Vírus

[Rudy]

Takže OK. Teď ho odpojte a koukneme na samotný PC. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[Boris]

Ešte by som sa chcel zbaviť tohoto: http://prntscr.com/cyfij4 Píše mi to po zapnutí PC.

Nechce mi to stiahnuť viem že na starom PC mi to išlo ale nejde ani po vypnutí avastu: http://prntscr.com/cyfjxw

[Rudy]

Soubor hoďte do koše a koš vysypte. Dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=130786 .

[Boris]

Logfile of random's system information tool 1.13 (written by random/random)
Run by User at 2016-10-25 13:59:38
Microsoft Windows 7 Ultimate
System drive C: has 17 GB (13%) free of 134 GB
Total RAM: 4094 MB (61% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:59:44, on 25. 10. 2016
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\User_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8015 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
taskeng.exe {0C94EB90-ECE3-4CB1-BA31-70E757ED96B8}
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1a6ab18c-cfb5-4042-9164-73e847e75c48 -SystemEventPortName:HostProcess-27727ad1-b339-419b-91b8-cff1062b649b -IoCancelEventPortName:HostProcess-1ecdb183-207f-49d4-b8a0-fc5f133567df -NonStateChangingEventPortName:HostProcess-5e77f927-ed70-4cd8-b3b5-a82541e8fbf6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:22525fef-9712-4805-8c06-aff57940af3f
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="3744.0.1234310874\1829816115" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 3744 "\\.\pipe\gecko-crash-server-pipe.3744" tab
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs

"C:\Users\User\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\update-S-1-5-21-1906443015-4026824225-2091223967-1001.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\tasks\update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1458713836 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\update-S-1-5-21-1906443015-4026824225-2091223967-1001 - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\update-sys - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\{021F0F9E-A937-4D83-BE8B-9AC1D600B5D4} - D:\Wolfenstein The New Order\WolfNewOrder_x64.exe
C:\Windows\system32\tasks\{0BFB67BC-ECA5-496D-8C0C-527803C8AB1D} - "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/7.18.0.112/sk/ ... rogressBar
C:\Windows\system32\tasks\{22DCE9F4-882E-4505-93A9-68F13FBA754A} - C:\Windows\system32\pcalua.exe -a J:\SETUP.EXE -d "C:\Program Files\DAEMON Tools Lite"
C:\Windows\system32\tasks\{4FD0F90F-1A22-4BC3-9B80-EDB8B7B814F6} - C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
C:\Windows\system32\tasks\{52053831-F4D8-47F6-91C0-D7962F6FEED6} - C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\booddanet\Half-Life 2\Uninstal.exe" -d "C:\Program Files (x86)\booddanet\Half-Life 2"
C:\Windows\system32\tasks\{909D3ADA-7429-43F2-B342-6F4584738EAF} - C:\Windows\system32\pcalua.exe -a K:\Fairlight\Installer.exe -d "C:\Program Files\DAEMON Tools Lite"
C:\Windows\system32\tasks\{D871AB1C-D82C-497A-8DF1-65C6CDEFF578} - C:\Windows\system32\pcalua.exe -a C:\Users\User\Downloads\Call.of.Duty.Modern.Warfare.3-RELOADED\CoDMW3\Setup.EXE -d C:\Users\User\Downloads\Call.of.Duty.Modern.Warfare.3-RELOADED\CoDMW3
C:\Windows\system32\tasks\{DEB4102D-1F8B-4789-94BD-B31AFD594BA5} - C:\Windows\system32\pcalua.exe -a "C:\Users\User\Downloads\Half-Life 2 CZ 2004 KAMCA\Half-Life 2.exe" -d "C:\Users\User\Downloads\Half-Life 2 CZ 2004 KAMCA"
C:\Windows\system32\tasks\{E8839F9E-FCB5-4728-A93C-1D1594870DF2} - C:\Windows\system32\pcalua.exe -a C:\Users\User\Downloads\Call.of.Duty.Modern.Warfare.3-RELOADED\rld-mw3a\Setup.EXE -d C:\Users\User\Downloads\Call.of.Duty.Modern.Warfare.3-RELOADED\rld-mw3a
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-1906443015-4026824225-2091223967-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs

