VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu

https://forum.viry.cz:443/viewtopic.php?t=151318

Stránka 1 z 1

Prosím o kontrolu

Napsal: 03 úno 2017 17:33
od windyOMG
Ahoj, prosím o kontrolu. Díky

Logfile of random's system information tool 1.10 (written by random/random)
Run by Tomáš at 2017-02-03 16:47:27
Microsoft Windows 10 Home
System drive C: has 376 GB (79%) free of 476 GB
Total RAM: 8115 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:47:42, on 3. 2. 2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Tomáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\SysWoW64\ctfmon.exe
C:\WINDOWS\SysWoW64\ctfmon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
C:\WINDOWS\SysWoW64\ping.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\SysWoW64\ping.exe
C:\Program Files (x86)\Firefox\Firefox.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\WINDOWS\SysWoW64\cmd.exe
C:\Program Files (x86)\Spyware Terminator\STInternetGuard.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files (x86)\Tooleat\Application\chrome.exe
C:\Program Files\trend micro\Tomáš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amisites.com/?type=hp&ts=147 ... AAEL1AAEL1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amisites.com/?type=hp&ts=147 ... AAEL1AAEL1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amisites.com/?type=hp&ts=147 ... AAEL1AAEL1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amisites.com/?type=hp&ts=147 ... AAEL1AAEL1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Spyware Terminator 2015 Internet Guard - {82A76710-4F98-4957-92BE-99648A4E2475} - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Tomáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{9a48003a-678f-4ef5-bc26-0f3db97fab4a}: NameServer = 192.168.0.1
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: cktSvc - EVANGEL TECHNOLOGY (HK) LIMITED - C:\Program Files (x86)\Uncheckit\cktSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: ed2k idle service (ed2kidle) - http://www.amule.org/ - C:\Program Files (x86)\amuleC\ed2k.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Update Service(FirefoxU) (FirefoxU) - Unknown owner - C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: iSafeService - Unknown owner - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe (file missing)
O23 - Service: iThemes5 - Unknown owner - rundll32.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group, LLC - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE (SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: UncheckitSvc - evangel technology (hk) limited - C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe
O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12757 bytes

======Listing Processes======







winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\WINDOWS\system32\nvvsvc.exe"
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
rundll32 "C:\Program Files (x86)\Common Files\Services\iThemes.dll",fnde_svr
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
rundll32 "C:\Program Files (x86)\Common Files\Services\iThemes.dll",fnde_svr
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
dashost.exe {008c7315-bf1f-467a-9b65440dcbe1c4c1}
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files (x86)\Uncheckit\cktSvc.exe" {92E162D7-70FD-48F7-A779-91154F8FD518}
"C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
"C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe"

