Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kontrola logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Kontrola logu

#16 Příspěvek od altrok »

:arrow: Odinstalujte starou a zranitelnou verzi Javy. Pokud Javu potrebujete, pak nainstalujte novou z java.com/verify - pozor na adware pri instalaci. Pote se presvedcte, ze starsi verze jsou odinstalovane. Z hlediska bezpecnosti (zranitelnosti a exploity) je lepsi ji nemit. Aktualni je 8U111. Verze Javy, ktere v PC mate nainstalovane:

  • Java 8 Update 73





  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\MountPoints2: {992deea3-8259-11e6-be91-089e01400cec} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\MountPoints2: {eff2e197-8fbc-11e6-be92-089e01400cec} - "F:\setup.exe"
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001 -> {BD63004A-89AC-488F-8A5A-D4311713A735} URL = 
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
CHR HomePage: ChromeDefaultData -> hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.mylucky123.com/?type=hp&ts=1477464192&z=782b28626a935eac2a0984dgez2m6m0zeq3zdg0tdm&from=interhop1024&uid=ST1000LM024XHN-M101MBB_S2TXJ9DC903821"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.mylucky123.com/search/?type= ... C903821&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> mylucky123
R2 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [337920 2016-10-26] () [File not signed]
R2 ed2kidle; C:\Program Files (x86)\amuleC\ed2k.exe [237568 2016-10-08] (hxxp://www.amule.org/) [File not signed]
R2 IlS; C:\ProgramData\Tencent\QQ\qmdr\dr.dll [347648 2016-10-24] () [File not signed]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil Participações Ltda)
R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [218624 2016-10-26] () [File not signed]
U1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
2016-10-26 18:30 - 2016-10-26 18:30 - 00000000 ____D C:\Program Files (x86)\1l3zfqyg
2016-10-26 08:43 - 2016-10-27 08:58 - 00000000 ____D C:\Program Files (x86)\InterHop
2016-10-26 08:42 - 2016-10-26 08:42 - 00000000 ____D C:\ProgramData\WinSAPSvc
2016-10-26 08:42 - 2016-10-26 08:42 - 00000000 ____D C:\Program Files (x86)\WinArcher
2016-10-26 08:42 - 2016-10-26 08:42 - 00000000 ____D C:\Program Files (x86)\f09er35s
2016-10-25 16:58 - 2016-10-27 08:58 - 00000000 ____D C:\Program Files (x86)\interhpx_00000000
2016-10-25 16:57 - 2016-10-25 16:57 - 00000000 ____D C:\Program Files (x86)\hgx48ohn
2016-10-25 16:57 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2016-10-25 14:31 - 2016-10-25 14:31 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\Elex-tech
2016-10-25 14:31 - 2016-10-25 14:31 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2016-10-25 14:31 - 2016-10-25 14:31 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-10-25 14:30 - 2016-10-26 18:30 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-10-25 14:30 - 2016-10-25 14:30 - 00000000 ____D C:\ProgramData\Tencent
2016-10-24 21:11 - 2016-10-26 08:43 - 00000000 ____D C:\Program Files (x86)\UvConverter
2016-10-24 21:11 - 2016-10-24 21:11 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2016-10-24 21:11 - 2016-10-24 21:11 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\aMule
2016-10-24 21:11 - 2016-10-24 21:11 - 00000000 ____D C:\Program Files (x86)\amuleC
2016-10-20 19:06 - 2016-10-20 19:06 - 00000000 ____D C:\rsit
2016-10-20 19:02 - 2016-10-20 19:02 - 01222144 _____ C:\Users\Helenka\Desktop\RSITx64.exe
2016-10-19 16:30 - 2016-10-19 16:30 - 00000000 ____D C:\Program Files (x86)\v3vwqk85
2016-10-16 13:57 - 2016-10-17 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-10-16 13:56 - 2016-10-16 13:56 - 00000000 ____D C:\ProgramData\Avira
2016-10-16 13:56 - 2016-10-16 13:56 - 00000000 ____D C:\ProgramData\Avg
2016-10-16 13:56 - 2016-10-16 13:56 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-16 13:55 - 2016-10-26 18:30 - 00000000 ____D C:\Program Files (x86)\Cheruward
2016-10-16 13:55 - 2016-10-16 13:56 - 00000000 ____D C:\Users\Helenka\AppData\Local\Wwckvufly
2016-10-15 18:42 - 2016-10-17 19:12 - 00000000 ____D C:\Users\Helenka\AppData\Local\IIIQF
2016-10-20 19:06 - 2016-03-31 18:34 - 00000000 ____D C:\Program Files\trend micro
2016-10-16 13:56 - 2016-06-01 17:15 - 00000000 ____D C:\Program Files (x86)\trend micro
File: C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
Task: {40499484-FF93-45CB-B862-5815045CEC5B} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
File: C:\Users\Helenka\AppData\Roaming\Adobe\Manager.exe
Task: {C0CFA0F6-F901-43D6-AFEA-6482E52ED533} - \ChelfNotify Task -> No File <==== ATTENTION
File: C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
Task: {FCCA4BD8-6DF2-4A19-BF1C-ECC3995DDD77} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
C:\Program Files (x86)\Dll-Files.com Fixer
FirewallRules: [{75F86BC5-1358-4FAA-9918-D98060BAEF7E}] => (Allow) C:\WINDOWS\explorer.exe
FirewallRules: [{6A16A5A0-A3DA-4043-8F7C-068C45394AF6}] => (Allow) C:\WINDOWS\system32\rundll32.exe
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Nela_M
Návštěvník
Návštěvník
Příspěvky: 130
Registrován: 05 úno 2009 18:31

Re: Kontrola logu

#17 Příspěvek od Nela_M »

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Helenka (27-10-2016 13:01:13) Run:1
Running from C:\Users\Helenka\Desktop
Loaded Profiles: Helenka (Available Profiles: Helenka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\MountPoints2: {992deea3-8259-11e6-be91-089e01400cec} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\MountPoints2: {eff2e197-8fbc-11e6-be92-089e01400cec} - "F:\setup.exe"
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001 -> {BD63004A-89AC-488F-8A5A-D4311713A735} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
CHR HomePage: ChromeDefaultData -> hxxp://www.mylucky123.com/?type=hp&ts=1 ... J9DC903821
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.mylucky123.com/?type=hp&ts=14774641 ... J9DC903821"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.mylucky123.com/search/?type= ... C903821&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> mylucky123
R2 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [337920 2016-10-26] () [File not signed]
R2 ed2kidle; C:\Program Files (x86)\amuleC\ed2k.exe [237568 2016-10-08] (hxxp://www.amule.org/) [File not signed]
R2 IlS; C:\ProgramData\Tencent\QQ\qmdr\dr.dll [347648 2016-10-24] () [File not signed]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil Participaçoes Ltda)
R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [218624 2016-10-26] () [File not signed]
U1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participaçoes Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participaçoes Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participaçoes Ltda)
R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participaçoes Ltda)
2016-10-26 18:30 - 2016-10-26 18:30 - 00000000 ____D C:\Program Files (x86)\1l3zfqyg
2016-10-26 08:43 - 2016-10-27 08:58 - 00000000 ____D C:\Program Files (x86)\InterHop
2016-10-26 08:42 - 2016-10-26 08:42 - 00000000 ____D C:\ProgramData\WinSAPSvc
2016-10-26 08:42 - 2016-10-26 08:42 - 00000000 ____D C:\Program Files (x86)\WinArcher
2016-10-26 08:42 - 2016-10-26 08:42 - 00000000 ____D C:\Program Files (x86)\f09er35s
2016-10-25 16:58 - 2016-10-27 08:58 - 00000000 ____D C:\Program Files (x86)\interhpx_00000000
2016-10-25 16:57 - 2016-10-25 16:57 - 00000000 ____D C:\Program Files (x86)\hgx48ohn
2016-10-25 16:57 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participaçoes Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2016-10-25 14:31 - 2016-10-25 14:31 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\Elex-tech
2016-10-25 14:31 - 2016-10-25 14:31 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2016-10-25 14:31 - 2016-10-25 14:31 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-10-25 14:30 - 2016-10-26 18:30 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-10-25 14:30 - 2016-10-25 14:30 - 00000000 ____D C:\ProgramData\Tencent
2016-10-24 21:11 - 2016-10-26 08:43 - 00000000 ____D C:\Program Files (x86)\UvConverter
2016-10-24 21:11 - 2016-10-24 21:11 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2016-10-24 21:11 - 2016-10-24 21:11 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\aMule
2016-10-24 21:11 - 2016-10-24 21:11 - 00000000 ____D C:\Program Files (x86)\amuleC
2016-10-20 19:06 - 2016-10-20 19:06 - 00000000 ____D C:\rsit
2016-10-20 19:02 - 2016-10-20 19:02 - 01222144 _____ C:\Users\Helenka\Desktop\RSITx64.exe
2016-10-19 16:30 - 2016-10-19 16:30 - 00000000 ____D C:\Program Files (x86)\v3vwqk85
2016-10-16 13:57 - 2016-10-17 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC???
2016-10-16 13:56 - 2016-10-16 13:56 - 00000000 ____D C:\ProgramData\Avira
2016-10-16 13:56 - 2016-10-16 13:56 - 00000000 ____D C:\ProgramData\Avg
2016-10-16 13:56 - 2016-10-16 13:56 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-16 13:55 - 2016-10-26 18:30 - 00000000 ____D C:\Program Files (x86)\Cheruward
2016-10-16 13:55 - 2016-10-16 13:56 - 00000000 ____D C:\Users\Helenka\AppData\Local\Wwckvufly
2016-10-15 18:42 - 2016-10-17 19:12 - 00000000 ____D C:\Users\Helenka\AppData\Local\IIIQF
2016-10-20 19:06 - 2016-03-31 18:34 - 00000000 ____D C:\Program Files\trend micro
2016-10-16 13:56 - 2016-06-01 17:15 - 00000000 ____D C:\Program Files (x86)\trend micro
File: C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
Task: {40499484-FF93-45CB-B862-5815045CEC5B} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
File: C:\Users\Helenka\AppData\Roaming\Adobe\Manager.exe
Task: {C0CFA0F6-F901-43D6-AFEA-6482E52ED533} - \ChelfNotify Task -> No File <==== ATTENTION
File: C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
Task: {FCCA4BD8-6DF2-4A19-BF1C-ECC3995DDD77} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
C:\Program Files (x86)\Dll-Files.com Fixer
FirewallRules: [{75F86BC5-1358-4FAA-9918-D98060BAEF7E}] => (Allow) C:\WINDOWS\explorer.exe
FirewallRules: [{6A16A5A0-A3DA-4043-8F7C-068C45394AF6}] => (Allow) C:\WINDOWS\system32\rundll32.exe
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value removed successfully
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully
"HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{992deea3-8259-11e6-be91-089e01400cec}" => key removed successfully
HKCR\CLSID\{992deea3-8259-11e6-be91-089e01400cec} => key not found.
"HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eff2e197-8fbc-11e6-be92-089e01400cec}" => key removed successfully
HKCR\CLSID\{eff2e197-8fbc-11e6-be92-089e01400cec} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor" => key removed successfully
HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
"HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BD63004A-89AC-488F-8A5A-D4311713A735}" => key removed successfully
HKCR\CLSID\{BD63004A-89AC-488F-8A5A-D4311713A735} => key not found.
"HKCR\PROTOCOLS\Filter\application/x-mfe-ipt" => key removed successfully
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Archer => service removed successfully
ed2kidle => service removed successfully
IlS => service removed successfully
iSafeService => service not found.
WinSAPSvc => service removed successfully
iSafeKrnl => service not found.
iSafeKrnlKit => service not found.
iSafeKrnlR3 => service not found.
iSafeNetFilter => service not found.
C:\Program Files (x86)\1l3zfqyg => moved successfully
"C:\Program Files (x86)\InterHop" => not found.
C:\ProgramData\WinSAPSvc => moved successfully
C:\Program Files (x86)\WinArcher => moved successfully
C:\Program Files (x86)\f09er35s => moved successfully
C:\Program Files (x86)\interhpx_00000000 => moved successfully
C:\Program Files (x86)\hgx48ohn => moved successfully
"C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys" => not found.
C:\Users\Helenka\AppData\Roaming\Elex-tech => moved successfully
C:\Program Files (x86)\Elex-tech => moved successfully
C:\Users\Public\Documents\report.dat => moved successfully
C:\Users\Public\Documents\temp.dat => moved successfully
C:\ProgramData\Tencent => moved successfully
C:\Program Files (x86)\UvConverter => moved successfully
C:\Users\Helenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC => moved successfully
C:\Users\Helenka\AppData\Roaming\aMule => moved successfully
C:\Program Files (x86)\amuleC => moved successfully
C:\rsit => moved successfully
C:\Users\Helenka\Desktop\RSITx64.exe => moved successfully
C:\Program Files (x86)\v3vwqk85 => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC???" => not found.
C:\ProgramData\Avira => moved successfully
C:\ProgramData\Avg => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Program Files (x86)\Cheruward => moved successfully
C:\Users\Helenka\AppData\Local\Wwckvufly => moved successfully
C:\Users\Helenka\AppData\Local\IIIQF => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Program Files (x86)\trend micro => moved successfully

========================= File: C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ========================

File is digitally signed
MD5: 804E2D61CDF360A4492C86D6132135CC
Creation and modification date: 2012-08-23 00:04 - 2012-08-23 00:04
Size: 0044176
Attributes: ----A
Company Name:
Internal Name: iuBrowserIEAgent.exe
Original Name: iuBrowserIEAgent.exe
Product: iuBrowserIEAgent
Description: iuBrowserIEAgent
File Version: 1.00.3013
Product Version: 1.00.3013
Copyright: © All rights reserved

====== End of File: ======

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40499484-FF93-45CB-B862-5815045CEC5B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40499484-FF93-45CB-B862-5815045CEC5B}" => key removed successfully
C:\WINDOWS\System32\Tasks\DLL-Files.Com Fixer_MONTHLY => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DLL-Files.Com Fixer_MONTHLY" => key removed successfully

========================= File: C:\Users\Helenka\AppData\Roaming\Adobe\Manager.exe ========================

"C:\Users\Helenka\AppData\Roaming\Adobe\Manager.exe" => not found.
====== End of File: ======

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0CFA0F6-F901-43D6-AFEA-6482E52ED533}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0CFA0F6-F901-43D6-AFEA-6482E52ED533} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChelfNotify Task => key not found.

