial Number is 189D-02D3
Directory of C:\Users\Deny\AppData\Local
22.03.2017 06:43 <DIR> .
22.03.2017 06:43 <DIR> ..
15.11.2015 20:08 <DIR> ActiveSync
02.09.2016 10:13 <DIR> Adobe
07.06.2016 04:35 <DIR> Apps
06.02.2016 19:42 <DIR> CEF
15.11.2015 20:29 <DIR> Comms
20.07.2016 13:27 <DIR> Diagnostics
15.11.2015 20:37 <DIR> Disc_Soft_Ltd
04.11.2016 08:23 <DIR> Google
02.09.2016 12:47 <DIR> Macromedia
07.06.2016 05:00 <DIR> Microsoft
06.06.2016 15:26 <DIR> Microsoft Help
15.11.2015 20:15 <DIR> MicrosoftEdge
17.11.2015 13:38 <DIR> Mozilla
03.02.2017 12:52 <DIR> Packages
16.11.2015 20:26 <DIR> PeerDistRepub
07.10.2016 20:52 <DIR> Programs
15.11.2015 20:07 <DIR> Publishers
15.02.2017 13:59 <DIR> Steam
22.03.2017 14:39 <DIR> Temp
15.11.2015 20:06 <DIR> TileDataLayer
12.11.2016 10:11 <DIR> tkdata
12.06.2016 20:56 <DIR> VirtualStore
0 File(s) 0 bytes
24 Dir(s) 287˙907˙840 bytes free
========= End of CMD: =========
========= dir "%appdata%" =========
Volume in drive C has no label.
Volume Serial Number is 189D-02D3
Directory of C:\Users\Deny\AppData\Roaming
22.03.2017 14:39 <DIR> .
22.03.2017 14:39 <DIR> ..
17.06.2016 07:54 1˙459 26.svg
26.02.2017 17:29 <DIR> 602Installer
26.02.2017 17:29 <DIR> 602XML
14.08.2016 22:36 <DIR> Adobe
17.06.2016 07:54 3˙634 Adobe-GB1-1
04.10.2016 18:54 59˙632 bifurcations.jfh
07.10.2016 21:08 <DIR> DAEMON Tools Lite
17.06.2016 07:53 333 descript.ion
17.06.2016 07:53 2˙472 dfrg.png
13.06.2016 13:35 <DIR> Eusing
28.10.2016 07:43 38˙446 Hodnoty oddŘlen‚ ź rkami (Windows).ADR
17.11.2015 15:57 <DIR> Identities
07.10.2016 20:44 59˙986 Introvert.R
16.11.2015 20:15 <DIR> IrfanView
03.02.2017 12:56 <DIR> Locktime
03.02.2017 12:56 <DIR> Locktime Software
23.12.2015 13:07 <DIR> Macromedia
12.04.2011 09:28 <DIR> Media Center Programs
15.11.2015 16:25 <DIR> Mozilla
26.08.2016 15:34 <DIR> Skype
26.02.2017 17:30 <DIR> Software602
07.06.2016 04:33 <DIR> uTorrent
12.03.2017 21:02 <DIR> vlc
20.11.2015 12:43 <DIR> WinRAR
07.03.2016 13:03 <DIR> Zoner
7 File(s) 165˙962 bytes
20 Dir(s) 287˙903˙744 bytes free
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 62560 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23639359 B
Java, Flash, Steam htmlcache => 16835010 B
Windows/system/drivers => 42670225 B
Edge => 195 B
Chrome => 325632 B
Firefox => 200436696 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 2118 B
Deny => 11647090 B
RecycleBin => 0 B
EmptyTemp: => 281.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:39:52 ====
Ran by Deny (22-03-2017 14:39:05) Run:1
Running from C:\Users\Deny\Desktop
Loaded Profiles: Deny (Available Profiles: Deny)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe
Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{26d9bdf7-b9a1-4f1c-8c37-c253c61b71f8}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{5c94752b-eb68-4add-9da5-229a793977dd}: [DhcpNameServer] 82.163.143.157
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [985280 2015-07-22] (@ByELDI) [File not signed]
C:\Program Files\KMSpico
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
2017-03-05 13:48 - 2017-03-05 13:49 - 00000000 ____D C:\rsit
2017-03-05 13:48 - 2017-03-05 13:48 - 01324032 _____ C:\Users\Deny\Downloads\RSITx64.exe
2017-03-05 13:48 - 2017-03-05 13:48 - 00000000 ____D C:\Program Files\trend micro
Folder: C:\ProgramData\{831058B4-34BB-EF1F-2726-988ACD209E7C}
2017-02-23 22:23 - 2017-01-23 15:15 - 00000000 ____D C:\ProgramData\{831058B4-34BB-EF1F-2726-988ACD209E7C}
2017-02-23 22:23 - 2017-01-23 15:15 - 00000000 ____D C:\ProgramData\{4B7EAE1C-FCD5-19B7-23E9-E4EEBA89DF32}
2017-02-23 22:23 - 2017-01-23 09:59 - 00000000 ____D C:\ProgramData\{84AB8978-3300-3ED3-D3FB-4F4BE5692127}
2017-02-23 22:23 - 2017-01-23 09:59 - 00000000 ____D C:\ProgramData\{0315E282-B4BE-5529-2A8C-D5688788669F}
2017-02-23 22:23 - 2017-01-19 15:33 - 00000000 ____D C:\ProgramData\{C2ECFBD0-7547-4C7B-2A92-C23F6FC78A82}
2017-02-23 22:23 - 2017-01-19 15:33 - 00000000 ____D C:\ProgramData\{BB14ED77-0CBF-5ADC-5A8E-5591D24556D5}
2017-02-23 22:23 - 2017-01-18 09:15 - 00000000 ____D C:\ProgramData\{E9BF0A00-5E14-BDAB-94EA-E5CCEC2E64D6}
2017-02-23 22:23 - 2017-01-18 09:15 - 00000000 ____D C:\ProgramData\{250B6240-92A0-D5EB-AEEC-ECCBF8FBA005}
2017-02-23 22:23 - 2017-01-17 15:15 - 00000000 ____D C:\ProgramData\{F7B1BF6C-401A-08C7-57AC-857BE4325722}
2017-02-23 22:23 - 2017-01-17 15:15 - 00000000 ____D C:\ProgramData\{B8A13C6B-0F0A-8BC0-3E15-3E4D0D52AFE1}
2017-02-23 22:23 - 2017-01-16 17:33 - 00000000 ____D C:\ProgramData\{9D75CF3A-2ADE-7891-FDDE-2287BF82B413}
2017-02-23 22:23 - 2017-01-16 17:33 - 00000000 ____D C:\ProgramData\{8744C162-30EF-76C9-9DE1-6E2C6697D8DE}
2017-02-23 22:23 - 2017-01-14 21:15 - 00000000 ____D C:\ProgramData\{DEF84855-6953-FFFE-3634-6C58A8C6CFD9}
2017-02-23 22:23 - 2017-01-14 21:15 - 00000000 ____D C:\ProgramData\{10E5A13C-A74E-1697-6C3A-DDDEE5DA4705}
2017-02-23 22:23 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\{4E1CFB3B-F9B7-4C90-A294-C14870EA21CE}
2017-02-23 22:23 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\{19161B94-AEBD-AC3F-2E1F-6D857933C94D}
2017-02-23 22:23 - 2017-01-13 15:15 - 00000000 ____D C:\ProgramData\{31656199-86CE-D632-8A72-FB56DE195B88}
2017-02-23 22:23 - 2017-01-13 15:15 - 00000000 ____D C:\ProgramData\{035FC58D-B4F4-7226-8CC9-3EB18BC9BEA1}
2017-02-23 22:23 - 2017-01-12 21:15 - 00000000 ____D C:\ProgramData\{FDD00CB7-4A7B-BB1C-CF95-6489D79B1E26}