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
sihost.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe -Embedding
igfxEM.exe
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
igfxHK.exe
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
igfxTray.exe
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" XGpuTrayIcon"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Users\Tomáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe" "-launchedbyvulcan"
"fontdrvhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe" --onOSstartup=true --showwindow=false --waitForRegistration=true
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=renderer --disable-3d-apis --disable-pinch --no-sandbox --enable-deferred-image-decoding --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\locales" --log-file="C:\Users\TOM~1\AppData\Local\Temp\CreativeCloud\ACC\CEF.log" --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 CreativeCloud/3.7.0.271" --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-gpu-compositing --channel="8176.0.744317011\914240831" /prefetch:673131151
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe" "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\main.js"
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe"
"" "--start" "--register_port" "--address" "127.0.0.1" "--port" "49331" "--pause_on_user_switching" "--depend_on_key" "SYSTEM\CurrentControlSet\Services\ESRV_SVC_WILLAMETTE" "--depend_on_value" "run" "--time_in_ms" "--pause" "5000" "--library" "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll" "--no_pl" "--watchdog" "10" "--watchdog_cpu_usage_limit" "50" "--end_on_error" "--kernel_priority_boost" "--shutdown_priority_boost" "--device_options" " time=no output=no output_folder='C:\ProgramData\Intel\SUR\WILLAMETTE\IntelData\userlogs' limit_output_by=time output_limit=3600000 output_buffer=1024 il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll' "
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
C:\WINDOWS\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
ctfmon.exe
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
ctfmon.exe
taskhostw.exe
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe"
ctfmon.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.12.12200.0_x64__8wekyb3d8bbwe\Solitaire.exe" -ServerName:App.AppXx8xn0rs58sab7mvbtxgdhw97cpm1dzhb.mca
"C:\Program Files (x86)\Steam\Steam.exe"
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-cachedir=C:\Users\Tomáš\AppData\Local\Steam\htmlcache" "-steampid=8264" "-buildid=1484790260" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --disable-spell-checking --disable-out-of-process-pac --disable-smooth-scrolling --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=renderer --disable-gpu-compositing --disable-smooth-scrolling --enable-pinch --disable-databases --primordial-pipe-token=FC037E339147931D83948496331BE17F --lang=en-US --lang=en-US --log-file="C:\Program Files (x86)\Steam\bin\cef\cef.win7\debug.log" --product-version="Valve Steam Client" --disable-spell-checking --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --service-request-channel-token=FC037E339147931D83948496331BE17F --renderer-client-id=2 --mojo-platform-channel-handle=1840 /prefetch:1
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe" /NEWS
C:\WINDOWS\SysWoW64\svchost.exe -k ArcherGroupEx
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe" /SCHEDULESCAN /ELEVATED
"C:\WINDOWS\SysWoW64\ping.exe"
"C:\Program Files\WindowsApps\Microsoft.Getstarted_4.4.11.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe" -ServerName:App.AppXfnk9bthnhfphsh60kkmfah42r4x085da.mca
"C:\Program Files\WindowsApps\Microsoft.Office.PowerPoint_17.7766.42791.0_x64__8wekyb3d8bbwe\pptim.exe" -ServerName:microsoft.pptim.AppXha54ge0kmjpz5z8vpfx0g0g78v293rmy.mca
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
"C:\WINDOWS\SysWoW64\ping.exe"
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7766.57821.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /WAIT
"C:\WINDOWS\SysWoW64\ping.exe"
"C:\Program Files (x86)\Firefox\Firefox.exe"
C:\WINDOWS\SysWoW64\svchost.exe -k WinSAPSvc
C:\WINDOWS\SysWoW64\svchost.exe -k GubedZLGroupEx
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" http://www.amisites.com/?type=sc&ts=148 ... AAEL1AAEL1
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=gpu-process --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --supports-dual-gpus=false --gpu-driver-bug-workarounds=5,15,19,33,50,59 --gpu-vendor-id=0x8086 --gpu-device-id=0x0a16 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.15.4248 --gpu-driver-date=8-4-2015 --gpu-secondary-vendor-ids=0x10de --gpu-secondary-device-ids=0x1341 --mojo-application-channel-token=C8AEBC99388BBB7CCF9DC1E4C467B537 --mojo-platform-channel-handle=1336 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=AA01D46946A55D9C4A8BA842F59746F5 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=AA01D46946A55D9C4A8BA842F59746F5 --channel="15500.0.1856560902\1739355050" --mojo-platform-channel-handle=2356 /prefetch:1
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=B0A098AF3C8108A025E9BFC7A36E2B54 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=B0A098AF3C8108A025E9BFC7A36E2B54 --channel="15500.1.341411796\954818806" --mojo-platform-channel-handle=2592 /prefetch:1
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=68BE6CD63FEE09CFA1C923E4C304AC7F --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=68BE6CD63FEE09CFA1C923E4C304AC7F --channel="15500.3.533513666\645363269" --mojo-platform-channel-handle=2904 /prefetch:1
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=374E31E1144F8E90A7CD455BE2A659EC --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=374E31E1144F8E90A7CD455BE2A659EC --channel="15500.4.1161175425\177692503" --mojo-platform-channel-handle=2916 /prefetch:1
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=743BC63DFB1343E9D0B3C30E929FF158 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=743BC63DFB1343E9D0B3C30E929FF158 --channel="15500.5.67111418\619972772" --mojo-platform-channel-handle=2920 /prefetch:1