=========Mozilla firefox=========

ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8b1g0pcy.default

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.185 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.185 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8b1g0pcy.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8b1g0pcy.default\addons.json
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b}
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8b1g0pcy.default\extensions.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8b1g0pcy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Avast Online Security - extension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
Avast SafePrice - extension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8b1g0pcy.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8b1g0pcy.default\pluginreg.dat
Plugin - Google Update - 1.3.31.5 - C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
Plugin - NVIDIA 3D VISION - 7.17.13.1422 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Plugin - NVIDIA 3D Vision - 7.17.13.1422 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
Plugin - Microsoft Office 2010 - 14.0.4730.1010 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
Plugin - Microsoft Office 2010 - 14.0.4761.1000 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
Plugin - Shockwave Flash - 23.0.0.185 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll

=========Google Chrome=========

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentácie Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Web Store 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension bgjpfhpjcgdppjbgnpnjllokbmcdllig 1 Seznam Lištička - Email 1.3.14
Extension blmojkbhnkkphngknkmgccmlenfaelkd 1 Seznam Lištička - Slovník 1.2.14
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Google Search 0.0.0.60
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabuľky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 0 Dokumenty Google v režime offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 11.1.0.955
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension lifbcibllhkdhoafpjfnlhfpfgnpldfl 0 Skype 8.4.0.9162
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension olfeabkoenfaoljndfecamgilllcpiak 1 Seznam Lištička - Rychlá volba 1.7.13
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm
Homepage:
default_search_provider.search_url:
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-09 952952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-09 716632]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-08-08 8900328]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-10-25 13:59:38 ----D---- C:\rsit
2016-10-25 13:59:38 ----D---- C:\Program Files\trend micro
2016-10-24 20:36:39 ----D---- C:\UsbFix
2016-10-22 17:14:30 ----D---- C:\Program Files (x86)\Electronic Arts
2016-10-22 09:43:46 ----D---- C:\Windows\pss
2016-10-21 16:31:06 ----D---- C:\ProgramData\Origin
2016-10-12 17:38:06 ----D---- C:\ProgramData\Electronic Arts
2016-10-12 17:38:06 ----D---- C:\ProgramData\EA Core

======List of files/folders modified in the last 1 month======

2016-10-25 13:59:44 ----D---- C:\Windows\Prefetch
2016-10-25 13:59:40 ----D---- C:\Windows\Temp
2016-10-25 13:59:38 ----RD---- C:\Program Files
2016-10-25 13:52:27 ----D---- C:\ProgramData\NVIDIA
2016-10-24 20:55:13 ----D---- C:\Windows\System32
2016-10-24 20:55:13 ----D---- C:\Windows\inf
2016-10-24 20:55:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-10-24 20:06:36 ----D---- C:\Program Files (x86)\Steam
2016-10-24 17:04:13 ----D---- C:\Windows\system32\drivers
2016-10-24 16:54:30 ----SHD---- C:\Windows\Installer
2016-10-24 16:54:30 ----RD---- C:\Program Files (x86)\Skype
2016-10-22 17:14:30 ----RD---- C:\Program Files (x86)
2016-10-22 09:43:46 ----D---- C:\Windows
2016-10-22 09:42:47 ----D---- C:\Windows\system32\catroot2
2016-10-21 21:35:02 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-21 21:35:02 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-10-21 20:03:34 ----D---- C:\Users\User\AppData\Roaming\uTorrent
2016-10-21 19:15:20 ----D---- C:\Users\User\AppData\Roaming\Skype
2016-10-21 19:14:33 ----D---- C:\ProgramData\Skype
2016-10-21 16:31:06 ----HD---- C:\ProgramData
2016-10-21 16:29:46 ----RSD---- C:\Windows\assembly
2016-10-21 16:29:06 ----D---- C:\Windows\Logs
2016-10-21 15:51:33 ----D---- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2016-10-17 19:04:18 ----D---- C:\Program Files (x86)\Common Files
2016-10-12 17:14:19 ----D---- C:\Windows\system32\config
2016-10-12 17:14:14 ----D---- C:\Windows\winsxs
2016-10-11 16:21:46 ----D---- C:\Windows\SysWOW64
2016-10-11 16:21:39 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-10-11 16:21:32 ----D---- C:\Windows\system32\Macromed
2016-10-11 16:21:29 ----D---- C:\Windows\SYSWOW64\Macromed
2016-09-26 19:45:58 ----D---- C:\Counter-Strike 1.6