2017-02-23 22:23 - 2017-01-12 21:15 - 00000000 ____D C:\ProgramData\{8112E788-36B9-5023-2ED1-193265FBF774}
2017-02-23 22:23 - 2017-01-12 15:15 - 00000000 ____D C:\ProgramData\{F3798AA6-44D2-3D0D-A5D6-CC8383CC0AA2}
2017-02-23 22:23 - 2017-01-12 15:15 - 00000000 ____D C:\ProgramData\{73748CEB-C4DF-3B40-B80D-F9366C640936}
2017-02-23 22:23 - 2017-01-12 00:31 - 00000000 ____D C:\ProgramData\{6E27ED0A-D98C-5AA1-2D09-90F1F5426858}
2017-02-23 22:23 - 2017-01-12 00:31 - 00000000 ____D C:\ProgramData\{0B44BB64-BCEF-0CCF-6E16-B749B213F58C}
2017-02-23 22:23 - 2017-01-11 18:34 - 00000000 ____D C:\ProgramData\{9A23EFB3-2D88-5818-8276-AF90BE73A703}
2017-02-23 22:23 - 2017-01-11 18:34 - 00000000 ____D C:\ProgramData\{1CE0E518-AB4B-52B3-E5F0-696CCF5F9A12}
2017-02-23 22:23 - 2016-12-19 21:16 - 00000000 ____D C:\ProgramData\{D39CE552-6437-52F9-8BC9-503009E7D460}
2017-02-23 22:23 - 2016-12-19 21:16 - 00000000 ____D C:\ProgramData\{BE9AADE6-0931-1A4D-7D2D-EF72429C7335}
2017-02-23 22:23 - 2016-12-16 21:15 - 00000000 ____D C:\ProgramData\{F4308321-439B-348A-0421-44F51780EA44}
2017-02-23 22:23 - 2016-12-16 21:15 - 00000000 ____D C:\ProgramData\{2EE23CD3-9949-8B78-29C7-4F164AD8696F}
2017-02-23 22:23 - 2016-12-16 15:16 - 00000000 ____D C:\ProgramData\{68898190-DF22-363B-1A43-A7CDDD64F2B5}
2017-02-23 22:23 - 2016-12-16 15:16 - 00000000 ____D C:\ProgramData\{21073AB8-96AC-8D13-2B6D-F859A727393A}
2017-02-23 22:23 - 2016-11-25 21:47 - 00000000 ____D C:\ProgramData\{7CD8CDFF-CB73-7A54-AA73-FD871A3F9F64}
File: C:\Users\Deny\AppData\Roaming\waveguides.jkw
C:\Users\Deny\AppData\Roaming\waveguides.jkw
Task: {16E47E20-E889-4F6D-A916-55FDDE5A685E} - System32\Tasks\{5F64B540-E8CF-02EB-AA6E-7ED3F1921630} => C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe [2017-02-23] () <==== ATTENTION
Task: {5AB52C29-70B5-4E7C-B7B6-D6A9C89D959D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-07-22] (@ByELDI)
Task: {C675B220-9ED8-4D05-B7FF-8BA6697C54BE} - System32\Tasks\{B876BB85-347E-7683-5516-41A8F150DF0C} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\49f008a6\144ef826.dll" <==== ATTENTION
Task: {FB42EB40-208B-47A0-8F01-3AB9B96DA332} - System32\Tasks\{72623A87-5C81-41CF-ACAC-2FA41C3D60C7} => pcalua.exe -a "F:\INSTALAČKY\ZONER 6\start.exe" -d "F:\INSTALAČKY\ZONER 6"
FirewallRules: [TCP Query User{B72F07F7-CDB9-4BA5-B438-9BED3C40607E}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{0CA285A9-7039-4013-870D-9E04267AEBCA}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
C:\windows\kmsemulator.exe
CMD: dir "C:\Windows\Inf" /AD
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************
Error: (0) Failed to create a restore point.
Processes closed successfully.