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=9725A09C986594C9964BC2FDDA752DC2 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=9725A09C986594C9964BC2FDDA752DC2 --channel="15500.6.612638699\1857126334" --mojo-platform-channel-handle=2932 /prefetch:1
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=2D3EF97DDAD7941C274B919FDF1046CA --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=2D3EF97DDAD7941C274B919FDF1046CA --channel="15500.7.17366404\1738732868" --mojo-platform-channel-handle=2944 /prefetch:1
C:\WINDOWS\system32\cmd.exe /c "C:\Program Files (x86)\Spyware Terminator\STInternetGuard.exe" --parent-window=0 chrome-extension://elbjpfdfllhaioofjgmiaekihidancnc/ < \\.\pipe\chrome.nativeMessaging.in.11e02278f0fef684 > \\.\pipe\chrome.nativeMessaging.out.11e02278f0fef684
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\Spyware Terminator\STInternetGuard.exe" --parent-window=0 chrome-extension://elbjpfdfllhaioofjgmiaekihidancnc/
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=EBB464F764BEF0FAA87A8C6A4F3A43CE --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=EBB464F764BEF0FAA87A8C6A4F3A43CE --channel="15500.10.749299988\1766105534" --mojo-platform-channel-handle=7352 /prefetch:1
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=ppapi-broker --lang=cs --device-scale-factor=1 --mojo-application-channel-token=EAE6D207A314AEDC03A20ED543183153 --mojo-platform-channel-handle=7668 /prefetch:4
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=D7A25EE2415D966534E352022827D3F0 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=D7A25EE2415D966534E352022827D3F0 --channel="15500.11.1694583166\171083321" --mojo-platform-channel-handle=8112 /prefetch:1
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=7FEECCEA677BCD38A6685F2992E81CFB --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=7FEECCEA677BCD38A6685F2992E81CFB --channel="15500.13.1427304497\472534861" --mojo-platform-channel-handle=8996 /prefetch:1
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=5ABD8E71448EF56517AA8D363B35AED9 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=5ABD8E71448EF56517AA8D363B35AED9 --channel="15500.16.1070612696\803553086" --mojo-platform-channel-handle=8852 /prefetch:1
"C:\Program Files (x86)\Tooleat\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=7A14C1FFE1B99FCA888BADD48DFBFE2B --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=7A14C1FFE1B99FCA888BADD48DFBFE2B --channel="15500.20.504099071\1179228883" --mojo-platform-channel-handle=7184 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe274_ Global\UsGthrCtrlFltPipeMssGthrPipe274 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 644 648 656 8192 652
C:\Windows\System32\smartscreen.exe -Embedding
"E:\rsit\RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~2\SPYWAR~1\STINTE~2.DLL [2016-04-09 2015976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04 255088]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL [2016-04-09 1257704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04 193136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04 255088]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04 193136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-18 14021336]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-04-28 1393880]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15 2398776]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-05 508128]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2016-06-15 1767760]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2016-04-09 5321448]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2016-04-09 5560040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2017-01-19 2881824]
"OneDrive"=C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-01-11 1517280]
"Spotify Web Helper"=C:\Users\Tomáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2016-12-11 1444976]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2016-04-04 4289728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"=C:\WINDOWS\system32\cmd.exe [2016-07-16 232960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-12-12 9080768]
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-06-08 2380480]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"SoftwareSASGeneration"=1
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe]
"Debugger="C:\Program Files (x86)\yesbnd\_ALLOWDEL_4cbf905\Gubed.exe -Yrrehs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-02-03 16:47:28 ----D---- C:\Program Files\trend micro
2017-02-03 16:47:27 ----D---- C:\rsit
2017-02-03 13:57:44 ----AD---- C:\Program Files (x86)\WinSnare(4.0.8)
2017-02-03 13:57:39 ----D---- C:\Program Files (x86)\amuleC3
2017-02-03 13:32:47 ----D---- C:\Program Files (x86)\yei2u61a
2017-01-26 00:12:02 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2017-01-26 00:11:52 ----A---- C:\WINDOWS\system32\poqexec.exe
2017-01-22 13:28:26 ----D---- C:\Program Files (x86)\ku0exy0x
2017-01-20 17:35:00 ----D---- C:\Program Files (x86)\MIO
2017-01-18 18:55:42 ----D---- C:\Users\Tomáš\AppData\Roaming\Mozilla
2017-01-18 18:55:42 ----D---- C:\Users\Tomáš\AppData\Roaming\Firefox
2017-01-18 18:55:29 ----AD---- C:\Program Files (x86)\Firefox
2017-01-18 16:36:06 ----D---- C:\Program Files (x86)\zu79ac08
2017-01-13 15:57:39 ----D---- C:\ProgramData\wintools
2017-01-13 15:56:18 ----A---- C:\WINDOWS\system32\drivers\asw38B2.tmp
2017-01-13 15:56:18 ----A---- C:\WINDOWS\system32\drivers\asw38A1.tmp
2017-01-13 15:56:18 ----A---- C:\WINDOWS\system32\drivers\asw3852.tmp
2017-01-13 15:56:18 ----A---- C:\WINDOWS\system32\drivers\asw3851.tmp
2017-01-13 15:56:18 ----A---- C:\WINDOWS\system32\drivers\asw3840.tmp
2017-01-13 15:56:18 ----A---- C:\WINDOWS\system32\drivers\asw3830.tmp
2017-01-13 15:56:18 ----A---- C:\WINDOWS\system32\drivers\asw381F.tmp
2017-01-13 15:56:18 ----A---- C:\WINDOWS\system32\drivers\asw37D0.tmp
2017-01-13 15:56:18 ----A---- C:\WINDOWS\system32\drivers\asw3781.tmp
2017-01-13 15:55:58 ----A---- C:\WINDOWS\system32\aswBoot.exe
2017-01-12 15:59:51 ----SD---- C:\WINDOWS\SYSWOW64\Microsoft
2017-01-11 19:43:40 ----HD---- C:\OneDriveTemp
2017-01-10 19:28:08 ----D---- C:\Users\Tomáš\AppData\Roaming\WinSnare
2017-01-10 19:27:15 ----D---- C:\Program Files (x86)\9t8m7li4