========================= File: C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ========================

File is digitally signed
MD5: 1C1DF0FA3ED8892C42DF7C8962E328BA
Creation and modification date: 2012-08-23 00:04 - 2012-08-23 00:04
Size: 0025232
Attributes: ----A
Company Name:
Internal Name: iuEmailOutlookAgent.exe
Original Name: iuEmailOutlookAgent.exe
Product: iuEmailOutlookAgent
Description: iuEmailOutlookAgent
File Version: 1.00.3013
Product Version: 1.00.3013
Copyright: © All rights reserved

====== End of File: ======

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCCA4BD8-6DF2-4A19-BF1C-ECC3995DDD77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCCA4BD8-6DF2-4A19-BF1C-ECC3995DDD77}" => key removed successfully
C:\WINDOWS\System32\Tasks\DLL-Files.Com Fixer_Updates => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DLL-Files.Com Fixer_Updates" => key removed successfully
C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job => moved successfully
C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job => moved successfully
"C:\Program Files (x86)\Dll-Files.com Fixer" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75F86BC5-1358-4FAA-9918-D98060BAEF7E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A16A5A0-A3DA-4043-8F7C-068C45394AF6} => value removed successfully

========= dir "C:\PROGRA~1" =========

Volume in drive C is Acer
Volume Serial Number is C05A-2DDB

Directory of C:\PROGRA~1

27. 10. 2016 13:01 <DIR> .
27. 10. 2016 13:01 <DIR> ..
19. 03. 2016 18:22 <DIR> 7-Zip
18. 03. 2016 18:53 <DIR> Acer
23. 03. 2016 00:02 <DIR> AMD
18. 03. 2016 18:07 <DIR> AMD Quick Stream
18. 03. 2016 18:05 <DIR> ATI
19. 03. 2016 13:36 <DIR> Bonjour
29. 03. 2016 20:55 <DIR> CCleaner
05. 09. 2016 08:20 <DIR> Common Files
01. 06. 2016 21:38 <DIR> CONEXANT
01. 06. 2016 21:38 <DIR> Dolby Digital Plus
12. 03. 2013 19:01 <DIR> EgisTec IPS
23. 03. 2016 00:02 <DIR> Elantech
15. 10. 2016 18:47 <DIR> Internet Explorer
19. 03. 2016 13:39 <DIR> iPod
19. 03. 2016 13:40 <DIR> iTunes
24. 03. 2016 10:37 <DIR> Microsoft Office
22. 03. 2016 22:41 <DIR> MSBuild
22. 03. 2016 22:41 <DIR> Reference Assemblies
22. 03. 2016 19:56 <DIR> STORMWARE
22. 03. 2016 23:07 <DIR> Windows Defender
21. 11. 2014 14:15 <DIR> Windows Mail
23. 03. 2016 00:17 <DIR> Windows Media Player
21. 11. 2014 14:15 <DIR> Windows Multimedia Platform
23. 03. 2016 00:40 <DIR> Windows NT
21. 11. 2014 14:15 <DIR> Windows Photo Viewer
21. 11. 2014 14:15 <DIR> Windows Portable Devices
21. 11. 2014 14:14 <DIR> WindowsPowerShell
15. 04. 2016 14:39 <DIR> WinRAR
0 File(s) 0 bytes
30 Dir(s) 934˙398˙701˙568 bytes free

========= End of CMD: =========


========= dir "C:\PROGRA~2" =========

Volume in drive C is Acer
Volume Serial Number is C05A-2DDB

Directory of C:\PROGRA~2

27. 10. 2016 13:01 <DIR> .
27. 10. 2016 13:01 <DIR> ..
16. 10. 2016 13:56 <DIR> Acer
16. 10. 2016 13:56 <DIR> Adobe
16. 10. 2016 13:56 <DIR> AMD APP
16. 10. 2016 13:56 <DIR> AMD AVT
16. 10. 2016 13:56 <DIR> AmIcoSingLun
16. 10. 2016 13:56 <DIR> Apple Software Update
16. 10. 2016 13:56 <DIR> ATI Technologies
16. 10. 2016 13:56 <DIR> Bonjour
16. 10. 2016 13:56 <DIR> Common Files
16. 10. 2016 13:56 <DIR> CyberLink
16. 10. 2016 13:56 <DIR> DAEMON Tools Pro
16. 10. 2016 13:56 <DIR> EgisTec IPS
16. 10. 2016 13:56 <DIR> EgisTec MyWinLocker
16. 10. 2016 13:56 <DIR> EgisTec MyWinLockerSuite
16. 10. 2016 13:56 <DIR> EgisTec Shredder
16. 10. 2016 13:56 <DIR> Google
16. 10. 2016 13:56 <DIR> Internet Explorer
18. 10. 2016 19:16 <DIR> IObit
16. 10. 2016 13:56 <DIR> iTunes
16. 10. 2016 13:56 <DIR> Launch Manager
26. 10. 2016 18:46 <DIR> Malwarebytes Anti-Malware
16. 10. 2016 13:56 <DIR> Microsoft Office
16. 10. 2016 13:56 <DIR> Microsoft Visual Studio
16. 10. 2016 13:56 <DIR> Microsoft Works
16. 10. 2016 13:56 <DIR> Microsoft.NET
16. 10. 2016 13:56 <DIR> MKVTOAVI
16. 10. 2016 13:56 <DIR> MSBuild
16. 10. 2016 13:56 <DIR> Nero
16. 10. 2016 13:56 <DIR> Norton Online Backup ARA
16. 10. 2016 13:56 <DIR> NortonInstaller
18. 10. 2016 19:16 <DIR> NTI
18. 10. 2016 19:15 <DIR> Prison Architect
16. 10. 2016 13:56 <DIR> Qualcomm Atheros
16. 10. 2016 13:56 <DIR> Reference Assemblies
16. 10. 2016 13:56 <DIR> Samsung
16. 10. 2016 13:56 <DIR> SamsungPrinterLiveUpdate
18. 10. 2016 19:16 <DIR> SamsungPrinterLiveUpdateInstaller
16. 10. 2016 13:56 <DIR> Skillbrains
16. 10. 2016 13:56 <DIR> SourceTec
25. 10. 2016 14:30 <DIR> Stanper
16. 10. 2016 13:56 <DIR> STORMWARE
16. 10. 2016 13:56 <DIR> Symantec
16. 10. 2016 13:56 <DIR> WildGames
16. 10. 2016 13:56 <DIR> WildTangent Games
22. 03. 2016 23:07 <DIR> Windows Defender
16. 10. 2016 13:56 <DIR> Windows Mail
16. 10. 2016 13:56 <DIR> Windows Media Player
16. 10. 2016 13:56 <DIR> Windows Multimedia Platform
16. 10. 2016 13:56 <DIR> Windows NT
16. 10. 2016 13:56 <DIR> Windows Photo Viewer
16. 10. 2016 13:56 <DIR> Windows Portable Devices
16. 10. 2016 13:56 <DIR> WindowsPowerShell
0 File(s) 0 bytes
54 Dir(s) 934˙398˙701˙568 bytes free

========= End of CMD: =========


========= dir "C:\PROGRA~3" =========

Volume in drive C is Acer
Volume Serial Number is C05A-2DDB

Directory of C:\PROGRA~3

02. 06. 2016 14:42 <DIR> Acer
15. 04. 2016 12:02 <DIR> Adobe
02. 06. 2016 14:42 <DIR> AMD
02. 06. 2016 14:42 <DIR> AmUStor
02. 06. 2016 14:42 <DIR> Apple
02. 06. 2016 14:42 <DIR> Apple Computer
02. 06. 2016 14:42 <DIR> Atheros
02. 06. 2016 14:42 <DIR> BackupManager
02. 06. 2016 14:42 <DIR> boost_interprocess
02. 06. 2016 14:42 <DIR> CLSK
02. 06. 2016 14:42 <DIR> Conexant
02. 06. 2016 14:42 <DIR> CyberLink
15. 10. 2016 17:21 <DIR> DAEMON Tools Pro
02. 06. 2016 14:42 <DIR> E1864A66-75E3-486a-BD95-D1B7D99A84A7
02. 06. 2016 14:42 <DIR> EgisTec
02. 06. 2016 14:42 <DIR> EgisTec IPS
02. 06. 2016 14:42 <DIR> FLEXnet
02. 06. 2016 14:42 <DIR> install_clap
02. 06. 2016 14:42 <DIR> Intel Security
16. 10. 2016 14:52 <DIR> IObit
18. 10. 2016 18:32 <DIR> Logs
29. 03. 2016 21:01 <DIR> Malwarebytes
02. 06. 2016 14:42 <DIR> Microsoft Help
01. 05. 2016 19:06 <DIR> Nero
02. 06. 2016 14:42 <DIR> Norton
02. 06. 2016 14:42 <DIR> NortonInstaller
02. 06. 2016 14:42 <DIR> NTI Launcher
02. 06. 2016 14:42 <DIR> OEM
02. 06. 2016 14:42 <DIR> Oracle
02. 06. 2016 14:42 <DIR> Package Cache
02. 06. 2016 14:42 <DIR> PDF Writer
02. 06. 2016 14:42 <DIR> PopCap Games
02. 06. 2016 14:43 <DIR> PRICache
16. 10. 2016 14:52 <DIR> ProductData
02. 06. 2016 14:43 <DIR> Qualcomm Atheros
02. 06. 2016 14:43 <DIR> regid.1991-06.com.microsoft
05. 09. 2016 08:20 <DIR> Samsung
02. 06. 2016 14:43 <DIR> STORMWARE
02. 06. 2016 14:43 <DIR> Symantec
18. 10. 2016 18:32 <DIR> Temp
16. 10. 2016 15:27 <DIR> VS Revo Group
02. 06. 2016 14:43 <DIR> WildTangent
0 File(s) 0 bytes
42 Dir(s) 934˙398˙697˙472 bytes free

========= End of CMD: =========


========= dir "%localappdata%" =========

Volume in drive C is Acer
Volume Serial Number is C05A-2DDB

Directory of C:\Users\Helenka\AppData\Local

27. 10. 2016 13:01 <DIR> .
27. 10. 2016 13:01 <DIR> ..
15. 04. 2016 12:01 <DIR> Adobe
01. 05. 2016 19:10 <DIR> Ahead
02. 06. 2016 14:51 <DIR> Apple
02. 06. 2016 14:51 <DIR> Apple Computer
02. 06. 2016 14:51 <DIR> Apps
02. 06. 2016 14:51 <DIR> assembly
02. 06. 2016 14:51 <DIR> ATI
02. 06. 2016 14:51 <DIR> BMExplorer
25. 10. 2016 16:25 <DIR> clear.fi
25. 10. 2016 14:40 <DIR> Deployment
27. 10. 2016 09:51 <DIR> Diagnostics
02. 06. 2016 14:51 <DIR> EgisTec IPS
31. 07. 2016 08:39 <DIR> ElevatedDiagnostics
15. 10. 2016 18:35 <DIR> Fallout4
29. 03. 2016 20:53 97˙792 gdipfontcachev1.dat.id_c05a2ddbccba96cf_email_zeta@dr.com.scl
02. 06. 2016 14:51 <DIR> Google
20. 04. 2016 18:49 <DIR> GWX
10. 10. 2016 16:17 <DIR> Introversion
02. 06. 2016 14:51 <DIR> Microsoft
02. 06. 2016 14:51 <DIR> Microsoft Help
02. 06. 2016 14:51 <DIR> Obhics
02. 06. 2016 14:51 <DIR> Packages
02. 06. 2016 14:51 <DIR> PDF Writer
02. 06. 2016 14:51 <DIR> Programs
05. 09. 2016 08:20 <DIR> Samsung
25. 10. 2016 14:31 <DIR> Stanper
27. 10. 2016 13:01 <DIR> Temp
02. 06. 2016 14:51 <DIR> Unqtmedia
04. 05. 2016 17:12 3 updater.log
06. 08. 2016 21:36 424 UserProducts.xml
01. 06. 2016 17:08 <DIR> VirtualStore
3 File(s) 98˙219 bytes
30 Dir(s) 934˙398˙697˙472 bytes free