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-07-09 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-08-05 292704]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-07-09 37144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-07-09 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-07-09 1070904]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-07-14 473592]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-07-09 37656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-07-09 108304]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-07-09 162904]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-12-29 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2015-12-29 46392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-12-19 194488]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
S3 xhunter1;xhunter1; \??\C:\Windows\xhunter1.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-07-09 197128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-03-15 877856]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2016-07-14 66872]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-29 144200]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-11 270016]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-11-30 1368408]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-29 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-10-21 172488]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-10-13 1459488]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Jak je na tom váš oper. systém s legalitou?

[Boris]

zatial pohode takže je všetko poriadku?

[Rudy]

Udělejte ještě tento sken:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<.

Dejte oba logy.

[Boris]

to s tými desktop bude asi problém http://prntscr.com/cz6p1r

[Rudy]

Musím vědět, jaký proces to otvírá. Jinak se toho nezbavíme. Kde jsou ty logy?

[Boris]

no ale tam je to cez 650 súborov kde je ten desktop už sa to skenuje

[Rudy]

Njn. Bez toho se ale dál nehneme.

[Boris]

logy sa ešte stále skenuju a ten desktop pozerám že uprava je v roku 2015 tak to nebude tým toto bude asi nový vytvorený len neviem ako ho najsť

[Rudy]

Ok. Až uvidím logy, možná budu chytřejší.

[Boris]

ok ale nejako to trva

[Boris]

OTL Extras logfile created on: 26. 10. 2016 19:26:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