======List of files/folders modified in the last 1 month======

2017-02-03 16:47:41 ----D---- C:\WINDOWS\system32\drivers\etc
2017-02-03 16:47:28 ----RD---- C:\Program Files
2017-02-03 16:47:16 ----D---- C:\WINDOWS\Prefetch
2017-02-03 16:39:48 ----D---- C:\WINDOWS\Temp
2017-02-03 16:37:00 ----D---- C:\WINDOWS\system32\sru
2017-02-03 16:03:08 ----D---- C:\WINDOWS\AppReadiness
2017-02-03 16:02:16 ----D---- C:\WINDOWS\system32\SleepStudy
2017-02-03 15:38:52 ----D---- C:\Program Files (x86)\Steam
2017-02-03 14:02:42 ----RD---- C:\WINDOWS\Microsoft.NET
2017-02-03 13:57:47 ----SHD---- C:\WINDOWS\Installer
2017-02-03 13:57:46 ----RD---- C:\Program Files (x86)
2017-02-03 13:57:40 ----D---- C:\Users\Tomáš\AppData\Roaming\aMule
2017-02-03 13:57:39 ----D---- C:\ProgramData\WinSAPSvc
2017-02-03 13:33:30 ----D---- C:\Program Files (x86)\yesbnd
2017-02-02 23:11:07 ----D---- C:\ProgramData\Spyware Terminator
2017-02-02 23:04:45 ----SHD---- C:\System Volume Information
2017-02-02 23:01:26 ----D---- C:\WINDOWS\system32\config
2017-02-02 22:43:50 ----D---- C:\WINDOWS\CbsTemp
2017-02-02 22:41:53 ----D---- C:\WINDOWS\WinSxS
2017-02-02 15:12:07 ----HD---- C:\Program Files\WindowsApps
2017-01-28 11:15:01 ----D---- C:\WINDOWS\SysWOW64
2017-01-28 11:15:01 ----D---- C:\WINDOWS\System32
2017-01-28 11:14:18 ----D---- C:\WINDOWS\system32\catroot2
2017-01-22 14:08:35 ----D---- C:\WINDOWS\system32\Tasks
2017-01-18 19:15:23 ----D---- C:\Users\Tomáš\AppData\Roaming\Adobe
2017-01-13 15:57:39 ----HD---- C:\ProgramData
2017-01-13 15:56:35 ----D---- C:\WINDOWS\system32\drivers
2017-01-13 15:55:49 ----D---- C:\Windows
2017-01-13 15:55:45 ----D---- C:\Program Files (x86)\WinArcher
2017-01-13 15:55:42 ----D---- C:\Program Files (x86)\Gubed
2017-01-12 16:10:52 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-12 16:10:09 ----D---- C:\Program Files (x86)\Elex-tech
2017-01-11 20:55:48 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-01-09 22:37:33 ----D---- C:\WINDOWS\Minidump
2017-01-09 22:24:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-05 15:42:04 ----A---- C:\WINDOWS\SMSS-PFRO7f13.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2016-12-09 74544]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2016-12-12 293352]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2016-12-09 37144]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2016-12-09 103064]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2016-12-12 969184]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2016-12-12 513632]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-07-16 88576]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-07-16 8192]
R1 iSafeNetFilter;YAC NDIS Driver; C:\WINDOWS\system32\DRIVERS\iSafeNetFilter.sys [2016-05-19 52392]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2016-12-09 108816]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2016-12-09 163416]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2016-07-16 48128]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\WINDOWS\system32\DRIVERS\stflt.sys [2011-08-24 51496]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2016-07-16 78336]
R3 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2016-12-09 37656]
R3 athr;@athw8x.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\System32\drivers\athw8x.sys [2016-07-16 4233728]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2016-07-13 610336]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-08-20 84992]
R3 dtlitescsibus;@oem7.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2016-04-29 30264]
R3 dtliteusbbus;@oem0.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2016-04-29 47672]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-09-30 6278392]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2015-06-18 4496600]
R3 MEIx64;@oem15.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [2013-12-19 99288]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_fbc7deda49b2eaa9\nvlddmkm.sys [2016-09-20 14242872]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-06-15 28216]
R3 nvvad_WaveExtensible;@oem1.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2016-04-14 56384]
R3 rt640x64;@oem17.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-22 886528]
R3 RTSPER;@oem16.inf,%Rts5227PER%;Realtek PCIE Card Reader - PER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [2015-06-24 761600]
R3 semav6msr64;semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [2015-06-04 21984]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-07-16 105824]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-07-16 101216]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2016-07-16 58720]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2016-07-16 61792]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2016-07-16 32096]
S1 staport;staport; C:\WINDOWS\system32\drivers\staport.sys [2017-01-09 44952]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2016-07-16 9728]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2016-08-20 114176]
S3 BthLEEnum;@BthLEEnum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-09-15 249856]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2016-10-05 128512]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2016-11-11 967168]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-07-16 38912]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-09-10 118272]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-07-16 20480]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-07-16 50016]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-08-06 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2016-07-16 81408]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-07-16 176384]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2016-07-16 526176]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-11-13 51776]
S3 IntcDAud;@oem21.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-12-11 460048]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 iSafeKrnlBoot;YAC Boot Driver; C:\WINDOWS\system32\DRIVERS\iSafeKrnlBoot.sys [2016-05-23 55056]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-07-16 842584]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2016-07-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2016-07-16 928608]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2016-07-16 183808]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2016-07-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-07-16 50688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2017-01-19 2227312]
R2 Archer;Archer; C:\WINDOWS\SysWoW64\svchost.exe [2016-07-16 38792]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 cktSvc;cktSvc; C:\Program Files (x86)\Uncheckit\cktSvc.exe [2016-08-24 274152]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 ed2kidle;ed2k idle service; C:\Program Files (x86)\amuleC\ed2k.exe [2016-10-08 237568]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-06-15 1165368]
R2 GubedZL;GubedZL; C:\WINDOWS\SysWoW64\svchost.exe [2016-07-16 38792]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-09-30 370064]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-06-15 1881144]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2016-09-16 1364024]
R2 OneSyncSvc_5b001;Hostitel synchronizace_5b001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 ST2012_Svc;Spyware Terminator 2015 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2016-04-09 3269864]
R2 SystemUsageReportSvc_WILLAMETTE;Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [2015-11-25 112792]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2016-04-04 1443520]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
R3 iThemes5;iThemes5; rundll32 C:\Program Files (x86)\Common Files\Services\iThemes.dll,fnde_svr []
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R3 PimIndexMaintenanceSvc_5b001;Data kontaktů_5b001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-01-19 1464096]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-12-09 197128]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 CDPUserSvc_5b001;CDPUserSvc_5b001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2015-11-25 414360]
S2 FirefoxU;Update Service(FirefoxU); C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [2017-01-18 106160]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S2 iSafeService;iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe []
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-06-15 2522680]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-09-30 301976]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-07-16 93184]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-08-30 194032]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService_5b001;Služba zasílání zpráv_5b001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-06-15 3634232]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-09-07 1312768]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2016-07-16 287744]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S4 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]