========= End of CMD: =========


========= dir "%appdata%" =========

Volume in drive C is Acer
Volume Serial Number is C05A-2DDB

Directory of C:\Users\Helenka\AppData\Roaming

27. 10. 2016 13:01 <DIR> .
27. 10. 2016 13:01 <DIR> ..
27. 10. 2016 09:48 <DIR> .minecraft
18. 10. 2016 19:15 <DIR> Adobe
01. 06. 2016 17:18 <DIR> Ahead
02. 06. 2016 14:45 <DIR> Apple Computer
02. 06. 2016 14:45 <DIR> Atheros
02. 06. 2016 14:45 <DIR> ATI
20. 10. 2016 19:06 <DIR> DAEMON Tools Pro
18. 10. 2016 18:32 <DIR> dll-files.com
29. 03. 2016 20:55 50˙304 gtk20.mo.id_c05a2ddbccba96cf_email_zeta@dr.com.scl
02. 06. 2016 14:45 <DIR> Identities
16. 10. 2016 13:56 <DIR> IObit
02. 06. 2016 14:45 <DIR> lm
02. 06. 2016 14:45 <DIR> Macromedia
01. 06. 2016 17:16 <DIR> Mediatronic
15. 05. 2016 12:11 <DIR> MMFApplications
02. 06. 2016 14:45 <DIR> PDF Writer
16. 10. 2016 13:55 <DIR> Profiles
05. 09. 2016 08:20 <DIR> Samsung
27. 03. 2016 22:25 1˙960 SeleniumCisternaFronton
20. 04. 2016 18:56 <DIR> Steam
02. 06. 2016 14:45 <DIR> Sun
07. 10. 2014 06:39 11˙264 System.dll
18. 10. 2016 18:39 <DIR> uTorrent
15. 04. 2016 14:39 <DIR> WinRAR
3 File(s) 63˙528 bytes
23 Dir(s) 934˙398˙693˙376 bytes free

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4358677 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 2504809 B
Edge => 0 B
Chrome => 2364509 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1645 B
systemprofile32 => 1959859 B
LocalService => 0 B
NetworkService => 456716 B
Helenka => 195674240 B

RecycleBin => 23262216 B
EmptyTemp: => 231.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:02:06 ====
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Kontrola logu

#18 Příspěvek od altrok »

:arrow: Opakujte prosim krok s AdwCleanerem - http://forum.viry.cz/viewtopic.php?p=1463157#p1463157
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Nela_M
Návštěvník
Návštěvník
Příspěvky: 130
Registrován: 05 úno 2009 18:31

Re: Kontrola logu

#19 Příspěvek od Nela_M »

Vše jsem udělala podle návodu, ale jediný log, který jsem ve složce C:AdwCleaner našla je AdwCleaner[C6] z 25.10.2016 :?:

Díky moc za trpělivost :oops:

# AdwCleaner v6.030 - Logfile created 25/10/2016 at 16:54:18
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-23.2 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Helenka - DOMA
# Running from : C:\Users\Helenka\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: iSafeKrnlBoot
[-] Service deleted: iSafeKrnlKit
[-] Service deleted: iSafeKrnlMon
[-] Service deleted: iSafeKrnlR3
[-] Service deleted: iSafeNetFilter
[-] Service deleted: iSafeService
[-] Service deleted: InterHop


***** [ Folders ] *****

[#] Folder deleted on reboot: C:\Users\Helenka\AppData\Roaming\Elex-tech
[#] Folder deleted on reboot: C:\ProgramData\tencent
[#] Folder deleted on reboot: C:\ProgramData\Tencent
[-] Folder deleted: C:\ProgramData\ChelfNotify
[#] Folder deleted on reboot: C:\ProgramData\Application Data\tencent
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Tencent
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ChelfNotify
[#] Folder deleted on reboot: C:\Program Files (x86)\Elex-tech
[-] Folder deleted: C:\Program Files (x86)\InterHop


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] File deleted: C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
[-] File deleted: C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\.DEFAULT\Software\jhdbca
[#] Key deleted on reboot: HKU\S-1-5-18\Software\jhdbca
[-] Key deleted: HKLM\SOFTWARE\Elex-tech
[-] Key deleted: HKLM\SOFTWARE\jhdbca
[-] Key deleted: HKLM\SOFTWARE\InterHop
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0275D4F-FFAB-4A42-9874-B871B1C4CA3D}
[-] Key deleted: [x64] HKLM\SOFTWARE\jhdbca
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\F4D5720ABAFF24A489478B171B4CACD3
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\F4D5720ABAFF24A489478B171B4CACD3
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D5720ABAFF24A489478B171B4CACD3
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D5720ABAFF24A489478B171B4CACD3
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\F4D5720ABAFF24A489478B171B4CACD3
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\F4D5720ABAFF24A489478B171B4CACD3
[#] Data restored on reboot: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[#] Data restored on reboot: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[#] Data restored on reboot: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[#] Data restored on reboot: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[#] Data restored on reboot: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[#] Data restored on reboot: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[#] Data restored on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[#] Data restored on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[#] Data restored on reboot: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[#] Data restored on reboot: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Key deleted: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Data restored on reboot: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Data restored on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Data restored on reboot: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Data restored on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Data restored on reboot: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


***** [ Web browsers ] *****

[-] [C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: trotux
[-] [C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Deleted: hxxp://www.mylucky123.com/?type=hp&ts=14773362 ... J9DC903821
[-] [C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Deleted: hxxp://www.mylucky123.com/searchfavicon.ico
[-] [C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [homepage] Deleted: hxxp://www.mylucky123.com/?type=hp&ts=14773362 ... J9DC903821


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [963 Bytes] - [31/03/2016 19:09:32]
C:\AdwCleaner\AdwCleaner[C2].txt - [1194 Bytes] - [01/06/2016 19:40:14]
C:\AdwCleaner\AdwCleaner[C3].txt - [1995 Bytes] - [15/10/2016 19:18:00]
C:\AdwCleaner\AdwCleaner[C4].txt - [3820 Bytes] - [16/10/2016 14:34:50]
C:\AdwCleaner\AdwCleaner[C5].txt - [2175 Bytes] - [17/10/2016 19:19:09]
C:\AdwCleaner\AdwCleaner[C6].txt - [6773 Bytes] - [25/10/2016 16:54:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [784 Bytes] - [31/03/2016 19:06:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [944 Bytes] - [01/06/2016 17:26:21]
C:\AdwCleaner\AdwCleaner[S3].txt - [1014 Bytes] - [01/06/2016 19:36:28]
C:\AdwCleaner\AdwCleaner[S4].txt - [1983 Bytes] - [15/10/2016 19:17:32]
C:\AdwCleaner\AdwCleaner[S5].txt - [1634 Bytes] - [16/10/2016 13:15:50]
C:\AdwCleaner\AdwCleaner[S6].txt - [3630 Bytes] - [16/10/2016 14:21:43]
C:\AdwCleaner\AdwCleaner[S7].txt - [2160 Bytes] - [17/10/2016 19:18:47]
C:\AdwCleaner\AdwCleaner[S8].txt - [8590 Bytes] - [25/10/2016 16:26:48]
C:\AdwCleaner\AdwCleaner[S9].txt - [8636 Bytes] - [25/10/2016 16:44:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [7501 Bytes] ##########
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Kontrola logu

#20 Příspěvek od altrok »

:arrow: Otestujte na virustotal.com C:\Program Files (x86)\Stanper\Application\chrome.exe - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.




:arrow: Docasne prosim odinstalujte Chrome. Zazalohujte zalozky a hesla napr. pomoci http://www.stahuj.centrum.cz/internet_a ... me-backup/ pak Chrome odinstalujte vcetne profilu. Pote vygenerujte nove logy FRST.txt a Addition.txt, jejichz obsah vlozte do pristi odpovedi.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Nela_M
Návštěvník
Návštěvník
Příspěvky: 130
Registrován: 05 úno 2009 18:31

Re: Kontrola logu

#21 Příspěvek od Nela_M »

Virustotal: https://www.virustotal.com/cs/file/dd3f ... 477636115/
Nahoru
Nela_M
Návštěvník
Návštěvník
Příspěvky: 130
Registrován: 05 úno 2009 18:31

Re: Kontrola logu

#22 Příspěvek od Nela_M »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2016
Ran by Helenka (administrator) on DOMA (28-10-2016 08:35:54)
Running from C:\Users\Helenka\Desktop\ÚDRŽBA
Loaded Profiles: Helenka (Available Profiles: Helenka)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
() C:\Windows\SysWOW64\spdsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2013-01-28] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169744 2015-09-12] (Apple Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2016-10-27]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2016-10-27]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 82.144.128.1 82.144.129.1
Tcpip\..\Interfaces\{6E729190-5055-4A76-BB8B-3DEFC60ADD76}: [DhcpNameServer] 82.144.128.1 82.144.129.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001 -> DefaultScope {4B7AB1A7-9E69-4413-BBB0-50F38FBC11F0} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001 -> {4B7AB1A7-9E69-4413-BBB0-50F38FBC11F0} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001 -> {BD63004A-89AC-488F-8A5A-D4311713A735} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-27] (Oracle Corporation)