4,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,35% Memory free
9,99 Gb Paging File | 7,65 Gb Available in Paging File | 76,53% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 130,61 Gb Total Space | 17,00 Gb Free Space | 13,01% Space Free | Partition Type: NTFS
Drive D: | 101,97 Gb Total Space | 29,57 Gb Free Space | 28,99% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1906443015-4026824225-2091223967-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CE9766D-D536-4271-A8B7-128B560E3643}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2688246B-28B2-42F2-9AC4-FE3DE410835F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{32D881F8-0AEE-43BE-A7A0-1CB54BB19409}" = rport=445 | protocol=6 | dir=out | app=system |
"{3BEF02A5-4B4D-4F32-B580-2E02B3B3F688}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F3DC233-07E3-4DAF-B114-4EDAF85A29F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42D0D057-B40E-4904-958E-062222A07C9E}" = lport=138 | protocol=17 | dir=in | app=system |
"{49E1651B-455A-48F6-BF67-83EA13C82D9E}" = rport=137 | protocol=17 | dir=out | app=system |
"{55CFBBEF-D76D-4CC6-8575-D8E893489E94}" = lport=445 | protocol=6 | dir=in | app=system |
"{5AA21062-7929-44CC-ADA6-6DB8C409D308}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F3F5204-9FAC-4638-8E0D-5159B8CDA606}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E2D3885-7ADE-4A97-BA66-3C4B82A8CC15}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E6CEA4A-F38A-4D01-BF3F-C7B73271F80A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{7ABBC39E-F44C-4A0E-B2F9-88D195E40DB3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9D93E5B6-FEF9-4A00-B0F5-53D981E6283A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD0E3CA0-BCBD-4EBD-A0C8-41050BAF742E}" = lport=137 | protocol=17 | dir=in | app=system |
"{B53D2D2C-7248-4D35-B4C7-D4A567F2DE83}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BA3D5676-08CA-46B0-964A-277F13E77773}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0A08A31-1FD5-466E-8922-9A22472AA9BC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C2E4DA94-BA94-4568-82C1-0090E4C53072}" = rport=138 | protocol=17 | dir=out | app=system |
"{C4AB9BDA-659B-4672-9748-4AB051FBF8A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C7DC8674-1C20-4128-BB42-EE2134C498AA}" = lport=139 | protocol=6 | dir=in | app=system |
"{EC086D23-67AC-4B35-BED5-B4B3ACE1AE5E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{F23B86B2-F49F-4576-ADF0-3017B4D6BCFD}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E36601-1105-4123-8787-62911A4237E8}" = protocol=6 | dir=in | app=d:\battlefield 3™\bf3.exe |
"{015E442F-DA7E-435C-8E16-172D3AEAB228}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\csnz\bin\cstrike-online.exe |
"{0250ACB3-B14E-4467-88BB-87CE50418A27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{02A6CC6C-47C4-4DCF-88B5-A04823F04975}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0CBB5049-17E2-4D63-AC19-8DD77C17B5C1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{195ABC2A-9BE4-460E-BC38-8C8505F1CDFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1E4787A8-BA8F-4585-9CF7-6525B4780F16}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{21042D1F-C4EF-4BCB-8A4F-BAFE1FADC5B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{21AB28EE-8843-498F-9CAF-A853FDC16198}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\evolvegame\bin64_steamretail\evolve.exe |
"{27CB053F-3D60-40F5-9B41-DEAC264EC942}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29DD768D-5AFA-4362-BB3E-0406DA68941F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2CC0764F-612D-42DB-98CB-5E727F182751}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2D8B4719-A571-4DC7-A463-2AD299AF4E15}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2FA50C59-D306-4AEB-90F0-01AD18BE9805}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{341DFE40-F27C-4A45-8EAB-050B589704B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3738748E-CB58-48B6-AB4B-9598FF99BB60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3826A978-BE10-47DA-A74B-D921382BC701}" = protocol=6 | dir=out | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"{38CC4CD8-8F05-46E5-9A78-3BBF503B5694}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5066641D-85A1-44FF-9F87-106EDC585FED}" = protocol=17 | dir=in | app=d:\crysis 3\bin32\crysis3.exe |
"{555136B4-91AD-4153-BB9D-FE2BD3C08F2D}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"{56586968-1E43-48C6-A291-C983F643EF58}" = protocol=6 | dir=in | app=d:\crysis 3\bin32\crysis3.exe |
"{5BAFCA67-2AEC-41DB-A373-05B0E2C7387F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BD9FA97-47FD-435F-B6DD-31137930D991}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5C14BC1D-DB4E-46FC-8CB6-4A3E7F2779EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\csnz\bin\cstrike-online.exe |