========================= File: C:\ProgramData\{EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}\DDAB9267-6A00-25CC-529C-35E964D9B3C9.exe ========================
File not signed
MD5: EC1642FF64EAB362E10503BBD94DCB55
Creation and modification date: 2017-02-23 22:23 - 2017-02-23 22:23
Size: 1433088
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
====== End of File: ======
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26d9bdf7-b9a1-4f1c-8c37-c253c61b71f8}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5c94752b-eb68-4add-9da5-229a793977dd}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Service KMSELDI => key removed successfully
Service KMSELDI => service removed successfully
C:\Program Files\KMSpico => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\wpcsvc => key removed successfully
wpcsvc => service removed successfully
C:\rsit => moved successfully
C:\Users\Deny\Downloads\RSITx64.exe => moved successfully
C:\Program Files\trend micro => moved successfully
========================= Folder: C:\ProgramData\{831058B4-34BB-EF1F-2726-988ACD209E7C} ========================
====== End of Folder: ======
C:\ProgramData\{831058B4-34BB-EF1F-2726-988ACD209E7C} => moved successfully
C:\ProgramData\{4B7EAE1C-FCD5-19B7-23E9-E4EEBA89DF32} => moved successfully
C:\ProgramData\{84AB8978-3300-3ED3-D3FB-4F4BE5692127} => moved successfully
C:\ProgramData\{0315E282-B4BE-5529-2A8C-D5688788669F} => moved successfully
C:\ProgramData\{C2ECFBD0-7547-4C7B-2A92-C23F6FC78A82} => moved successfully
C:\ProgramData\{BB14ED77-0CBF-5ADC-5A8E-5591D24556D5} => moved successfully
C:\ProgramData\{E9BF0A00-5E14-BDAB-94EA-E5CCEC2E64D6} => moved successfully
C:\ProgramData\{250B6240-92A0-D5EB-AEEC-ECCBF8FBA005} => moved successfully
C:\ProgramData\{F7B1BF6C-401A-08C7-57AC-857BE4325722} => moved successfully
C:\ProgramData\{B8A13C6B-0F0A-8BC0-3E15-3E4D0D52AFE1} => moved successfully
C:\ProgramData\{9D75CF3A-2ADE-7891-FDDE-2287BF82B413} => moved successfully
C:\ProgramData\{8744C162-30EF-76C9-9DE1-6E2C6697D8DE} => moved successfully
C:\ProgramData\{DEF84855-6953-FFFE-3634-6C58A8C6CFD9} => moved successfully
C:\ProgramData\{10E5A13C-A74E-1697-6C3A-DDDEE5DA4705} => moved successfully
C:\ProgramData\{4E1CFB3B-F9B7-4C90-A294-C14870EA21CE} => moved successfully
C:\ProgramData\{19161B94-AEBD-AC3F-2E1F-6D857933C94D} => moved successfully
C:\ProgramData\{31656199-86CE-D632-8A72-FB56DE195B88} => moved successfully
C:\ProgramData\{035FC58D-B4F4-7226-8CC9-3EB18BC9BEA1} => moved successfully
C:\ProgramData\{FDD00CB7-4A7B-BB1C-CF95-6489D79B1E26} => moved successfully
C:\ProgramData\{8112E788-36B9-5023-2ED1-193265FBF774} => moved successfully
C:\ProgramData\{F3798AA6-44D2-3D0D-A5D6-CC8383CC0AA2} => moved successfully
C:\ProgramData\{73748CEB-C4DF-3B40-B80D-F9366C640936} => moved successfully
C:\ProgramData\{6E27ED0A-D98C-5AA1-2D09-90F1F5426858} => moved successfully
C:\ProgramData\{0B44BB64-BCEF-0CCF-6E16-B749B213F58C} => moved successfully
C:\ProgramData\{9A23EFB3-2D88-5818-8276-AF90BE73A703} => moved successfully
C:\ProgramData\{1CE0E518-AB4B-52B3-E5F0-696CCF5F9A12} => moved successfully
C:\ProgramData\{D39CE552-6437-52F9-8BC9-503009E7D460} => moved successfully
C:\ProgramData\{BE9AADE6-0931-1A4D-7D2D-EF72429C7335} => moved successfully
C:\ProgramData\{F4308321-439B-348A-0421-44F51780EA44} => moved successfully
C:\ProgramData\{2EE23CD3-9949-8B78-29C7-4F164AD8696F} => moved successfully
C:\ProgramData\{68898190-DF22-363B-1A43-A7CDDD64F2B5} => moved successfully
C:\ProgramData\{21073AB8-96AC-8D13-2B6D-F859A727393A} => moved successfully
C:\ProgramData\{7CD8CDFF-CB73-7A54-AA73-FD871A3F9F64} => moved successfully