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-27] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-15] (Nero AG) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2016-03-18] (Dritek System INC.)
R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxServer64.exe [801472 2015-03-10] (Samsung Electronics Co., Ltd.)
R2 Samsung Printer Dianostics Service; C:\WINDOWS\SysWOW64\\spdsvc.exe [499000 2016-07-17] ()
S3 vmicvss; C:\WINDOWS\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-03-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-03-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [311968 2016-04-07] ()
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283200 2016-10-15] (DT Soft Ltd)
S0 ebdrv; C:\WINDOWS\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-10-16] (REALiX(tm))
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43168 2016-04-07] ()
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2016-03-18] (Dritek System Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2016-03-22] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2016-03-22] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2016-03-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-28 08:31 - 2016-10-28 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parhelia Tools
2016-10-28 08:31 - 2016-10-28 08:31 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\Google Chrome Backup
2016-10-27 18:44 - 2016-10-27 18:44 - 00000000 ____D C:\ProgramData\BlueStacks
2016-10-27 18:43 - 2016-10-27 18:43 - 00002526 ____N C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2016-10-27 18:43 - 2016-10-27 18:43 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\WildTangent
2016-10-27 16:11 - 2016-10-27 16:11 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-10-27 16:11 - 2016-10-27 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-27 16:10 - 2016-10-27 16:10 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-27 16:05 - 2016-10-27 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-27 12:53 - 2016-10-27 12:53 - 00000003 _____ C:\WINDOWS\SysWOW64\hoewmds
2016-10-26 18:46 - 2016-10-26 18:58 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-26 18:46 - 2016-10-26 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-26 18:46 - 2016-10-26 18:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-26 18:46 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-10-26 18:46 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-10-26 18:46 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-10-25 15:46 - 2016-10-28 08:35 - 00000000 ____D C:\FRST
2016-10-25 14:31 - 2016-10-25 16:53 - 00000000 ____D C:\WINDOWS\system32\log
2016-10-25 14:31 - 2016-10-25 14:31 - 00000000 ____D C:\Users\Helenka\AppData\Local\Stanper
2016-10-25 14:30 - 2016-10-25 14:30 - 00000000 ____D C:\Program Files (x86)\Stanper
2016-10-20 19:05 - 2016-10-20 19:05 - 00002786 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-10-18 18:33 - 2016-10-18 18:33 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_7.dll
2016-10-18 18:32 - 2016-10-18 18:32 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\dll-files.com
2016-10-18 17:03 - 2016-10-28 08:36 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2520944081-2684202109-2728405321-1001
2016-10-16 15:27 - 2016-10-16 15:27 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-10-16 13:57 - 2016-10-17 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-10-16 13:57 - 2016-10-16 14:52 - 00000000 ____D C:\Users\Helenka\AppData\LocalLow\IObit
2016-10-16 13:57 - 2016-10-16 14:52 - 00000000 ____D C:\ProgramData\ProductData
2016-10-16 13:56 - 2016-10-18 19:16 - 00000000 ____D C:\Program Files (x86)\IObit
2016-10-16 13:56 - 2016-10-16 14:52 - 00000000 ____D C:\ProgramData\IObit
2016-10-16 13:56 - 2016-10-16 13:56 - 01625824 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\libeay32.dll
2016-10-16 13:56 - 2016-10-16 13:56 - 00608117 _____ C:\WINDOWS\libcurl-4.dll
2016-10-16 13:56 - 2016-10-16 13:56 - 00054784 _____ (MingW-W64 Project. All rights reserved.) C:\WINDOWS\libwinpthread-1.dll
2016-10-16 13:56 - 2016-10-16 13:56 - 00027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2016-10-16 13:56 - 2016-10-16 13:56 - 00000000 ____D C:\WINDOWS\IObit
2016-10-16 13:56 - 2016-10-16 13:56 - 00000000 ____D C:\WINDOWS\Azart
2016-10-16 13:56 - 2016-10-16 13:56 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\IObit
2016-10-15 18:35 - 2016-10-15 18:35 - 00000000 ____D C:\Users\Helenka\Documents\My Games
2016-10-15 18:35 - 2016-10-15 18:35 - 00000000 ____D C:\Users\Helenka\AppData\Local\Fallout4
2016-10-15 17:19 - 2016-10-27 12:52 - 00001946 _____ C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
2016-10-15 17:19 - 2016-10-20 19:06 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\DAEMON Tools Pro
2016-10-15 17:19 - 2016-10-15 17:19 - 00283200 _____ (DT Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2016-10-15 17:19 - 2016-10-15 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
2016-10-15 17:18 - 2016-10-16 13:56 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2016-10-15 17:18 - 2016-10-15 17:21 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2016-10-12 14:21 - 2016-10-01 02:22 - 07444312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-12 14:21 - 2016-09-30 09:55 - 25765376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-12 14:21 - 2016-09-30 08:09 - 06048256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-12 14:21 - 2016-09-30 07:47 - 20306944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-12 14:21 - 2016-09-30 07:21 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-12 14:21 - 2016-09-08 16:00 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-12 14:21 - 2016-09-08 00:07 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-12 14:21 - 2016-08-12 23:47 - 15431168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-12 14:21 - 2016-08-12 22:52 - 13317120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-12 14:21 - 2016-08-12 03:58 - 02315496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-12 14:21 - 2016-08-12 03:58 - 01946176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-12 14:21 - 2016-08-03 17:42 - 01317888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-10-12 14:21 - 2016-07-30 19:12 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-12 14:21 - 2016-07-30 18:36 - 02537472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-12 14:20 - 2016-09-30 08:25 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-12 14:20 - 2016-09-30 08:25 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-12 14:20 - 2016-09-30 08:12 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-10-12 14:20 - 2016-09-30 07:42 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-12 14:20 - 2016-09-30 07:41 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-12 14:20 - 2016-09-30 07:38 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-12 14:20 - 2016-09-30 07:33 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-10-12 14:20 - 2016-09-30 07:33 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-10-12 14:20 - 2016-09-30 07:32 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-12 14:20 - 2016-09-30 07:32 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-10-12 14:20 - 2016-09-30 07:31 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-10-12 14:20 - 2016-09-30 07:17 - 02920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-12 14:20 - 2016-09-30 07:12 - 04608512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-12 14:20 - 2016-09-30 07:11 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-12 14:20 - 2016-09-30 07:06 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-10-12 14:20 - 2016-09-30 07:05 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-10-12 14:20 - 2016-09-30 07:05 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-12 14:20 - 2016-09-30 07:05 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-12 14:20 - 2016-09-30 07:03 - 13653504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-12 14:20 - 2016-09-30 06:54 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-12 14:20 - 2016-09-30 06:46 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-12 14:20 - 2016-09-30 06:43 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-12 14:20 - 2016-09-30 06:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-10-12 14:20 - 2016-09-17 20:16 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-12 14:20 - 2016-09-17 19:53 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-10-12 14:20 - 2016-09-17 19:21 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-12 14:20 - 2016-09-17 19:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-10-12 14:20 - 2016-09-17 19:02 - 01446400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-12 14:20 - 2016-09-14 03:53 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-12 14:20 - 2016-09-14 03:53 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-12 14:20 - 2016-09-14 03:53 - 01490112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-12 14:20 - 2016-09-14 03:53 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-12 14:20 - 2016-09-13 00:03 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-12 14:20 - 2016-09-12 23:01 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-12 14:20 - 2016-09-09 16:17 - 04170752 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-10-12 14:20 - 2016-09-08 22:41 - 00121176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-12 14:20 - 2016-09-08 16:00 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-12 14:20 - 2016-09-07 23:59 - 01754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-12 14:20 - 2016-09-07 23:59 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-12 14:20 - 2016-09-07 23:57 - 01560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-12 14:20 - 2016-09-07 23:56 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-12 14:20 - 2016-08-31 19:22 - 03754496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-12 14:20 - 2016-08-31 18:33 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-12 14:20 - 2016-08-25 22:50 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-10-12 14:20 - 2016-08-25 21:40 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-10-12 14:20 - 2016-08-13 02:05 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-10-12 14:20 - 2016-08-13 02:03 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifibus.sys
2016-10-12 14:20 - 2016-08-13 02:02 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2016-10-12 14:20 - 2016-08-13 02:01 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2016-10-12 14:20 - 2016-08-13 00:35 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2016-10-12 14:20 - 2016-08-13 00:19 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-10-12 14:20 - 2016-08-12 23:17 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2016-10-12 14:20 - 2016-08-11 20:33 - 00096256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys
2016-10-12 14:20 - 2016-08-11 20:33 - 00083456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-10-12 14:20 - 2016-08-11 20:33 - 00023040 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys
2016-10-12 14:20 - 2016-08-11 19:17 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-10-12 14:20 - 2016-08-11 15:39 - 00445765 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-12 14:20 - 2016-08-11 07:46 - 00420184 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-12 14:20 - 2016-08-03 17:36 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-10-12 14:20 - 2016-08-03 17:36 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-10-12 14:20 - 2016-08-03 17:33 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-10-12 14:20 - 2016-07-26 15:40 - 00162850 _____ C:\WINDOWS\SysWOW64\C_932.NLS
2016-10-12 14:20 - 2016-07-26 15:40 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-10-12 14:20 - 2016-07-23 20:18 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-10-12 14:20 - 2016-07-23 20:12 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-10-12 14:18 - 2016-09-13 01:48 - 00085680 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-12 14:18 - 2016-09-09 15:38 - 01629184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-12 14:17 - 2016-08-27 21:44 - 22360288 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-12 14:17 - 2016-08-27 21:44 - 02755504 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-10-12 14:17 - 2016-08-27 21:44 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\RestoreOptIn.exe
2016-10-12 14:17 - 2016-08-27 20:26 - 19789232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-10-12 14:17 - 2016-08-27 20:26 - 02411048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-10-12 14:17 - 2016-08-27 20:26 - 00113656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RestoreOptIn.exe
2016-10-12 14:17 - 2016-08-27 18:33 - 02881536 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-10-12 14:17 - 2016-08-27 18:11 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-10-12 14:17 - 2016-08-27 18:09 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-12 14:17 - 2016-08-27 17:55 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-12 14:17 - 2016-08-21 00:24 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-10-12 14:17 - 2016-08-21 00:12 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-10-10 16:17 - 2016-10-10 16:17 - 00000000 ____D C:\Users\Helenka\Documents\SkidRow
2016-10-10 16:17 - 2016-10-10 16:17 - 00000000 ____D C:\Users\Helenka\AppData\Local\Introversion
2016-10-10 16:15 - 2016-10-18 19:15 - 00000000 ____D C:\Program Files (x86)\Prison Architect

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-28 08:35 - 2016-04-01 14:58 - 00000000 ____D C:\Users\Helenka\Desktop\ÚDRŽBA
2016-10-28 08:34 - 2016-03-19 11:41 - 00000000 ____D C:\Users\Helenka\AppData\Local\Google
2016-10-28 08:34 - 2016-03-19 11:41 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-28 08:29 - 2016-03-23 15:20 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2913751E-8255-4176-B63F-A7232F23BCFB}
2016-10-28 03:22 - 2016-05-25 20:23 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-27 21:26 - 2016-03-19 18:25 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\.minecraft
2016-10-27 18:43 - 2013-03-12 18:30 - 00002636 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
2016-10-27 18:43 - 2013-03-12 18:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-27 18:43 - 2013-03-12 18:30 - 00000000 ____D C:\ProgramData\WildTangent
2016-10-27 18:43 - 2013-03-12 18:30 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-10-27 18:39 - 2016-03-22 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STORMWARE Office
2016-10-27 16:10 - 2016-03-29 20:48 - 00000000 ____D C:\Users\Helenka\Downloads\Minecraft-warez-launcher-1.9
2016-10-27 16:06 - 2016-03-24 23:01 - 00000000 ____D C:\WINDOWS\Minidump
2016-10-27 16:06 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-10-27 13:03 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-27 12:53 - 2016-04-15 12:00 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-10-27 12:53 - 2016-03-29 20:01 - 00002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-10-27 12:53 - 2016-03-23 00:19 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-27 12:53 - 2016-03-19 13:38 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-10-27 12:53 - 2016-03-19 11:42 - 00002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-27 12:53 - 2016-03-18 18:50 - 00001984 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-10-27 12:52 - 2016-09-05 08:05 - 00002291 _____ C:\Users\Public\Desktop\Samsung Printer Diagnostics.lnk
2016-10-27 12:52 - 2016-05-18 10:08 - 00001238 _____ C:\Users\Public\Desktop\Sothink Logo Maker.lnk
2016-10-27 12:52 - 2016-05-01 19:08 - 00002682 _____ C:\Users\Public\Desktop\Nero Home.lnk
2016-10-27 12:52 - 2016-04-15 12:00 - 00002037 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-10-27 12:52 - 2016-04-15 11:32 - 00001995 _____ C:\Users\Public\Desktop\Ekonomický systém POHODA 2015 Profi.lnk
2016-10-27 12:52 - 2016-03-23 15:07 - 00001430 _____ C:\Users\Helenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-27 12:52 - 2016-03-23 00:13 - 00000469 _____ C:\Users\Helenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-10-27 12:52 - 2016-03-23 00:13 - 00000467 _____ C:\Users\Helenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-10-27 12:52 - 2016-03-19 13:41 - 00001751 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-10-27 12:52 - 2016-03-18 18:53 - 00002133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Norton Online Backup.lnk
2016-10-27 12:52 - 2013-03-12 19:03 - 00002115 _____ C:\Users\Public\Desktop\Acer Backup Manager.lnk
2016-10-27 12:50 - 2016-03-23 00:13 - 00000000 ____D C:\Users\Helenka
2016-10-27 09:48 - 2014-11-21 06:53 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-27 09:48 - 2014-11-21 06:10 - 00739924 _____ C:\WINDOWS\system32\perfh005.dat
2016-10-27 09:48 - 2014-11-21 06:10 - 00151610 _____ C:\WINDOWS\system32\perfc005.dat
2016-10-27 09:46 - 2016-04-01 19:39 - 00000000 ____D C:\Users\Helenka\Documents\Bluetooth Folder
2016-10-27 09:46 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-27 08:59 - 2016-03-24 10:35 - 00000000 ____D C:\Users\Helenka\Desktop\HRY
2016-10-27 08:59 - 2016-03-19 14:01 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2016-10-26 18:29 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-10-25 16:54 - 2016-03-31 19:06 - 00000000 ____D C:\AdwCleaner
2016-10-25 16:25 - 2016-03-24 10:36 - 00000000 ____D C:\Users\Helenka\AppData\Local\clear.fi
2016-10-25 14:40 - 2016-03-24 10:41 - 00000000 ____D C:\Users\Helenka\AppData\Local\Deployment
2016-10-20 19:16 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-20 19:15 - 2013-08-22 16:44 - 00412592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-18 19:16 - 2016-09-05 08:18 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2016-10-18 19:16 - 2016-04-20 18:56 - 00000000 ____D C:\Games
2016-10-18 19:16 - 2016-03-23 00:02 - 00000000 ____D C:\AMD
2016-10-18 19:16 - 2016-03-18 18:18 - 00000000 ____D C:\Dolby PCEE4
2016-10-18 19:16 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppCompat
2016-10-18 19:16 - 2013-08-22 17:36 - 00000000 ____D C:\PerfLogs
2016-10-18 19:16 - 2013-03-12 19:03 - 00000000 ____D C:\Program Files (x86)\NTI
2016-10-18 19:15 - 2016-03-18 19:24 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\Adobe
2016-10-18 18:39 - 2016-03-19 14:01 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\uTorrent
2016-10-18 18:32 - 2013-03-12 19:04 - 00000000 ____D C:\ProgramData\Temp
2016-10-16 13:56 - 2016-09-05 08:18 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2016-10-16 13:56 - 2016-09-05 08:05 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-10-16 13:56 - 2016-06-01 16:52 - 00000000 ____D C:\Program Files (x86)\MKVTOAVI
2016-10-16 13:56 - 2016-05-04 17:36 - 00000000 ____D C:\Program Files (x86)\SourceTec
2016-10-16 13:56 - 2016-05-04 17:12 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2016-10-16 13:56 - 2016-05-01 19:06 - 00000000 ____D C:\Program Files (x86)\Nero
2016-10-16 13:56 - 2016-04-15 12:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-16 13:56 - 2016-03-24 10:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-10-16 13:56 - 2016-03-24 10:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2016-10-16 13:56 - 2016-03-23 15:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-10-16 13:56 - 2016-03-22 22:41 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-10-16 13:56 - 2016-03-22 22:41 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-10-16 13:56 - 2016-03-22 19:58 - 00000000 ____D C:\Program Files (x86)\STORMWARE
2016-10-16 13:56 - 2016-03-19 13:39 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-10-16 13:56 - 2016-03-19 13:35 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-10-16 13:56 - 2016-03-18 18:53 - 00000000 ____D C:\Program Files (x86)\Symantec
2016-10-16 13:56 - 2016-03-18 18:53 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-10-16 13:56 - 2016-03-18 18:53 - 00000000 ____D C:\Program Files (x86)\Norton Online Backup ARA
2016-10-16 13:56 - 2016-03-18 18:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-16 13:56 - 2016-03-18 18:23 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2016-10-16 13:56 - 2016-03-18 18:20 - 00000000 ____D C:\Program Files (x86)\AmIcoSingLun
2016-10-16 13:56 - 2016-03-18 18:11 - 00000000 ____D C:\Program Files (x86)\Launch Manager
2016-10-16 13:56 - 2016-03-18 18:07 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2016-10-16 13:56 - 2016-03-18 18:07 - 00000000 ____D C:\Program Files (x86)\AMD APP
2016-10-16 13:56 - 2016-03-18 18:05 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-10-16 13:56 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-10-16 13:56 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-10-16 13:56 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-10-16 13:56 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-10-16 13:56 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-10-16 13:56 - 2013-03-12 19:05 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-10-16 13:56 - 2013-03-12 19:02 - 00000000 ____D C:\Program Files (x86)\EgisTec Shredder
2016-10-16 13:56 - 2013-03-12 19:02 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2016-10-16 13:56 - 2013-03-12 19:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-16 13:56 - 2013-03-12 19:01 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLockerSuite
2016-10-16 13:56 - 2013-03-12 19:01 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLocker
2016-10-16 13:56 - 2013-03-12 18:59 - 00000000 ____D C:\Program Files (x86)\Acer
2016-10-16 13:56 - 2013-03-12 18:32 - 00000000 ____D C:\Program Files (x86)\WildGames
2016-10-16 11:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-10-15 19:06 - 2013-03-12 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-10-15 18:47 - 2016-04-20 18:19 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-15 18:47 - 2014-11-21 14:14 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-10-15 18:46 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-10-13 10:40 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-13 10:38 - 2016-03-19 15:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-13 10:38 - 2014-11-21 07:25 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-13 10:29 - 2016-03-19 15:53 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-11 16:24 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-02 11:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-10-02 11:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\setup
2016-10-01 02:15 - 2014-11-21 14:21 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-01 02:15 - 2014-11-21 14:21 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-03-29 20:55 - 2016-03-29 20:55 - 0050304 _____ () C:\Users\Helenka\AppData\Roaming\gtk20.mo.id_c05a2ddbccba96cf_email_zeta@dr.com.scl
2016-03-27 22:25 - 2016-03-27 22:25 - 0001960 _____ () C:\Users\Helenka\AppData\Roaming\SeleniumCisternaFronton
2014-10-07 06:39 - 2014-10-07 06:39 - 0011264 _____ () C:\Users\Helenka\AppData\Roaming\System.dll
2016-05-04 17:12 - 2016-05-04 17:12 - 0000003 _____ () C:\Users\Helenka\AppData\Local\updater.log
2016-05-04 17:12 - 2016-08-06 21:36 - 0000424 _____ () C:\Users\Helenka\AppData\Local\UserProducts.xml
2016-03-18 18:18 - 2016-03-18 18:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-19 18:34