-----------------EOF-----------------

Re: Prosím o kontrolu

Napsal: 04 úno 2017 19:59
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Prosím o kontrolu

Napsal: 04 úno 2017 20:59
od windyOMG
# AdwCleaner v6.043 - Log vytvořen 04/02/2017 v 20:46:59
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-03.2 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Tomáš - ***********
# Spuštěno z : C:\Users\Tomáš\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: iSafeKrnlBoot
[-] Služba smazána: iSafeNetFilter
[-] Služba smazána: iSafeService
[-] Služba smazána: sp_rsdrv2
[-] Služba smazána: UncheckitSvc
[-] Služba smazána: cktSvc
[-] Služba smazána: FirefoxU
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: ed2kidle
[-] Služba smazána: iThemes5
[-] Služba smazána: GubedZL
[-] Služba smazána: WinSnare


***** [ Složky ] *****

[-] Složka smazána: C:\Program Files (x86)\WinSnare(4.0.8)
[-] Složka smazána: C:\ProgramData\EwinpE
[-] Složka smazána: C:\ProgramData\jwinpj
[-] Složka smazána: C:\ProgramData\nwinpn
[-] Složka smazána: C:\ProgramData\OwinpO
[-] Složka smazána: C:\ProgramData\SwinpS
[-] Složka smazána: C:\ProgramData\uwinpu
[-] Složka smazána: C:\Users\Tomáš\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Složka smazána: C:\Users\Tomáš\AppData\Local\Tooleat
[-] Složka smazána: C:\Users\Tomáš\AppData\Roaming\eCyber
[-] Složka smazána: C:\Users\Tomáš\AppData\Roaming\Elex-tech
[-] Složka smazána: C:\Users\Tomáš\AppData\Roaming\Uncheckit
[-] Složka smazána: C:\Users\Tomáš\AppData\Roaming\aMule
[-] Složka smazána: C:\Users\Tomáš\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
[-] Složka smazána: C:\ProgramData\Uncheckit
[-] Složka smazána: C:\ProgramData\Tencent
[-] Složka smazána: C:\ProgramData\ChelfNotify
[-] Složka smazána: C:\ProgramData\uckt
[-] Složka smazána: C:\ProgramData\WinSAPSvc
[#] Složka smazána po restartu: C:\ProgramData\winsapsvc
[#] Složka smazána po restartu: C:\ProgramData\chelfnotify
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit
[-] Složka smazána: C:\Users\Public\Documents\eovOJeT
[-] Složka smazána: C:\Program Files (x86)\Elex-tech
[-] Složka smazána: C:\Program Files (x86)\QQBrowser
[-] Složka smazána: C:\Program Files (x86)\yesbnd
[-] Složka smazána: C:\Program Files (x86)\Uncheckit
[-] Složka smazána: C:\Program Files (x86)\TXQQBrowser
[-] Složka smazána: C:\Program Files (x86)\InterHop
[-] Složka smazána: C:\Program Files (x86)\WinArcher
[-] Složka smazána: C:\Program Files (x86)\UvConverter
[-] Složka smazána: C:\Program Files (x86)\amuleC
[#] Složka smazána po restartu: C:\Program Files (x86)\winarcher
[-] Složka smazána: C:\Program Files (x86)\amuleC1
[-] Složka smazána: C:\Program Files (x86)\Gubed_WMI
[-] Složka smazána: C:\Program Files (x86)\Gubed
[-] Složka smazána: C:\Program Files (x86)\Tooleat
[-] Složka smazána: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Uncheckit
[-] Složka smazána: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
[-] Složka smazána: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\aMule
[-] Složka smazána: C:\Users\Public\Documents\dmp
[-] Složka smazána: C:\Program Files (x86)\Firefox
[-] Složka smazána: C:\ProgramData\WinTools
[#] Složka smazána po restartu: C:\Users\Tomáš\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Program Files (x86)\MIO


***** [ Soubory ] *****

[-] Soubor smazán: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazán: C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
[-] Soubor smazán: C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys
[-] Soubor smazán: C:\Program Files (x86)\Common Files\SERVICES\ITHEMES.DLL
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****

[-] Zástupce vyléčen: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
[-] Zástupce vyléčen: C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\Tomáš\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce vyléčen: C:\Users\Tomáš\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk


***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Browser Updater Task(Core)
[-] Úloha smazána: Browser Updater Task(Core)
[-] Úloha smazána: UncheckitTaskMN
[-] Úloha smazána: Nimeckreelule Log
[-] Úloha smazána: WinTOOL
[-] Úloha smazána: Milimili


***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.001
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.z
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Klíč smazán: HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán: HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč smazán: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\Software\Uncheckit
[-] Klíč smazán: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč smazán: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\Software\WinSnare
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Klíč smazán po restartu: HKCU\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Klíč smazán po restartu: HKCU\Software\Uncheckit
[#] Klíč smazán po restartu: HKCU\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Klíč smazán po restartu: HKCU\Software\WinSnare
[-] Klíč smazán: HKLM\SOFTWARE\Elex-tech
[-] Klíč smazán: HKLM\SOFTWARE\hdcode
[-] Klíč smazán: HKLM\SOFTWARE\qkseeSvc
[-] Klíč smazán: HKLM\SOFTWARE\qksee
[-] Klíč smazán: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Klíč smazán: HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
[-] Klíč smazán: HKLM\SOFTWARE\Uncheckit
[-] Klíč smazán: HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\WinZiper
[-] Klíč smazán: HKLM\SOFTWARE\WinSaberSvc
[-] Klíč smazán: HKLM\SOFTWARE\InterHop
[-] Klíč smazán: HKLM\SOFTWARE\WinArcher
[-] Klíč smazán: HKLM\SOFTWARE\amule-custom
[-] Klíč smazán: HKLM\SOFTWARE\mylucky123Software
[-] Klíč smazán: HKLM\SOFTWARE\UvConverter
[-] Klíč smazán: HKLM\SOFTWARE\amisitesSoftware
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19539992-061C-4E8B-9053-07B175303AF4}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}
[-] Klíč smazán: HKLM\SOFTWARE\CLIENTS\Corner Sunshine
[#] Klíč smazán po restartu: [x64] HKCU\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Uncheckit
[#] Klíč smazán po restartu: [x64] HKCU\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Klíč smazán po restartu: [x64] HKCU\Software\WinSnare
[-] Klíč smazán: [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\CLIENTS\Corner Sunshine
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C767D9D7BB3F9C4B839FF09B6C80DCF
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4EE2F0310EBEC29A0C48C035C43786AA
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2A47D6F1D42DD81A292C027724D291
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
[-] Data obnovena: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Klíč smazán: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nuesearch.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.nuesearch.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nuesearch.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.nuesearch.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Hodnota smazána: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [18302 Bajty] - [04/02/2017 20:46:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [19328 Bajty] - [04/02/2017 20:38:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [18450 Bajty] ##########

Re: Prosím o kontrolu

Napsal: 04 úno 2017 22:18
od Rudy
Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=30&t=133101 .