"{5C3B5EB2-4093-44E5-91FF-48665DB9AEB7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5DB64CE5-2CD2-4A22-B691-FE0ECA7085F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{60E10518-0874-4B4F-8923-B4926B4425CA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{62A46B09-9057-4B85-BD1E-BBFAF16CCE28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63F49844-705D-4350-8872-2FF578F47565}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"{68CD01C0-F458-414B-8409-76AC6FC04CBE}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"{6AFD0782-1041-414C-B24B-4B155DA91FAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E5DA103-35A3-44B6-A574-9FE8175F87EE}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"{85A501CD-797B-4FD5-8864-D6EB99EED768}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8E71C498-BD83-43F9-A310-01177948F9EB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{936D2FA0-E7B2-4B23-9DB0-04E78B9F3F25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A65E6D59-544C-4AE7-8E85-79BA1C179113}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\evolvegame\bin64_steamretail\evolve.exe |
"{A8FF8AF0-CDCD-4329-965F-D1185031C10C}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{AB57EC4A-0C9F-4B61-8A8D-6FDCDCB1D64C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF349CB2-508A-4C6C-8A2A-A733A99B75F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B56E66FE-681C-4759-849A-FE390103B85C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B626818D-6487-45B7-B026-7C6D6E493298}" = protocol=17 | dir=out | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"{B8A84F3E-71B0-4334-8F09-1A2314B72DC5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B8CB4436-47FF-425C-B5FD-689104B5FEE5}" = protocol=6 | dir=out | app=system |
"{BA2719C9-DDAC-45EE-8B1B-9F713A849A52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{C8A88838-B574-4336-85E2-6BF11AD0CEA1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C8FF0DAE-85E9-4268-8085-F35BE2B78C8B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D822502E-A91D-4B7A-BA53-3410CA7CFE40}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EED57439-E2D1-4400-AEA9-8D210139CF1E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{F3DD5D0A-91E7-446F-B469-78034C0825B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8C41105-7508-4CF0-B543-74C07456174F}" = protocol=17 | dir=in | app=d:\battlefield 3™\bf3.exe |
"TCP Query User{06D0A469-E92F-4F60-9706-D27ABACD17EA}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |
"TCP Query User{0E20ABA8-C408-4D2E-9F40-B85A54E39712}C:\users\user\downloads\igg-thehunteprimal\igg-thehunteprimal\game\thehunterprimal.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\igg-thehunteprimal\igg-thehunteprimal\game\thehunterprimal.exe |
"TCP Query User{0FAF317C-8BF9-4EEE-AEE4-7EA805784D80}C:\users\user\downloads\dead island riptide\deadislandgame_x86_rwdi.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\dead island riptide\deadislandgame_x86_rwdi.exe |
"TCP Query User{2F29E2E5-3B58-4B91-B63D-98886CEED7D2}C:\users\user\desktop\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
"TCP Query User{52534277-0DE1-4D1F-A543-DAE2AF97DC07}C:\program files (x86)\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"TCP Query User{53A9C84D-C886-4DA9-9C14-D7F005895AF9}C:\users\user\desktop\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left4dead2.exe |
"TCP Query User{65F45160-84B1-4A1F-9BA8-1B8D56A9F5B5}D:\outlast + dlc whistleblower\binaries\win64\olgame.exe" = protocol=6 | dir=in | app=d:\outlast + dlc whistleblower\binaries\win64\olgame.exe |
"TCP Query User{89D0B057-29B2-442F-94B5-15FDC7EFDD61}D:\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=d:\dead island\deadislandgame.exe |
"TCP Query User{8E01762A-D55D-4808-87F7-207A1D5554D9}C:\counter-strike 1.6\csko.exe" = protocol=6 | dir=in | app=c:\counter-strike 1.6\csko.exe |
"TCP Query User{AE56E441-C458-4B21-ADEF-D2599E622147}C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe |
"TCP Query User{BA87D6E2-E687-4C92-8BA6-E390F48C3F20}D:\steamlibrary\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe |
"TCP Query User{BEA1A87A-813A-44CC-BE13-0FBB8EE2A504}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe |
"TCP Query User{C4DBF7D6-22CC-45E7-A044-6D9A173D71F3}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"TCP Query User{D9E20E45-5A22-4FE1-A60D-44783011D140}C:\users\user\desktop\medal of honor pacific assault\mohpa.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\medal of honor pacific assault\mohpa.exe |
"TCP Query User{E98DF0CE-8A70-4E69-9EA5-8494511892FB}C:\program files\strogino cs portal\counter-strike global offensive\csgo.exe" = protocol=6 | dir=in | app=c:\program files\strogino cs portal\counter-strike global offensive\csgo.exe |
"UDP Query User{004D6A65-3144-4D0C-9209-ECC734DBDEFD}D:\steamlibrary\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe |
"UDP Query User{0CD98764-A623-4D5E-A7CA-94A3F4EE821F}C:\program files\strogino cs portal\counter-strike global offensive\csgo.exe" = protocol=17 | dir=in | app=c:\program files\strogino cs portal\counter-strike global offensive\csgo.exe |
"UDP Query User{17CB8C35-4051-42CE-B1F2-83D9028E6875}C:\counter-strike 1.6\csko.exe" = protocol=17 | dir=in | app=c:\counter-strike 1.6\csko.exe |
"UDP Query User{2F7C3B6A-4DD0-405C-BDEE-E489147D56EB}D:\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=d:\dead island\deadislandgame.exe |