==================== End of FRST.txt ============================
Nahoru
Nela_M
Návštěvník
Návštěvník
Příspěvky: 130
Registrován: 05 úno 2009 18:31

Re: Kontrola logu

#23 Příspěvek od Nela_M »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Helenka (28-10-2016 08:36:59)
Running from C:\Users\Helenka\Desktop\ÚDRŽBA
Windows 8.1 (Update) (X64) (2016-03-23 13:02:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2520944081-2684202109-2728405321-500 - Administrator - Disabled)
Guest (S-1-5-21-2520944081-2684202109-2728405321-501 - Limited - Disabled)
Helenka (S-1-5-21-2520944081-2684202109-2728405321-1001 - Administrator - Enabled) => C:\Users\Helenka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.13 (x64) (HKLM\...\7-Zip) (Version: 15.13 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Reader XI (11.0.18) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.7.42.61541 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.7.42.61541 - Alcor Micro Corp.) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{1109461B-E8C8-EE08-0219-5711383B03DF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.5 - Atheros Communications Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.4.51 - Conexant)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
ETDWare PS/2-X64 11.6.16.203_WHQL (HKLM\...\Elantech) (Version: 11.6.16.203 - ELAN Microelectronic Corp.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{CEC7613B-E286-4A31-BEE3-3F7798488D9F}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8102 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Nero 7 Ultra Edition (HKLM-x32\...\{4F2CE68F-EDBB-4592-BF07-5AC930A51029}) (Version: 7.02.6446 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3202 - Acer)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Prison Architect (HKLM\...\{203FDA07-E643-4E87-916A-B0CD31415713}_is1) (Version: 2.0 - Introversion Software)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.60 (17. 3. 2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(25. 5. 2015) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.22 (7. 9. 2015) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.11.28 (10. 3. 2015) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Sothink Logo Maker (HKLM-x32\...\Sothink Logo Maker_is1) (Version: 3.4 - )
STORMWARE PDF Printer 10.1.0.1871 (HKLM\...\STORMWARE PDF Printer_is1) (Version: 10.1.0.1871 - STORMWARE)
STORMWARE POHODA CZ Profi (HKLM-x32\...\{090EFAD5-5E25-4C4F-907B-80489F088672}) (Version: 11100.161 - STORMWARE)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07BC67B6-B315-4B8E-AB90-A1F8B4974320} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3CE8EB79-3AC9-4B7C-B3DB-0BDB3278EE02} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {744C2DE5-EEF2-40C8-8B32-FD250070CA1A} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Helenka\AppData\Roaming\Adobe\Manager.exe
Task: {83A7E96B-5220-4ACE-AF1A-AD132418DF16} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {A22521B0-745A-4100-92CE-B11C75D1EA40} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D49D2B68-5781-41E4-B6BB-E4E0513B49C4} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {E9491759-7664-4A24-A3A6-0B4446B8F165} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Helenka\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com/
Shortcut: C:\Users\Helenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Helenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.)

ShortcutWithArgument: C:\Users\Helenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fc326a8ff20e4f4b\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData

==================== Loaded Modules (Whitelisted) ==============

2016-09-05 08:17 - 2015-06-11 15:58 - 00022528 _____ () C:\WINDOWS\System32\ssm4mlm.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-05 08:13 - 2016-07-17 22:43 - 00499000 ____N () C:\WINDOWS\SysWOW64\spdsvc.exe
2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2013-01-28 15:45 - 2013-01-28 15:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 15:42 - 2013-01-28 15:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 15:47 - 2013-01-28 15:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2012-08-23 00:04 - 2012-08-23 00:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2016-09-28 18:25 - 2016-09-28 18:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2012-11-03 01:38 - 2012-11-03 01:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-03 01:38 - 2012-11-03 01:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2016-10-15 17:20 - 2016-10-15 17:18 - 00002560 _____ () C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2016-10-27 13:01 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: 82.144.128.1 - 82.144.129.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Samsung Network PC Fax.lnk"
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{749E3877-382C-47F6-A2A2-E5E8B3A92A50}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F75C99F7-0C75-441C-BED8-60F50DBEC8C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2217D119-A726-4C39-8152-6F941C79231D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53C636BE-F62F-4891-9168-59C81F651A90}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{551CA223-1D76-439D-BCFD-AB106419AC59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{10E09F08-D236-4E70-8CEA-A044C57E5C10}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{BFD58CB8-F2BA-4485-AE2D-0EB6E989A2AA}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{3C9FF256-9BA8-4C37-9344-32571A06DD2E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{080C7874-E7EA-4F31-96A6-AB6E190B7A3A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{233E88A1-7A62-4013-A1E0-26B0C228FCF3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{83E034BF-9F98-43A4-A401-1F3236514AB0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{40E6C6D1-678E-4CB6-B715-F01EF0A8BE16}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{5FDFC512-6A32-4387-AEC8-2399092E5E7D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{7BB8076E-82C0-4702-939D-B36CFDF9B7E0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{4772EA2B-547C-484C-BC7E-AC7F36C044D6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{AF28863C-42C9-4BF9-8416-156366192AC6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{0B78C0A5-C366-4523-B856-376030B03B57}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{CDFF2BA1-22E6-4A2F-8EB8-4BB8CB7F9644}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{F826BDB2-4D85-4ED4-A7A4-FA1367019B31}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [TCP Query User{087D9074-0E90-48FB-913C-78FB1B1DC477}C:\users\helenka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\helenka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{4AB0424F-7E2C-4C20-BFF5-3B425E371606}C:\users\helenka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\helenka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{E8CEC7DB-FBA0-4BFB-BBC3-CB72D6B9D3FC}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe] => (Block) C:\program files (x86)\nero\nero 7\nero home\nerohome.exe
FirewallRules: [UDP Query User{5CC98C0D-DE1F-4CE5-89A8-9367E94FE405}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe] => (Block) C:\program files (x86)\nero\nero 7\nero home\nerohome.exe
FirewallRules: [TCP Query User{C4E4FC71-A59C-4EF0-8A2A-1612A17FEA60}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{DB66D218-878A-46C5-A4E4-8F2A758CA433}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{9E70B15B-F364-471E-97F2-998649536C91}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{773BF48F-B8A6-4704-BFE1-4FAAF3B05D8A}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{3F863523-03D6-45E1-9752-ECA158582B36}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{0FCDC6EA-8161-491C-BDF0-B95D2174A774}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{98EAFA11-DAE0-4706-A3DD-C10D69285FDC}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{DF63ADEB-A22A-4D11-BD88-96CFFC0082C8}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{19F369A9-3648-4B19-A9AF-7AC2CEF13E9B}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{197D832B-E659-4D0F-8B9D-E7C59CF9F99F}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{38DADA86-B6F7-41FC-ACF6-39E8A3096A33}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{45024A58-11F1-4ACA-A4B3-D7AC14FA55D3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{35184E0E-1536-49FF-8B45-19E240BC164D}] => (Allow) C:\Program Files (x86)\Samsung\Network PC Fax\drv\NetFaxMon64.exe
FirewallRules: [{05F7C0AD-E04F-4949-9507-D6991C65F02A}] => (Allow) C:\Program Files (x86)\Samsung\Network PC Fax\drv\NetFaxMon.exe
FirewallRules: [{EDD05972-B84A-4ED8-AC21-788528240379}] => (Allow) C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxMon64.exe
FirewallRules: [{BF75FCE0-0226-4656-A906-864F80D369F8}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{C72882DD-77B7-4F68-860F-3D07FFC95A4C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0F8D3ECB-174B-4425-AC3A-4AEAC4A3250D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{F305F3E9-C145-4CE6-8E78-32D065337C58}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{FF320BEE-DF10-47C2-96E1-19AEAEA8DFE4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{3B22CDF0-1F4B-4B1C-AC70-6473549F1D4E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{39711F32-6D74-4718-9CCE-622D0A542422}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{2F73B7E9-822B-4D44-A4B9-8CC5651CF188}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{54B11740-C0CC-4C75-A375-F3C5AFF7C909}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [TCP Query User{A2A4B2F0-90B1-43D9-8461-A12672F6A313}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [UDP Query User{F61F0EF9-B2C2-4E03-91C6-82F884920CE3}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [{ECA91091-34C1-4CBB-ADF5-E2AF8F43CE7C}] => (Allow) C:\Program Files (x86)\Stanper\Application\chrome.exe
FirewallRules: [TCP Query User{1FB0A910-5664-4823-92E2-140399E267D0}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{CAF5198C-8423-4733-B0C7-0B005C6347F2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe

==================== Restore Points =========================

11-10-2016 09:21:17 Naplánovaný kontrolní bod
15-10-2016 19:03:29 WinThruster (64-bit) Backup
16-10-2016 15:29:50 Revo Uninstaller Pro's restore point - UC浏览器
17-10-2016 19:08:16 Revo Uninstaller Pro's restore point - UCBrowser
17-10-2016 19:12:05 Revo Uninstaller Pro's restore point - WinThruster
25-10-2016 15:12:43 Naplánovaný kontrolní bod
27-10-2016 12:58:42 Removed Java 8 Update 73
27-10-2016 13:01:13 Restore Point Created by FRST
27-10-2016 18:38:25 Removed STORMWARE PAMICA Mini.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2016 08:32:59 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (10/28/2016 08:32:59 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (10/28/2016 08:32:59 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (10/28/2016 08:31:47 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (10/28/2016 08:31:47 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (10/28/2016 08:31:47 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (10/27/2016 06:41:27 PM) (Source: MsiInstaller) (EventID: 11706) (User: DOMA)
Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder. The Windows Installer cannot continue.

Error: (10/27/2016 06:33:57 PM) (Source: MsiInstaller) (EventID: 11706) (User: DOMA)
Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder. The Windows Installer cannot continue.

Error: (10/27/2016 06:26:04 PM) (Source: MsiInstaller) (EventID: 11706) (User: DOMA)
Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder. The Windows Installer cannot continue.

Error: (10/27/2016 04:07:48 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.


System errors:
=============
Error: (10/28/2016 08:24:46 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (10/28/2016 08:24:41 AM) (Source: DCOM) (EventID: 10010) (User: DOMA)
Description: Server {3EB3C877-1F16-487C-9050-104DBCD66683} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/28/2016 08:24:41 AM) (Source: DCOM) (EventID: 10010) (User: DOMA)
Description: Server {3EB3C877-1F16-487C-9050-104DBCD66683} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/27/2016 08:09:41 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (10/27/2016 04:03:03 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (10/27/2016 01:03:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AppEx Networks Accelerator LWF neuspěla při spuštění v důsledku následující chyby:
Zařízení připojené k systému nefunguje.

Error: (10/27/2016 01:03:21 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (10/27/2016 01:02:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (10/27/2016 01:01:45 PM) (Source: DCOM) (EventID: 10010) (User: DOMA)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/27/2016 01:01:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.