Re: Prosím o kontrolu

Napsal: 04 úno 2017 22:51
od windyOMG
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Tomáš (administrator) on FATTYPILLOW (04-02-2017 22:41:59)
Running from C:\Users\Tomáš\Desktop
Loaded Profiles: Tomáš (Available Profiles: Tomáš)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Spotify Ltd) C:\Users\Tomáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\Tomáš\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [5321448 2016-04-09] (Crawler Group, LLC)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [5560040 2016-04-09] (Crawler Group, LLC)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-12] (AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\...\Run: [Spotify Web Helper] => C:\Users\Tomáš\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-11] (Spotify Ltd)
HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-18\...\RunOnce: [Application Restart #2] => C:\Windows\System32\ctfmon.exe ctfmon.exe
IFEO\MRT.exe: [Debugger] C:\Program Files (x86)\yesbnd\_ALLOWDEL_4cbf905\Gubed.exe -Yrrehs
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-09] (AVAST Software)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A0D0A2320756E636865636B69745F626567==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2016-04-09] (Crawler Group, LLC)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04] (Google Inc.)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll [2016-04-09] (Crawler Group, LLC)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04] (Google Inc.)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001 -> hxxp://www.nuesearch.com/?type=hp&ts=146670494 ... AAEL1AAEL1