========================= File: C:\Users\Deny\AppData\Roaming\waveguides.jkw ========================
File not signed
MD5: 2577E8677677D866E540FC683433DA2D
Creation and modification date: 2016-10-04 18:54 - 2016-10-04 18:54
Size: 0000354
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
====== End of File: ======
C:\Users\Deny\AppData\Roaming\waveguides.jkw => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16E47E20-E889-4F6D-A916-55FDDE5A685E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16E47E20-E889-4F6D-A916-55FDDE5A685E} => key removed successfully
C:\WINDOWS\System32\Tasks\{5F64B540-E8CF-02EB-AA6E-7ED3F1921630} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F64B540-E8CF-02EB-AA6E-7ED3F1921630} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AB52C29-70B5-4E7C-B7B6-D6A9C89D959D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AB52C29-70B5-4E7C-B7B6-D6A9C89D959D} => key removed successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C675B220-9ED8-4D05-B7FF-8BA6697C54BE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C675B220-9ED8-4D05-B7FF-8BA6697C54BE} => key removed successfully
C:\WINDOWS\System32\Tasks\{B876BB85-347E-7683-5516-41A8F150DF0C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B876BB85-347E-7683-5516-41A8F150DF0C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB42EB40-208B-47A0-8F01-3AB9B96DA332} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB42EB40-208B-47A0-8F01-3AB9B96DA332} => key removed successfully
C:\WINDOWS\System32\Tasks\{72623A87-5C81-41CF-ACAC-2FA41C3D60C7} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{72623A87-5C81-41CF-ACAC-2FA41C3D60C7} => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B72F07F7-CDB9-4BA5-B438-9BED3C40607E}C:\windows\kmsemulator.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0CA285A9-7039-4013-870D-9E04267AEBCA}C:\windows\kmsemulator.exe => value removed successfully
C:\windows\kmsemulator.exe => moved successfully
========= dir "C:\Windows\Inf" /AD =========
Volume in drive C has no label.
Volume Serial Number is 189D-02D3
Directory of C:\Windows\Inf
21.03.2017 23:08 <DIR> .
21.03.2017 23:08 <DIR> ..
15.11.2015 20:34 <DIR> .NET CLR Data
15.11.2015 20:34 <DIR> .NET CLR Networking
15.11.2015 20:34 <DIR> .NET CLR Networking 4.0.0.0
15.11.2015 20:34 <DIR> .NET Data Provider for Oracle
15.11.2015 20:34 <DIR> .NET Data Provider for SqlServer
15.11.2015 20:34 <DIR> .NETFramework
15.11.2015 20:34 <DIR> BITS
30.10.2015 10:02 <DIR> en-US
15.11.2015 20:34 <DIR> ESENT
15.11.2015 19:48 <DIR> IEM
15.11.2015 20:34 <DIR> MSDTC
15.11.2015 20:34 <DIR> MSDTC Bridge 3.0.0.0
15.11.2015 20:34 <DIR> MSDTC Bridge 4.0.0.0
15.11.2015 20:34 <DIR> PERFLIB
15.11.2015 20:34 <DIR> PNRPSvc
15.11.2015 20:34 <DIR> rdyboost
15.11.2015 20:34 <DIR> RemoteAccess
15.11.2015 20:34 <DIR> ServiceModelEndpoint 3.0.0.0
15.11.2015 20:34 <DIR> ServiceModelOperation 3.0.0.0
15.11.2015 20:34 <DIR> ServiceModelService 3.0.0.0
15.11.2015 20:34 <DIR> SMSvcHost 3.0.0.0
15.11.2015 20:34 <DIR> SMSvcHost 4.0.0.0
15.11.2015 20:34 <DIR> TAPISRV
15.11.2015 20:34 <DIR> TermService
15.11.2015 20:34 <DIR> UGatherer
15.11.2015 20:34 <DIR> UGTHRSVC
15.11.2015 20:34 <DIR> usbhub
15.11.2015 20:34 <DIR> Windows Workflow Foundation 3.0.0.0
15.11.2015 20:34 <DIR> Windows Workflow Foundation 4.0.0.0
16.03.2017 15:48 <DIR> WmiApRpl
15.11.2015 20:34 <DIR> wsearchidxpi
0 File(s) 0 bytes
33 Dir(s) 287˙911˙936 bytes free
========= End of CMD: =========
========= dir "C:\PROGRA~1" =========
Volume in drive C has no label.
Volume Serial Number is 189D-02D3
Directory of C:\PROGRA~1
22.03.2017 14:39 <DIR> .
22.03.2017 14:39 <DIR> ..