CodeIntegrity:
===================================
Date: 2016-10-27 09:56:38.885
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 09:56:38.885
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 09:56:38.635
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 09:45:23.129
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 09:45:22.925
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 09:02:51.748
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 08:46:02.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 08:17:52.204
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 08:17:51.946
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 08:17:51.913
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: AMD A8-4555M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 25%
Total physical RAM: 5578.27 MB
Available physical RAM: 4148.34 MB
Total Virtual: 11210.27 MB
Available Virtual: 9442.11 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.65 GB) (Free:880.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 387E8316)

Partition: GPT.

==================== End of Addition.txt ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Kontrola logu

#24 Příspěvek od altrok »

:arrow: Pri ukladani fixlistu v poznamkovem bloku musite prepnout kodovani na Unicode :!: Duvod je prosty - aby doslo k zachovani cinskych znaku a tim padem odstraneni japonskeho/cinskeho malwaru ( UC浏览器 ).

  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
2016-10-27 12:53 - 2016-10-27 12:53 - 00000003 _____ C:\WINDOWS\SysWOW64\hoewmds
2016-10-25 14:31 - 2016-10-25 14:31 - 00000000 ____D C:\Users\Helenka\AppData\Local\Stanper
2016-10-25 14:30 - 2016-10-25 14:30 - 00000000 ____D C:\Program Files (x86)\Stanper
2016-10-18 18:32 - 2016-10-18 18:32 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\dll-files.com
2016-10-16 13:57 - 2016-10-17 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
Folder: C:\ProgramData\ProductData
Task: {744C2DE5-EEF2-40C8-8B32-FD250070CA1A} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Helenka\AppData\Roaming\Adobe\Manager.exe
C:\Users\Helenka\AppData\Roaming\Adobe
Shortcut: C:\Users\Helenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Helenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.)

ShortcutWithArgument: C:\Users\Helenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fc326a8ff20e4f4b\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
FirewallRules: [TCP Query User{3F863523-03D6-45E1-9752-ECA158582B36}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{0FCDC6EA-8161-491C-BDF0-B95D2174A774}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{98EAFA11-DAE0-4706-A3DD-C10D69285FDC}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{DF63ADEB-A22A-4D11-BD88-96CFFC0082C8}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Nela_M
Návštěvník
Návštěvník
Příspěvky: 130
Registrován: 05 úno 2009 18:31

Re: Kontrola logu

#25 Příspěvek od Nela_M »

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Helenka (28-10-2016 10:13:38) Run:2
Running from C:\Users\Helenka\Desktop\ÚDRŽBA
Loaded Profiles: Helenka (Available Profiles: Helenka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
2016-10-27 12:53 - 2016-10-27 12:53 - 00000003 _____ C:\WINDOWS\SysWOW64\hoewmds
2016-10-25 14:31 - 2016-10-25 14:31 - 00000000 ____D C:\Users\Helenka\AppData\Local\Stanper
2016-10-25 14:30 - 2016-10-25 14:30 - 00000000 ____D C:\Program Files (x86)\Stanper
2016-10-18 18:32 - 2016-10-18 18:32 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\dll-files.com
2016-10-16 13:57 - 2016-10-17 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
Folder: C:\ProgramData\ProductData
Task: {744C2DE5-EEF2-40C8-8B32-FD250070CA1A} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Helenka\AppData\Roaming\Adobe\Manager.exe
C:\Users\Helenka\AppData\Roaming\Adobe
Shortcut: C:\Users\Helenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Helenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.)

ShortcutWithArgument: C:\Users\Helenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fc326a8ff20e4f4b\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
FirewallRules: [TCP Query User{3F863523-03D6-45E1-9752-ECA158582B36}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{0FCDC6EA-8161-491C-BDF0-B95D2174A774}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{98EAFA11-DAE0-4706-A3DD-C10D69285FDC}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{DF63ADEB-A22A-4D11-BD88-96CFFC0082C8}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\SysWOW64\hoewmds => moved successfully
C:\Users\Helenka\AppData\Local\Stanper => moved successfully
C:\Program Files (x86)\Stanper => moved successfully
C:\Users\Helenka\AppData\Roaming\dll-files.com => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器 => moved successfully

========================= Folder: C:\ProgramData\ProductData ========================

2016-10-16 13:57 - 2016-10-16 13:57 - 0000051 _____ () C:\ProgramData\ProductData\db4Stat.ini
2016-10-16 13:57 - 2016-10-16 14:52 - 0000032 _____ () C:\ProgramData\ProductData\StatCache.db

====== End of Folder: ======

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{744C2DE5-EEF2-40C8-8B32-FD250070CA1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{744C2DE5-EEF2-40C8-8B32-FD250070CA1A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Multimedia\Manager => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\Manager" => key removed successfully
C:\Users\Helenka\AppData\Roaming\Adobe => moved successfully
C:\Users\Helenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => moved successfully
C:\Users\Helenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => moved successfully
C:\Users\Helenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fc326a8ff20e4f4b\Google Chrome.lnk => Shortcut argument removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3F863523-03D6-45E1-9752-ECA158582B36}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0FCDC6EA-8161-491C-BDF0-B95D2174A774}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{98EAFA11-DAE0-4706-A3DD-C10D69285FDC}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DF63ADEB-A22A-4D11-BD88-96CFFC0082C8}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe => value removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5466476 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 414163 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2276 B
Helenka => 51210635 B

RecycleBin => 83532 B
EmptyTemp: => 62.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:14:33 ====
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Kontrola logu

#26 Příspěvek od altrok »

  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • na plose bude ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
RestoreQuarantine: C:\FRST\Quarantine\C\Users\Helenka\AppData\Roaming\Adobe
C:\Users\Helenka\AppData\Roaming\Adobe\Manager.exe
End


:arrow: Nainstalujte zpatky Chrome (nejlepe primo ze stranek vyrobce, aby se instalace obesla bez adwaru typu Seznam Listicka apod. https://www.google.cz/chrome/browser/ ) a naimportujte si do nej, co jste zazalohovala (zalozky, hesla, ...). Pote vlozte nove logy FRST.txt a Addition.txt.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Nela_M
Návštěvník
Návštěvník
Příspěvky: 130
Registrován: 05 úno 2009 18:31

Re: Kontrola logu

#27 Příspěvek od Nela_M »

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Helenka (28-10-2016 11:04:23) Run:3
Running from C:\Users\Helenka\Desktop\ÚDRŽBA
Loaded Profiles: Helenka (Available Profiles: Helenka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
RestoreQuarantine: C:\FRST\Quarantine\C\Users\Helenka\AppData\Roaming\Adobe
C:\Users\Helenka\AppData\Roaming\Adobe\Manager.exe
End
*****************

RestoreQuarantine: C:\FRST\Quarantine\C\Users\Helenka\AppData\Roaming\Adobe=> Restoring from Quarantine completed.
"C:\Users\Helenka\AppData\Roaming\Adobe\Manager.exe" => not found.

==== End of Fixlog 11:04:24 ====
Nahoru
Nela_M
Návštěvník
Návštěvník
Příspěvky: 130
Registrován: 05 úno 2009 18:31

Re: Kontrola logu

#28 Příspěvek od Nela_M »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2016
Ran by Helenka (administrator) on DOMA (28-10-2016 11:07:08)
Running from C:\Users\Helenka\Desktop\ÚDRŽBA
Loaded Profiles: Helenka (Available Profiles: Helenka)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
() C:\Windows\SysWOW64\spdsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2013-01-28] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169744 2015-09-12] (Apple Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2016-10-27]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2016-10-27]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 82.144.128.1 82.144.129.1
Tcpip\..\Interfaces\{6E729190-5055-4A76-BB8B-3DEFC60ADD76}: [DhcpNameServer] 82.144.128.1 82.144.129.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001 -> DefaultScope {4B7AB1A7-9E69-4413-BBB0-50F38FBC11F0} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001 -> {4B7AB1A7-9E69-4413-BBB0-50F38FBC11F0} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2520944081-2684202109-2728405321-1001 -> {BD63004A-89AC-488F-8A5A-D4311713A735} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-27] (Oracle Corporation)