"UDP Query User{3560BF05-AE7B-4C31-9307-2B16D2F910D1}C:\users\user\downloads\dead island riptide\deadislandgame_x86_rwdi.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\dead island riptide\deadislandgame_x86_rwdi.exe |
"UDP Query User{4663D105-95F6-4F8B-A6F6-0FF2A77AE4A3}D:\outlast + dlc whistleblower\binaries\win64\olgame.exe" = protocol=17 | dir=in | app=d:\outlast + dlc whistleblower\binaries\win64\olgame.exe |
"UDP Query User{471EEF41-1A96-44CF-9E2B-0841DCD91021}C:\users\user\desktop\medal of honor pacific assault\mohpa.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\medal of honor pacific assault\mohpa.exe |
"UDP Query User{5269CBF2-AD4B-404D-B4CC-F7EB99685743}C:\users\user\desktop\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
"UDP Query User{7341DF57-C5AD-4DD7-94D6-B1BFDDE8F9D6}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe |
"UDP Query User{82C050E4-AB3B-40DD-9D25-A0515BEFBBD4}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"UDP Query User{85D3EB30-213C-4AFC-A9F7-7FE93DE70CC3}C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe |
"UDP Query User{8C824122-0A62-4100-BF19-410AB032F8A2}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |
"UDP Query User{BDBCB797-363E-4D1E-AE0A-9330C4B3C474}C:\users\user\desktop\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left4dead2.exe |
"UDP Query User{C83EB0CD-F10A-4ADD-9AE0-5B2DC5797D95}C:\program files (x86)\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"UDP Query User{E9CE76CE-D1DC-443D-9993-9F2D64BF2ABA}C:\users\user\downloads\igg-thehunteprimal\igg-thehunteprimal\game\thehunterprimal.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\igg-thehunteprimal\igg-thehunteprimal\game\thehunterprimal.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02896948-D46A-3B60-9700-2A2BD94B729E}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23725 False
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.56336 False
"{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23026 False
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219
"{2DFD8316-9EF1-3210-908C-4CB61961C1AC}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.0 False
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 False
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 False
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 False
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 False
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 False
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 False
"{5CBC7592-303E-3F1B-AB4A-41BEE3D23391}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23829 False
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.59192 False
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.50727.42 False
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 False
"{7B50D081-E670-3B43-A460-0E2CDB5CE984}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23918
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.5570 False
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2010
"{90140000-002A-041B-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Slovak) 2010
"{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 False
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{A1C31BA5-5438-3A07-9EEE-A5FB2D0FDE36}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23506 False
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 False
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.51011 False
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 False
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000
"{AF4EC442-E1ED-31F1-B082-16F34FD6A97B}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23829 False
"{B0B194F8-E0CE-33FE-AA11-636428A4B73D}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23506 False
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovládač 3D Vision 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafický ovládač 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision radič ovládača 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Softvér systému s podporou technológie PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizácie NVIDIA 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovládač zvuku HD 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.50727.4053 False
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 False
"{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23026 False
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D04659D1-EB2D-3DE5-A833-837A623CCCF7}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.0 False
"{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 False
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 Redistributable - x64 10.0.30319 False
"{DFFEB619-5455-3697-B145-243D936DB95B}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23918
"{E993B27E-AB21-3C44-A472-39F1AD3CC78C}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23725 False
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148.0 False
"{f0cbd694-71ce-4391-9690-5da93b2f0445}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.57102 False