07.10.2016 21:05 <DIR> CCleaner
20.07.2016 18:11 <DIR> CMAK
02.09.2016 09:38 <DIR> Common Files
15.11.2015 20:37 <DIR> DAEMON Tools Lite
15.11.2015 19:48 <DIR> DVD Maker
02.09.2016 09:37 <DIR> Intel
02.09.2016 09:37 <DIR> Intel Security
15.12.2016 19:21 <DIR> Internet Explorer
15.11.2015 20:47 <DIR> Microsoft Office
16.11.2015 04:40 <DIR> MSBuild
16.11.2015 04:40 <DIR> Reference Assemblies
21.03.2017 16:58 <DIR> TrueKey
10.11.2016 04:08 <DIR> Windows Defender
10.11.2016 04:08 <DIR> Windows Mail
10.11.2016 04:08 <DIR> Windows Media Player
12.03.2016 11:46 <DIR> Windows Multimedia Platform
30.10.2015 08:24 <DIR> Windows NT
10.11.2016 04:08 <DIR> Windows Photo Viewer
12.03.2016 11:46 <DIR> Windows Portable Devices
17.11.2015 13:20 <DIR> WinRAR
0 File(s) 0 bytes
22 Dir(s) 287˙911˙936 bytes free
========= End of CMD: =========
========= dir "C:\PROGRA~2" =========
Volume in drive C has no label.
Volume Serial Number is 189D-02D3
Directory of C:\PROGRA~2
21.03.2017 17:10 <DIR> .
21.03.2017 17:10 <DIR> ..
17.11.2015 13:43 <DIR> Adobe
15.11.2015 21:01 <DIR> Bonjour
20.07.2016 18:11 <DIR> CMAK
26.02.2017 17:28 <DIR> Common Files
15.11.2015 20:37 <DIR> Disc Soft
05.05.2016 08:30 <DIR> Google
15.12.2016 19:21 <DIR> Internet Explorer
16.11.2015 20:15 <DIR> IrfanView
07.10.2016 20:54 <DIR> KMSPico 10.0.6
21.03.2017 16:58 <DIR> McAfee
15.11.2015 20:47 <DIR> Microsoft Analysis Services
15.11.2015 20:50 <DIR> Microsoft Office
15.11.2015 20:50 <DIR> Microsoft SQL Server Compact Edition
15.11.2015 20:50 <DIR> Microsoft Synchronization Services
15.11.2015 20:50 <DIR> Microsoft.NET
21.03.2017 16:58 <DIR> Mozilla Firefox
21.03.2017 16:58 <DIR> Mozilla Maintenance Service
16.11.2015 04:40 <DIR> MSBuild
21.07.2016 14:20 <DIR> NetPeeker
16.11.2015 04:40 <DIR> Reference Assemblies
26.02.2017 17:28 <DIR> Software602
13.06.2016 13:35 <DIR> Taskbar Hide
16.11.2015 20:35 <DIR> VideoLAN
10.11.2016 04:08 <DIR> Windows Defender
10.11.2016 04:08 <DIR> Windows Mail
13.10.2016 15:13 <DIR> Windows Media Player
12.03.2016 11:46 <DIR> Windows Multimedia Platform
30.10.2015 08:24 <DIR> Windows NT
10.11.2016 04:08 <DIR> Windows Photo Viewer
12.03.2016 11:46 <DIR> Windows Portable Devices
23.01.2016 22:19 <DIR> Zoner
0 File(s) 0 bytes
33 Dir(s) 287˙907˙840 bytes free
========= End of CMD: =========
========= dir "C:\PROGRA~3" =========
Volume in drive C has no label.
Volume Serial Number is 189D-02D3
Directory of C:\PROGRA~3
17.11.2015 14:32 <DIR> Adobe
30.10.2015 08:24 <DIR> Comms
15.11.2015 20:35 <DIR> DAEMON Tools Lite
15.11.2015 21:07 <DIR> FLEXnet
03.02.2017 12:56 <DIR> Locktime
06.09.2016 09:26 <DIR> McAfee
20.03.2017 22:56 <DIR> Microsoft Help
15.11.2015 20:08 <DIR> Microsoft OneDrive
02.09.2016 09:37 <DIR> Package Cache
30.10.2015 10:07 <DIR> regid.1991-06.com.microsoft
09.02.2016 14:18 <DIR> SoftwareDistribution
16.11.2015 19:56 <DIR> TP-LINK
02.09.2016 09:38 <DIR> TrueKey
15.11.2015 19:54 <DIR> USOPrivate
15.11.2015 19:54 <DIR> USOShared
02.11.2016 11:01 <DIR> {386BC09F-8FC0-7734-A19C-BB81533A0AD3}
23.02.2017 22:23 <DIR> {EC3E38F0-5B95-8F5B-81E6-9EF30D00BC7F}
0 File(s) 0 bytes
17 Dir(s) 287˙907˙840 bytes free
========= End of CMD: =========
========= dir "%localappdata%" =========
Volume in drive C has no label.