FireFox:
========
FF DefaultProfile: jaqb7ey5.default
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\Firefox\Firefox\Profiles\jaqb7ey5.default [2017-02-03]
FF Homepage: Firefox\Firefox\Profiles\jaqb7ey5.default -> google.com
FF Extension: (SimilarWeb) - C:\Users\Tomáš\AppData\Roaming\Firefox\Firefox\Profiles\jaqb7ey5.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-02-03] [not signed]
FF Extension: (FF Adr) - C:\Users\Tomáš\AppData\Roaming\Firefox\Firefox\Profiles\jaqb7ey5.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-01-18] [not signed]
FF Extension: (English (US) Language Pack) - C:\Users\Tomáš\AppData\Roaming\Firefox\Firefox\Profiles\jaqb7ey5.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-01-18] [not signed]
FF SearchPlugin: C:\Users\Tomáš\AppData\Roaming\Firefox\Firefox\Profiles\jaqb7ey5.default\searchplugins\searchinme.xml [2017-01-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-13]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default [2017-02-04]
CHR Extension: (Prezentace Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-03]
CHR Extension: (Dokumenty Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-03]
CHR Extension: (Disk Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-03]
CHR Extension: (YouTube) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-03]
CHR Extension: (Avast SafePrice) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-02-03]
CHR Extension: (Tabulky Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-03]
CHR Extension: (Avast Online Security) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-03]
CHR Extension: (Gmail) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-03]
CHR Extension: (Chrome Media Router) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-09] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370064 2015-09-30] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3269864 2016-04-09] (Crawler Group, LLC)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-11-25] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-12-09] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-12-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-12-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-12-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-12-12] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-12] (AVAST Software)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-04-29] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-04-29] (Disc Soft Ltd)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_fbc7deda49b2eaa9\nvlddmkm.sys [14242872 2016-09-20] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-24] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S2 sp_rsdrv2; C:\WINDOWS\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 22:41 - 2017-02-04 22:42 - 00028496 _____ C:\Users\Tomáš\Desktop\FRST.txt
2017-02-04 22:40 - 2017-02-04 22:41 - 00000000 ____D C:\FRST
2017-02-04 22:39 - 2017-02-04 22:40 - 00112640 _____ (forum.viry.cz) C:\Users\Tomáš\Desktop\FRSTLauncher.exe
2017-02-04 22:37 - 2017-02-04 22:37 - 00112640 _____ (forum.viry.cz) C:\Users\Tomáš\Downloads\Nepotvrzeno 856152.crdownload
2017-02-04 22:36 - 2017-02-04 22:36 - 00112640 _____ (forum.viry.cz) C:\Users\Tomáš\Downloads\Nepotvrzeno 103337.crdownload
2017-02-04 22:29 - 2017-02-04 22:29 - 02420736 _____ (Farbar) C:\Users\Tomáš\Desktop\FRST64.exe
2017-02-04 20:18 - 2017-02-04 20:46 - 00000000 ____D C:\AdwCleaner
2017-02-04 20:11 - 2017-02-04 20:18 - 04015056 _____ C:\Users\Tomáš\Desktop\adwcleaner_6.043.exe
2017-02-04 18:03 - 2017-02-04 18:48 - 718887164 _____ C:\Users\Tomáš\Downloads\Zhasni-a-zemřeš-(2016)-(CZ-dabing).avi
2017-02-03 21:26 - 2017-02-03 21:26 - 00000000 ___HD C:\OneDriveTemp
2017-02-03 21:12 - 2017-02-03 21:12 - 00000772 _____ C:\WINDOWS\SysWOW64\ping.cfg
2017-02-03 18:05 - 2017-02-04 21:39 - 00002340 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-03 18:02 - 2017-02-03 18:02 - 01129376 _____ (Google Inc.) C:\Users\Tomáš\Downloads\ChromeSetup(2).exe
2017-02-03 17:59 - 2017-02-03 17:59 - 01129376 _____ (Google Inc.) C:\Users\Tomáš\Downloads\ChromeSetup(1).exe
2017-02-03 17:40 - 2017-02-03 17:40 - 00001126 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2017-02-03 17:40 - 2017-02-03 17:40 - 00000000 ____D C:\Users\Tomáš\AppData\Local\VS Revo Group
2017-02-03 17:40 - 2017-02-03 17:40 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-02-03 17:40 - 2017-02-03 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-02-03 17:40 - 2017-02-03 17:40 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-03 17:40 - 2016-12-16 08:53 - 00040984 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2017-02-03 16:47 - 2017-02-03 16:47 - 00000000 ____D C:\rsit
2017-02-03 16:47 - 2017-02-03 16:47 - 00000000 ____D C:\Program Files\trend micro
2017-02-03 13:57 - 2017-02-03 13:57 - 00000000 ____D C:\Program Files (x86)\amuleC3
2017-02-03 13:32 - 2017-02-03 13:33 - 00000000 ____D C:\Program Files (x86)\yei2u61a
2017-02-02 22:24 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-02-02 22:24 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-02-02 22:24 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-02-02 22:24 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-02-02 22:24 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-02-02 22:24 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-02-02 22:24 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-02-02 22:24 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-02-02 22:24 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-02-02 22:24 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-02-02 22:24 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-02-02 22:24 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-02-02 22:24 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-02-02 22:24 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-02-02 22:24 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-02-02 22:24 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-02-02 22:24 