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-27] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\Default [2016-10-28]
CHR Extension: (Prezentace Google) - C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-28]
CHR Extension: (Dokumenty Google) - C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-28]
CHR Extension: (Disk Google) - C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-28]
CHR Extension: (YouTube) - C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-28]
CHR Extension: (Tabulky Google) - C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-28]
CHR Extension: (Gmail) - C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-28]
CHR Extension: (Chrome Media Router) - C:\Users\Helenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-15] (Nero AG) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2016-03-18] (Dritek System INC.)
R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxServer64.exe [801472 2015-03-10] (Samsung Electronics Co., Ltd.)
R2 Samsung Printer Dianostics Service; C:\WINDOWS\SysWOW64\\spdsvc.exe [499000 2016-07-17] ()
S3 vmicvss; C:\WINDOWS\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-03-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-03-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [311968 2016-04-07] ()
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283200 2016-10-15] (DT Soft Ltd)
S0 ebdrv; C:\WINDOWS\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-10-16] (REALiX(tm))
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43168 2016-04-07] ()
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2016-03-18] (Dritek System Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2016-03-22] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2016-03-22] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2016-03-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-28 11:05 - 2016-10-28 11:05 - 00002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-28 11:05 - 2016-10-28 11:05 - 00002243 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-28 10:27 - 2016-10-28 11:04 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\Adobe
2016-10-28 09:37 - 2016-10-28 09:42 - 1429747712 _____ C:\Users\Helenka\Downloads\The.Nice.Guys.2016.BRRip.XviD.AC3.CZ.avi
2016-10-28 09:37 - 2016-10-28 09:37 - 00014124 _____ C:\Users\Helenka\Downloads\[CzT]Spravni_chlapi_The_Nice_Guys_2016_CZ_.torrent
2016-10-28 09:26 - 2016-10-28 09:31 - 1280982268 _____ C:\Users\Helenka\Downloads\Zootopia.2016.BRRip.XviD.AC3.CZ-EVO.avi
2016-10-28 08:31 - 2016-10-28 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parhelia Tools
2016-10-28 08:31 - 2016-10-28 08:31 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\Google Chrome Backup
2016-10-27 18:44 - 2016-10-27 18:44 - 00000000 ____D C:\ProgramData\BlueStacks
2016-10-27 18:43 - 2016-10-27 18:43 - 00002526 ____N C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2016-10-27 18:43 - 2016-10-27 18:43 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\WildTangent
2016-10-27 16:11 - 2016-10-27 16:11 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-10-27 16:11 - 2016-10-27 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-27 16:10 - 2016-10-27 16:10 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-27 16:05 - 2016-10-27 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-26 18:46 - 2016-10-26 18:58 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-26 18:46 - 2016-10-26 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-26 18:46 - 2016-10-26 18:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-26 18:46 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-10-26 18:46 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-10-26 18:46 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-10-25 15:46 - 2016-10-28 11:07 - 00000000 ____D C:\FRST
2016-10-25 14:31 - 2016-10-25 16:53 - 00000000 ____D C:\WINDOWS\system32\log
2016-10-20 19:05 - 2016-10-20 19:05 - 00002786 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-10-18 18:33 - 2016-10-18 18:33 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_7.dll
2016-10-18 17:03 - 2016-10-28 10:33 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2520944081-2684202109-2728405321-1001
2016-10-16 15:27 - 2016-10-16 15:27 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-10-16 13:57 - 2016-10-16 14:52 - 00000000 ____D C:\Users\Helenka\AppData\LocalLow\IObit
2016-10-16 13:57 - 2016-10-16 14:52 - 00000000 ____D C:\ProgramData\ProductData
2016-10-16 13:56 - 2016-10-18 19:16 - 00000000 ____D C:\Program Files (x86)\IObit
2016-10-16 13:56 - 2016-10-16 14:52 - 00000000 ____D C:\ProgramData\IObit
2016-10-16 13:56 - 2016-10-16 13:56 - 01625824 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\libeay32.dll
2016-10-16 13:56 - 2016-10-16 13:56 - 00608117 _____ C:\WINDOWS\libcurl-4.dll
2016-10-16 13:56 - 2016-10-16 13:56 - 00054784 _____ (MingW-W64 Project. All rights reserved.) C:\WINDOWS\libwinpthread-1.dll
2016-10-16 13:56 - 2016-10-16 13:56 - 00027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2016-10-16 13:56 - 2016-10-16 13:56 - 00000000 ____D C:\WINDOWS\IObit
2016-10-16 13:56 - 2016-10-16 13:56 - 00000000 ____D C:\WINDOWS\Azart
2016-10-16 13:56 - 2016-10-16 13:56 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\IObit
2016-10-15 18:35 - 2016-10-15 18:35 - 00000000 ____D C:\Users\Helenka\Documents\My Games
2016-10-15 18:35 - 2016-10-15 18:35 - 00000000 ____D C:\Users\Helenka\AppData\Local\Fallout4
2016-10-15 17:19 - 2016-10-27 12:52 - 00001946 _____ C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
2016-10-15 17:19 - 2016-10-20 19:06 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\DAEMON Tools Pro
2016-10-15 17:19 - 2016-10-15 17:19 - 00283200 _____ (DT Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2016-10-15 17:19 - 2016-10-15 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
2016-10-15 17:18 - 2016-10-16 13:56 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2016-10-15 17:18 - 2016-10-15 17:21 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2016-10-12 14:21 - 2016-10-01 02:22 - 07444312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-12 14:21 - 2016-09-30 09:55 - 25765376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-12 14:21 - 2016-09-30 08:09 - 06048256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-12 14:21 - 2016-09-30 07:47 - 20306944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-12 14:21 - 2016-09-30 07:21 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-12 14:21 - 2016-09-08 16:00 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-12 14:21 - 2016-09-08 00:07 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-12 14:21 - 2016-08-12 23:47 - 15431168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-12 14:21 - 2016-08-12 22:52 - 13317120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-12 14:21 - 2016-08-12 03:58 - 02315496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-12 14:21 - 2016-08-12 03:58 - 01946176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-12 14:21 - 2016-08-03 17:42 - 01317888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-10-12 14:21 - 2016-07-30 19:12 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-12 14:21 - 2016-07-30 18:36 - 02537472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-12 14:20 - 2016-09-30 08:25 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-12 14:20 - 2016-09-30 08:25 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-12 14:20 - 2016-09-30 08:12 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-10-12 14:20 - 2016-09-30 07:42 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-12 14:20 - 2016-09-30 07:41 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-12 14:20 - 2016-09-30 07:38 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-12 14:20 - 2016-09-30 07:33 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-10-12 14:20 - 2016-09-30 07:33 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-10-12 14:20 - 2016-09-30 07:32 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-12 14:20 - 2016-09-30 07:32 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-10-12 14:20 - 2016-09-30 07:31 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-10-12 14:20 - 2016-09-30 07:17 - 02920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-12 14:20 - 2016-09-30 07:12 - 04608512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-12 14:20 - 2016-09-30 07:11 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-12 14:20 - 2016-09-30 07:06 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-10-12 14:20 - 2016-09-30 07:05 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-10-12 14:20 - 2016-09-30 07:05 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-12 14:20 - 2016-09-30 07:05 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-12 14:20 - 2016-09-30 07:03 - 13653504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-12 14:20 - 2016-09-30 06:54 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-12 14:20 - 2016-09-30 06:46 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-12 14:20 - 2016-09-30 06:43 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-12 14:20 - 2016-09-30 06:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-10-12 14:20 - 2016-09-17 20:16 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-12 14:20 - 2016-09-17 19:53 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-10-12 14:20 - 2016-09-17 19:21 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-12 14:20 - 2016-09-17 19:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-10-12 14:20 - 2016-09-17 19:02 - 01446400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-12 14:20 - 2016-09-14 03:53 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-12 14:20 - 2016-09-14 03:53 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-12 14:20 - 2016-09-14 03:53 - 01490112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-12 14:20 - 2016-09-14 03:53 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-12 14:20 - 2016-09-13 00:03 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-12 14:20 - 2016-09-12 23:01 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-12 14:20 - 2016-09-09 16:17 - 04170752 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-10-12 14:20 - 2016-09-08 22:41 - 00121176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-12 14:20 - 2016-09-08 16:00 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-12 14:20 - 2016-09-07 23:59 - 01754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-12 14:20 - 2016-09-07 23:59 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-12 14:20 - 2016-09-07 23:57 - 01560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-12 14:20 - 2016-09-07 23:56 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-12 14:20 - 2016-08-31 19:22 - 03754496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-12 14:20 - 2016-08-31 18:33 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-12 14:20 - 2016-08-25 22:50 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-10-12 14:20 - 2016-08-25 21:40 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-10-12 14:20 - 2016-08-13 02:05 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-10-12 14:20 - 2016-08-13 02:03 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifibus.sys
2016-10-12 14:20 - 2016-08-13 02:02 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2016-10-12 14:20 - 2016-08-13 02:01 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2016-10-12 14:20 - 2016-08-13 00:35 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2016-10-12 14:20 - 2016-08-13 00:19 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-10-12 14:20 - 2016-08-12 23:17 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2016-10-12 14:20 - 2016-08-11 20:33 - 00096256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys
2016-10-12 14:20 - 2016-08-11 20:33 - 00083456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-10-12 14:20 - 2016-08-11 20:33 - 00023040 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys
2016-10-12 14:20 - 2016-08-11 19:17 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-10-12 14:20 - 2016-08-11 15:39 - 00445765 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-12 14:20 - 2016-08-11 07:46 - 00420184 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-12 14:20 - 2016-08-03 17:36 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-10-12 14:20 - 2016-08-03 17:36 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-10-12 14:20 - 2016-08-03 17:33 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-10-12 14:20 - 2016-07-26 15:40 - 00162850 _____ C:\WINDOWS\SysWOW64\C_932.NLS
2016-10-12 14:20 - 2016-07-26 15:40 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-10-12 14:20 - 2016-07-23 20:18 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-10-12 14:20 - 2016-07-23 20:12 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-10-12 14:18 - 2016-09-13 01:48 - 00085680 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-12 14:18 - 2016-09-09 15:38 - 01629184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-12 14:18 - 2016-09-09 15:38 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-12 14:17 - 2016-08-27 21:44 - 22360288 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-12 14:17 - 2016-08-27 21:44 - 02755504 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-10-12 14:17 - 2016-08-27 21:44 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\RestoreOptIn.exe
2016-10-12 14:17 - 2016-08-27 20:26 - 19789232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-10-12 14:17 - 2016-08-27 20:26 - 02411048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-10-12 14:17 - 2016-08-27 20:26 - 00113656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RestoreOptIn.exe
2016-10-12 14:17 - 2016-08-27 18:33 - 02881536 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-10-12 14:17 - 2016-08-27 18:11 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-10-12 14:17 - 2016-08-27 18:09 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-12 14:17 - 2016-08-27 17:55 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-12 14:17 - 2016-08-21 00:24 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-10-12 14:17 - 2016-08-21 00:12 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-10-10 16:17 - 2016-10-10 16:17 - 00000000 ____D C:\Users\Helenka\Documents\SkidRow
2016-10-10 16:17 - 2016-10-10 16:17 - 00000000 ____D C:\Users\Helenka\AppData\Local\Introversion
2016-10-10 16:15 - 2016-10-18 19:15 - 00000000 ____D C:\Program Files (x86)\Prison Architect

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-28 11:08 - 2016-04-01 14:58 - 00000000 ____D C:\Users\Helenka\Desktop\ÚDRŽBA
2016-10-28 11:05 - 2016-03-19 11:41 - 00000000 ____D C:\Users\Helenka\AppData\Local\Google
2016-10-28 11:05 - 2016-03-19 11:41 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-28 10:22 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-28 10:22 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-10-28 10:13 - 2016-03-19 14:01 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\uTorrent
2016-10-28 09:44 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-28 09:37 - 2014-11-21 06:53 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-28 09:37 - 2014-11-21 06:10 - 00739924 _____ C:\WINDOWS\system32\perfh005.dat
2016-10-28 09:37 - 2014-11-21 06:10 - 00151610 _____ C:\WINDOWS\system32\perfc005.dat
2016-10-28 09:16 - 2016-03-19 18:25 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\.minecraft
2016-10-28 08:29 - 2016-03-23 15:20 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2913751E-8255-4176-B63F-A7232F23BCFB}
2016-10-28 03:22 - 2016-05-25 20:23 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-27 18:43 - 2013-03-12 18:30 - 00002636 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
2016-10-27 18:43 - 2013-03-12 18:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-27 18:43 - 2013-03-12 18:30 - 00000000 ____D C:\ProgramData\WildTangent
2016-10-27 18:43 - 2013-03-12 18:30 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-10-27 18:39 - 2016-03-22 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STORMWARE Office
2016-10-27 16:10 - 2016-03-29 20:48 - 00000000 ____D C:\Users\Helenka\Downloads\Minecraft-warez-launcher-1.9
2016-10-27 16:06 - 2016-03-24 23:01 - 00000000 ____D C:\WINDOWS\Minidump
2016-10-27 12:53 - 2016-04-15 12:00 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-10-27 12:53 - 2016-03-29 20:01 - 00002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-10-27 12:53 - 2016-03-23 00:19 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-27 12:53 - 2016-03-19 13:38 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-10-27 12:53 - 2016-03-18 18:50 - 00001984 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-10-27 12:52 - 2016-09-05 08:05 - 00002291 _____ C:\Users\Public\Desktop\Samsung Printer Diagnostics.lnk
2016-10-27 12:52 - 2016-05-18 10:08 - 00001238 _____ C:\Users\Public\Desktop\Sothink Logo Maker.lnk
2016-10-27 12:52 - 2016-05-01 19:08 - 00002682 _____ C:\Users\Public\Desktop\Nero Home.lnk
2016-10-27 12:52 - 2016-04-15 12:00 - 00002037 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-10-27 12:52 - 2016-04-15 11:32 - 00001995 _____ C:\Users\Public\Desktop\Ekonomický systém POHODA 2015 Profi.lnk
2016-10-27 12:52 - 2016-03-23 15:07 - 00001430 _____ C:\Users\Helenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-27 12:52 - 2016-03-23 00:13 - 00000469 _____ C:\Users\Helenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-10-27 12:52 - 2016-03-23 00:13 - 00000467 _____ C:\Users\Helenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-10-27 12:52 - 2016-03-19 13:41 - 00001751 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-10-27 12:52 - 2016-03-18 18:53 - 00002133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Norton Online Backup.lnk
2016-10-27 12:52 - 2013-03-12 19:03 - 00002115 _____ C:\Users\Public\Desktop\Acer Backup Manager.lnk
2016-10-27 12:50 - 2016-03-23 00:13 - 00000000 ____D C:\Users\Helenka
2016-10-27 09:46 - 2016-04-01 19:39 - 00000000 ____D C:\Users\Helenka\Documents\Bluetooth Folder
2016-10-27 09:46 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-27 08:59 - 2016-03-24 10:35 - 00000000 ____D C:\Users\Helenka\Desktop\HRY
2016-10-27 08:59 - 2016-03-19 14:01 - 00000000 ____D C:\Users\Helenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2016-10-26 18:29 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-10-25 16:54 - 2016-03-31 19:06 - 00000000 ____D C:\AdwCleaner
2016-10-25 16:25 - 2016-03-24 10:36 - 00000000 ____D C:\Users\Helenka\AppData\Local\clear.fi
2016-10-25 14:40 - 2016-03-24 10:41 - 00000000 ____D C:\Users\Helenka\AppData\Local\Deployment
2016-10-24 23:54 - 2014-11-21 14:21 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-24 23:54 - 2014-11-21 14:21 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-20 19:16 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-20 19:15 - 2013-08-22 16:44 - 00412592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-18 19:16 - 2016-09-05 08:18 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2016-10-18 19:16 - 2016-04-20 18:56 - 00000000 ____D C:\Games
2016-10-18 19:16 - 2016-03-23 00:02 - 00000000 ____D C:\AMD
2016-10-18 19:16 - 2016-03-18 18:18 - 00000000 ____D C:\Dolby PCEE4
2016-10-18 19:16 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppCompat
2016-10-18 19:16 - 2013-08-22 17:36 - 00000000 ____D C:\PerfLogs
2016-10-18 19:16 - 2013-03-12 19:03 - 00000000 ____D C:\Program Files (x86)\NTI
2016-10-18 18:32 - 2013-03-12 19:04 - 00000000 ____D C:\ProgramData\Temp
2016-10-16 13:56 - 2016-09-05 08:18 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2016-10-16 13:56 - 2016-09-05 08:05 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-10-16 13:56 - 2016-06-01 16:52 - 00000000 ____D C:\Program Files (x86)\MKVTOAVI
2016-10-16 13:56 - 2016-05-04 17:36 - 00000000 ____D C:\Program Files (x86)\SourceTec
2016-10-16 13:56 - 2016-05-04 17:12 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2016-10-16 13:56 - 2016-05-01 19:06 - 00000000 ____D C:\Program Files (x86)\Nero
2016-10-16 13:56 - 2016-04-15 12:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-16 13:56 - 2016-03-24 10:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-10-16 13:56 - 2016-03-24 10:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2016-10-16 13:56 - 2016-03-23 15:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-10-16 13:56 - 2016-03-22 22:41 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-10-16 13:56 - 2016-03-22 22:41 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-10-16 13:56 - 2016-03-22 19:58 - 00000000 ____D C:\Program Files (x86)\STORMWARE
2016-10-16 13:56 - 2016-03-19 13:39 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-10-16 13:56 - 2016-03-19 13:35 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-10-16 13:56 - 2016-03-18 18:53 - 00000000 ____D C:\Program Files (x86)\Symantec
2016-10-16 13:56 - 2016-03-18 18:53 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-10-16 13:56 - 2016-03-18 18:53 - 00000000 ____D C:\Program Files (x86)\Norton Online Backup ARA
2016-10-16 13:56 - 2016-03-18 18:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-16 13:56 - 2016-03-18 18:23 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2016-10-16 13:56 - 2016-03-18 18:20 - 00000000 ____D C:\Program Files (x86)\AmIcoSingLun
2016-10-16 13:56 - 2016-03-18 18:11 - 00000000 ____D C:\Program Files (x86)\Launch Manager
2016-10-16 13:56 - 2016-03-18 18:07 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2016-10-16 13:56 - 2016-03-18 18:07 - 00000000 ____D C:\Program Files (x86)\AMD APP
2016-10-16 13:56 - 2016-03-18 18:05 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-10-16 13:56 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-10-16 13:56 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-10-16 13:56 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-10-16 13:56 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-10-16 13:56 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-10-16 13:56 - 2013-03-12 19:05 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-10-16 13:56 - 2013-03-12 19:02 - 00000000 ____D C:\Program Files (x86)\EgisTec Shredder
2016-10-16 13:56 - 2013-03-12 19:02 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2016-10-16 13:56 - 2013-03-12 19:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-16 13:56 - 2013-03-12 19:01 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLockerSuite
2016-10-16 13:56 - 2013-03-12 19:01 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLocker
2016-10-16 13:56 - 2013-03-12 18:59 - 00000000 ____D C:\Program Files (x86)\Acer
2016-10-16 13:56 - 2013-03-12 18:32 - 00000000 ____D C:\Program Files (x86)\WildGames
2016-10-16 11:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-10-15 19:06 - 2013-03-12 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-10-15 18:47 - 2016-04-20 18:19 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-15 18:47 - 2014-11-21 14:14 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-10-15 18:46 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-10-13 10:38 - 2016-03-19 15:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-13 10:38 - 2014-11-21 07:25 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-13 10:29 - 2016-03-19 15:53 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-11 16:24 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-02 11:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-10-02 11:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\setup