Volume Serial Number is 189D-02D3
Directory of C:\Users\Deny\AppData\Local
22.03.2017 06:43 <DIR> .
22.03.2017 06:43 <DIR> ..
15.11.2015 20:08 <DIR> ActiveSync
02.09.2016 10:13 <DIR> Adobe
07.06.2016 04:35 <DIR> Apps
06.02.2016 19:42 <DIR> CEF
15.11.2015 20:29 <DIR> Comms
20.07.2016 13:27 <DIR> Diagnostics
15.11.2015 20:37 <DIR> Disc_Soft_Ltd
04.11.2016 08:23 <DIR> Google
02.09.2016 12:47 <DIR> Macromedia
07.06.2016 05:00 <DIR> Microsoft
06.06.2016 15:26 <DIR> Microsoft Help
15.11.2015 20:15 <DIR> MicrosoftEdge
17.11.2015 13:38 <DIR> Mozilla
03.02.2017 12:52 <DIR> Packages
16.11.2015 20:26 <DIR> PeerDistRepub
07.10.2016 20:52 <DIR> Programs
15.11.2015 20:07 <DIR> Publishers
15.02.2017 13:59 <DIR> Steam
22.03.2017 14:39 <DIR> Temp
15.11.2015 20:06 <DIR> TileDataLayer
12.11.2016 10:11 <DIR> tkdata
12.06.2016 20:56 <DIR> VirtualStore
0 File(s) 0 bytes
24 Dir(s) 287˙907˙840 bytes free
========= End of CMD: =========
========= dir "%appdata%" =========
Volume in drive C has no label.
Volume Serial Number is 189D-02D3
Directory of C:\Users\Deny\AppData\Roaming
22.03.2017 14:39 <DIR> .
22.03.2017 14:39 <DIR> ..
17.06.2016 07:54 1˙459 26.svg
26.02.2017 17:29 <DIR> 602Installer
26.02.2017 17:29 <DIR> 602XML
14.08.2016 22:36 <DIR> Adobe
17.06.2016 07:54 3˙634 Adobe-GB1-1
04.10.2016 18:54 59˙632 bifurcations.jfh
07.10.2016 21:08 <DIR> DAEMON Tools Lite
17.06.2016 07:53 333 descript.ion
17.06.2016 07:53 2˙472 dfrg.png
13.06.2016 13:35 <DIR> Eusing
28.10.2016 07:43 38˙446 Hodnoty oddŘlen‚ ź rkami (Windows).ADR
17.11.2015 15:57 <DIR> Identities
07.10.2016 20:44 59˙986 Introvert.R
16.11.2015 20:15 <DIR> IrfanView
03.02.2017 12:56 <DIR> Locktime
03.02.2017 12:56 <DIR> Locktime Software
23.12.2015 13:07 <DIR> Macromedia
12.04.2011 09:28 <DIR> Media Center Programs
15.11.2015 16:25 <DIR> Mozilla
26.08.2016 15:34 <DIR> Skype
26.02.2017 17:30 <DIR> Software602
07.06.2016 04:33 <DIR> uTorrent
12.03.2017 21:02 <DIR> vlc
20.11.2015 12:43 <DIR> WinRAR
07.03.2016 13:03 <DIR> Zoner
7 File(s) 165˙962 bytes
20 Dir(s) 287˙903˙744 bytes free
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 62560 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23639359 B
Java, Flash, Steam htmlcache => 16835010 B
Windows/system/drivers => 42670225 B
Edge => 195 B
Chrome => 325632 B
Firefox => 200436696 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 2118 B
Deny => 11647090 B
RecycleBin => 0 B
EmptyTemp: => 281.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:39:52 ====
Re: Zanesený prohlížeč
Vyborne, vyzkousejte prosim, jak se PC chova a reportnete aktualni problemy.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?