"{f45b48a7-f616-4211-b927-17cab6a96613}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.58298 False
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Steam App 10" = Counter-Strike
"WinRAR archiver" = WinRAR 5.30 (64-bitová verzia)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 False Eng
"{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23506 False
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False
"{1a63c099-febd-4eaf-83ad-a82ea4fdac49}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{1C8C353D-498B-3B8B-A3DC-41519413F733}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23725 False
"{1FDCBE13-B895-4E68-949A-975EA871BC34}" = Gothic 2 Gold
"{2af972c7-13b0-4978-92a8-fee26a4fb4e9}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False
"{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 False Eng
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = Lightshot-5.4.0.1
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 False Eng
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False
"{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{51adbf11-493f-431c-a862-967a0fae2944}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 False
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23506 False
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.4053 False
"{786416F8-46FB-4E44-B696-47E2F903D06C}" = YouTubeByClick
"{7c3d0734-5e24-446b-85ae-c610ee8eb53d}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 False Eng
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
"{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}" = LIVE gaming on Windows Runtime Version 1.0.6027
"{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}" = Skype Click to Call
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8BE670DF-EA47-3A15-88CC-00FFCA1FFA12}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23829 False
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2010
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{90140000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2010
"{90140000-0100-041B-0000-0000000FF1CE}" = Microsoft Office O MUI (Slovak) 2010
"{90140000-0101-041B-0000-0000000FF1CE}" = Microsoft Office X MUI (Slovak) 2010
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{9436D9AB-3BB9-3A1B-84AE-6F29B2098BD0}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23725 False
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
"{a15bc95a-8359-40e6-b4bc-5a219bcc492a}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918
"{a2199617-3609-410f-a8e8-e8806c73545b}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 False
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{b55f7208-e02b-4828-ac78-59c73ddf5bc7}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{B5FC62F5-A367-37A5-9FD2-A6E137C0096F}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23918
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BD9CFD69-EB91-354E-9C98-D439E6091932}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23918
"{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 False
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 False Eng
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False Eng
"{CE244E07-B58F-4140-806F-34FB0CDDE8CA}" = Medieval II Total War Kingdoms
"{D1495983-5903-358E-8C91-62A6731C1ED6}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23829 False
"{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1" = Mass Effect 2
"{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.57103 False
"{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 False Eng
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False
"{f0080ca2-80ae-4958-b6eb-e8fa916d744a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 False Eng
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.29
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False
"Adobe Flash Player NPAPI" = Adobe Flash Player 23 NPAPI
"Alan Wake American Nightmare_is1" = Alan Wake American Nightmare
"Alan Wake_is1" = Alan Wake
"Aliens vs. Predator_R.G. Mechanics_is1" = Aliens vs. Predator
"Avast" = Avast Free Antivirus
"BioShock Infinite - SK" = BioShock Infinite - SK
"BSPlayerf" = BS.Player FREE
"G2MDK" = Gothic II - Modification Development Kit
"Google Chrome" = Google Chrome
"GOTHIC2 - ADDON_RETURNING" = GOTHIC2 - ADDON_RETURNING
"GOTHIC2 - Návraty - 'Systémový balíček'" = GOTHIC2 - Návraty - 'Systémový balíček'
"GOTHIC2 - Noc Havrana - 'Systémový balíček'" = GOTHIC2 - Noc Havrana - 'Systémový balíček'
"Mozilla Firefox 49.0.2 (x86 sk)" = Mozilla Firefox 49.0.2 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OMUI.sk-sk" = Microsoft Office Language Pack 2010 - Slovak/Slovenčina
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Outlast + DLC Whistleblower_is1" = Outlast + DLC Whistleblower verze 1.0
"PROR" = Microsoft Office Professional 2007
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.95
"SafeZone 1.51.2220.62" = SafeZone Stable 1.51.2220.62
"State of Decay - Breakdown_is1" = State of Decay - Breakdown
"Steam" = Steam
"TSEV Skyrim LE_is1" = TSEV Skyrim LE