==================== Files in the root of some directories =======

2016-03-29 20:55 - 2016-03-29 20:55 - 0050304 _____ () C:\Users\Helenka\AppData\Roaming\gtk20.mo.id_c05a2ddbccba96cf_email_zeta@dr.com.scl
2016-03-27 22:25 - 2016-03-27 22:25 - 0001960 _____ () C:\Users\Helenka\AppData\Roaming\SeleniumCisternaFronton
2014-10-07 06:39 - 2014-10-07 06:39 - 0011264 _____ () C:\Users\Helenka\AppData\Roaming\System.dll
2016-05-04 17:12 - 2016-05-04 17:12 - 0000003 _____ () C:\Users\Helenka\AppData\Local\updater.log
2016-05-04 17:12 - 2016-08-06 21:36 - 0000424 _____ () C:\Users\Helenka\AppData\Local\UserProducts.xml
2016-03-18 18:18 - 2016-03-18 18:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-19 18:34

==================== End of FRST.txt ============================
Nahoru
Nela_M
Návštěvník
Návštěvník
Příspěvky: 130
Registrován: 05 úno 2009 18:31

Re: Kontrola logu

#29 Příspěvek od Nela_M »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Helenka (28-10-2016 11:08:20)
Running from C:\Users\Helenka\Desktop\ÚDRŽBA
Windows 8.1 (Update) (X64) (2016-03-23 13:02:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2520944081-2684202109-2728405321-500 - Administrator - Disabled)
Guest (S-1-5-21-2520944081-2684202109-2728405321-501 - Limited - Disabled)
Helenka (S-1-5-21-2520944081-2684202109-2728405321-1001 - Administrator - Enabled) => C:\Users\Helenka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.13 (x64) (HKLM\...\7-Zip) (Version: 15.13 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Reader XI (11.0.18) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.7.42.61541 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.7.42.61541 - Alcor Micro Corp.) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{1109461B-E8C8-EE08-0219-5711383B03DF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.5 - Atheros Communications Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.4.51 - Conexant)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
ETDWare PS/2-X64 11.6.16.203_WHQL (HKLM\...\Elantech) (Version: 11.6.16.203 - ELAN Microelectronic Corp.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{CEC7613B-E286-4A31-BEE3-3F7798488D9F}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8102 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Nero 7 Ultra Edition (HKLM-x32\...\{4F2CE68F-EDBB-4592-BF07-5AC930A51029}) (Version: 7.02.6446 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3202 - Acer)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Prison Architect (HKLM\...\{203FDA07-E643-4E87-916A-B0CD31415713}_is1) (Version: 2.0 - Introversion Software)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.60 (17. 3. 2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(25. 5. 2015) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.22 (7. 9. 2015) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.11.28 (10. 3. 2015) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Sothink Logo Maker (HKLM-x32\...\Sothink Logo Maker_is1) (Version: 3.4 - )
STORMWARE PDF Printer 10.1.0.1871 (HKLM\...\STORMWARE PDF Printer_is1) (Version: 10.1.0.1871 - STORMWARE)
STORMWARE POHODA CZ Profi (HKLM-x32\...\{090EFAD5-5E25-4C4F-907B-80489F088672}) (Version: 11100.161 - STORMWARE)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07BC67B6-B315-4B8E-AB90-A1F8B4974320} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3CE8EB79-3AC9-4B7C-B3DB-0BDB3278EE02} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {83A7E96B-5220-4ACE-AF1A-AD132418DF16} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {A22521B0-745A-4100-92CE-B11C75D1EA40} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D49D2B68-5781-41E4-B6BB-E4E0513B49C4} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {E9491759-7664-4A24-A3A6-0B4446B8F165} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Helenka\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com/

==================== Loaded Modules (Whitelisted) ==============

2016-09-05 08:17 - 2015-06-11 15:58 - 00022528 _____ () C:\WINDOWS\System32\ssm4mlm.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-05 08:13 - 2016-07-17 22:43 - 00499000 ____N () C:\WINDOWS\SysWOW64\spdsvc.exe
2013-01-28 15:45 - 2013-01-28 15:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 15:42 - 2013-01-28 15:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2013-01-28 15:47 - 2013-01-28 15:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-11-03 01:38 - 2012-11-03 01:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-03 01:38 - 2012-11-03 01:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2016-10-15 17:20 - 2016-10-15 17:18 - 00002560 _____ () C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2016-10-27 13:01 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: 82.144.128.1 - 82.144.129.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Samsung Network PC Fax.lnk"
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2520944081-2684202109-2728405321-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{749E3877-382C-47F6-A2A2-E5E8B3A92A50}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F75C99F7-0C75-441C-BED8-60F50DBEC8C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2217D119-A726-4C39-8152-6F941C79231D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53C636BE-F62F-4891-9168-59C81F651A90}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{551CA223-1D76-439D-BCFD-AB106419AC59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{10E09F08-D236-4E70-8CEA-A044C57E5C10}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{BFD58CB8-F2BA-4485-AE2D-0EB6E989A2AA}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{3C9FF256-9BA8-4C37-9344-32571A06DD2E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{080C7874-E7EA-4F31-96A6-AB6E190B7A3A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{233E88A1-7A62-4013-A1E0-26B0C228FCF3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{83E034BF-9F98-43A4-A401-1F3236514AB0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{40E6C6D1-678E-4CB6-B715-F01EF0A8BE16}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{5FDFC512-6A32-4387-AEC8-2399092E5E7D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{7BB8076E-82C0-4702-939D-B36CFDF9B7E0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{4772EA2B-547C-484C-BC7E-AC7F36C044D6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{AF28863C-42C9-4BF9-8416-156366192AC6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{0B78C0A5-C366-4523-B856-376030B03B57}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{CDFF2BA1-22E6-4A2F-8EB8-4BB8CB7F9644}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{F826BDB2-4D85-4ED4-A7A4-FA1367019B31}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [TCP Query User{087D9074-0E90-48FB-913C-78FB1B1DC477}C:\users\helenka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\helenka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{4AB0424F-7E2C-4C20-BFF5-3B425E371606}C:\users\helenka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\helenka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{E8CEC7DB-FBA0-4BFB-BBC3-CB72D6B9D3FC}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe] => (Block) C:\program files (x86)\nero\nero 7\nero home\nerohome.exe
FirewallRules: [UDP Query User{5CC98C0D-DE1F-4CE5-89A8-9367E94FE405}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe] => (Block) C:\program files (x86)\nero\nero 7\nero home\nerohome.exe
FirewallRules: [TCP Query User{C4E4FC71-A59C-4EF0-8A2A-1612A17FEA60}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{DB66D218-878A-46C5-A4E4-8F2A758CA433}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{9E70B15B-F364-471E-97F2-998649536C91}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{773BF48F-B8A6-4704-BFE1-4FAAF3B05D8A}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{19F369A9-3648-4B19-A9AF-7AC2CEF13E9B}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{197D832B-E659-4D0F-8B9D-E7C59CF9F99F}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{38DADA86-B6F7-41FC-ACF6-39E8A3096A33}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{45024A58-11F1-4ACA-A4B3-D7AC14FA55D3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{35184E0E-1536-49FF-8B45-19E240BC164D}] => (Allow) C:\Program Files (x86)\Samsung\Network PC Fax\drv\NetFaxMon64.exe
FirewallRules: [{05F7C0AD-E04F-4949-9507-D6991C65F02A}] => (Allow) C:\Program Files (x86)\Samsung\Network PC Fax\drv\NetFaxMon.exe
FirewallRules: [{EDD05972-B84A-4ED8-AC21-788528240379}] => (Allow) C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxMon64.exe
FirewallRules: [{BF75FCE0-0226-4656-A906-864F80D369F8}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{C72882DD-77B7-4F68-860F-3D07FFC95A4C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0F8D3ECB-174B-4425-AC3A-4AEAC4A3250D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{F305F3E9-C145-4CE6-8E78-32D065337C58}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{FF320BEE-DF10-47C2-96E1-19AEAEA8DFE4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{3B22CDF0-1F4B-4B1C-AC70-6473549F1D4E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{39711F32-6D74-4718-9CCE-622D0A542422}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{2F73B7E9-822B-4D44-A4B9-8CC5651CF188}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{54B11740-C0CC-4C75-A375-F3C5AFF7C909}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [TCP Query User{A2A4B2F0-90B1-43D9-8461-A12672F6A313}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [UDP Query User{F61F0EF9-B2C2-4E03-91C6-82F884920CE3}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [{ECA91091-34C1-4CBB-ADF5-E2AF8F43CE7C}] => (Allow) C:\Program Files (x86)\Stanper\Application\chrome.exe
FirewallRules: [TCP Query User{1FB0A910-5664-4823-92E2-140399E267D0}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{CAF5198C-8423-4733-B0C7-0B005C6347F2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{E5F81883-4170-47EA-BE28-F63E6953D317}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-10-2016 09:21:17 Naplánovaný kontrolní bod
15-10-2016 19:03:29 WinThruster (64-bit) Backup
16-10-2016 15:29:50 Revo Uninstaller Pro's restore point - UC浏览器
17-10-2016 19:08:16 Revo Uninstaller Pro's restore point - UCBrowser
17-10-2016 19:12:05 Revo Uninstaller Pro's restore point - WinThruster
25-10-2016 15:12:43 Naplánovaný kontrolní bod
27-10-2016 12:58:42 Removed Java 8 Update 73
27-10-2016 13:01:13 Restore Point Created by FRST
27-10-2016 18:38:25 Removed STORMWARE PAMICA Mini.
28-10-2016 10:13:39 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2016 08:32:59 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (10/28/2016 08:32:59 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (10/28/2016 08:32:59 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (10/28/2016 08:31:47 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (10/28/2016 08:31:47 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (10/28/2016 08:31:47 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (10/27/2016 06:41:27 PM) (Source: MsiInstaller) (EventID: 11706) (User: DOMA)
Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder. The Windows Installer cannot continue.

Error: (10/27/2016 06:33:57 PM) (Source: MsiInstaller) (EventID: 11706) (User: DOMA)
Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder. The Windows Installer cannot continue.

Error: (10/27/2016 06:26:04 PM) (Source: MsiInstaller) (EventID: 11706) (User: DOMA)
Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder. The Windows Installer cannot continue.

Error: (10/27/2016 04:07:48 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest na řádku 4.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.


System errors:
=============
Error: (10/28/2016 10:22:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AppEx Networks Accelerator LWF neuspěla při spuštění v důsledku následující chyby:
Zařízení připojené k systému nefunguje.

Error: (10/28/2016 10:22:03 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (10/28/2016 10:19:36 AM) (Source: DCOM) (EventID: 10010) (User: DOMA)
Description: Server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/28/2016 10:15:57 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Instalační služba modulů systému Windows, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (10/28/2016 10:14:27 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (10/28/2016 10:13:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Google Update (gupdate) byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/28/2016 10:13:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (10/28/2016 10:13:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (10/28/2016 10:13:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba GamesAppService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/28/2016 10:13:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba GamesAppIntegrationService byla neočekávaně ukončena. Tento stav nastal již 1krát.


CodeIntegrity:
===================================
Date: 2016-10-27 09:56:38.885
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 09:56:38.885
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 09:56:38.635
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 09:45:23.129
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 09:45:22.925
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 09:02:51.748
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 08:46:02.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 08:17:52.204
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 08:17:51.946
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-10-27 08:17:51.913
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: AMD A8-4555M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 23%
Total physical RAM: 5578.27 MB
Available physical RAM: 4274.87 MB
Total Virtual: 11210.27 MB
Available Virtual: 9918.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.65 GB) (Free:876.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 387E8316)

Partition: GPT.

==================== End of Addition.txt ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Kontrola logu

#30 Příspěvek od altrok »

Vyborne, ted jiz dalsi havet v logu nevidim. Vyzkousejte, jak se PC chova. Pokud vsechno bude v poradku, tak uz jen uklidime pouzite nastroje.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“