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1906443015-4026824225-2091223967-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Counter-Strike 1.6_is1" = Counter-Strike 1.6 v42
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24. 10. 2016 14:58:22 | Computer Name = User-PC | Source = VSS | ID = 8193
Description =

Error - 24. 10. 2016 14:58:22 | Computer Name = User-PC | Source = System Restore | ID = 8193
Description =

Error - 25. 10. 2016 12:04:22 | Computer Name = User-PC | Source = VSS | ID = 13
Description =

Error - 25. 10. 2016 12:04:22 | Computer Name = User-PC | Source = VSS | ID = 8193
Description =

Error - 25. 10. 2016 12:04:22 | Computer Name = User-PC | Source = VSS | ID = 13
Description =

Error - 25. 10. 2016 12:04:22 | Computer Name = User-PC | Source = VSS | ID = 8193
Description =

Error - 25. 10. 2016 12:04:22 | Computer Name = User-PC | Source = VSS | ID = 13
Description =

Error - 25. 10. 2016 12:04:22 | Computer Name = User-PC | Source = VSS | ID = 8193
Description =

Error - 26. 10. 2016 13:29:11 | Computer Name = User-PC | Source = VSS | ID = 13
Description =

Error - 26. 10. 2016 13:29:11 | Computer Name = User-PC | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 25. 7. 2016 4:39:37 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby NVIDIA Update Service Daemon zlyhalo kvôli nasledujúcej
chybe: %%1069

Error - 25. 7. 2016 12:33:32 | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
Description = Službe nvUpdatusService sa nepodarilo s aktuálne nakonfigurovaným
heslom prihlásiť ako .\UpdatusUser kvôli nasledujúcej chybe: %%1330 Ak chcete zabezpečiť
správne nakonfigurovanie služby, použite modul Služby konzoly MMC (Microsoft Management
Console).

Error - 25. 7. 2016 12:33:32 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby NVIDIA Update Service Daemon zlyhalo kvôli nasledujúcej
chybe: %%1069

Error - 26. 7. 2016 3:28:08 | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
Description = Službe nvUpdatusService sa nepodarilo s aktuálne nakonfigurovaným
heslom prihlásiť ako .\UpdatusUser kvôli nasledujúcej chybe: %%1330 Ak chcete zabezpečiť
správne nakonfigurovanie služby, použite modul Služby konzoly MMC (Microsoft Management
Console).

Error - 26. 7. 2016 3:28:08 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby NVIDIA Update Service Daemon zlyhalo kvôli nasledujúcej
chybe: %%1069

Error - 26. 7. 2016 6:43:11 | Computer Name = User-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 26. 7. 2016 13:07:39 | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
Description = Službe nvUpdatusService sa nepodarilo s aktuálne nakonfigurovaným
heslom prihlásiť ako .\UpdatusUser kvôli nasledujúcej chybe: %%1330 Ak chcete zabezpečiť
správne nakonfigurovanie služby, použite modul Služby konzoly MMC (Microsoft Management
Console).

Error - 26. 7. 2016 13:07:39 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby NVIDIA Update Service Daemon zlyhalo kvôli nasledujúcej
chybe: %%1069

Error - 27. 7. 2016 3:58:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
Description = Službe nvUpdatusService sa nepodarilo s aktuálne nakonfigurovaným
heslom prihlásiť ako .\UpdatusUser kvôli nasledujúcej chybe: %%1330 Ak chcete zabezpečiť
správne nakonfigurovanie služby, použite modul Služby konzoly MMC (Microsoft Management
Console).

Error - 27. 7. 2016 3:58:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby NVIDIA Update Service Daemon zlyhalo kvôli nasledujúcej
chybe: %%1069


< End of report >