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-02-02 22:24 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-02-02 22:24 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-02-02 22:24 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-02-02 22:24 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-02-02 22:24 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-02-02 22:24 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-02-02 22:24 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-02-02 22:24 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-02-02 22:24 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-02-02 22:24 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-02-02 22:24 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-02-02 22:24 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-02-02 22:24 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-02-02 22:24 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-02-02 22:24 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-02-02 22:24 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-02-02 22:24 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-02-02 22:24 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-02-02 22:24 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-02-02 22:24 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-02-02 22:24 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-02-02 22:24 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-02-02 22:24 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-02-02 22:24 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-02-02 22:24 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-02-02 22:24 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-02-02 22:24 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-02-02 22:24 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-02-02 22:24 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-02-02 22:24 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-02-02 22:24 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-02-02 22:24 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-02-02 22:24 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-02-02 22:24 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-02-02 22:24 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-02-02 22:24 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-02-02 22:24 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-02-02 22:24 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-02-02 22:24 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-02-02 22:24 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-02-02 22:24 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-02-02 22:24 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-02-02 22:23 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-02-02 22:23 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-02-02 22:23 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-02-02 22:23 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-02-02 22:23 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-02-02 22:23 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-02-02 22:23 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-02-02 22:23 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-02-02 22:23 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-02-02 22:23 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-02-02 22:23 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-02-02 22:23 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-02-02 22:23 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-02-02 22:23 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-02-02 22:23 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-02-02 22:23 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-02-02 22:23 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-02-02 22:23 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-02-02 22:23 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-02-02 22:23 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-02-02 22:23 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-02-02 22:23 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-02-02 22:23 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-02-02 22:23 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-02-02 22:23 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-02-02 22:23 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-02-02 22:23 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-02-02 22:23 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-02-02 22:23 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-02-02 22:23 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-02-02 22:23 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-02-02 22:23 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-02-02 22:23 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-02-02 22:23 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-02-02 22:23 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-02-02 22:23 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-02-02 22:23 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-02-02 22:23 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-02-02 22:23 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-02-02 22:23 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-02-02 22:23 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-02-02 22:23 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-02-02 22:23 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-02-02 22:23 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-02-02 22:23 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-02-02 22:23 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-02-02 22:23 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-02-02 22:23 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-02-02 22:23 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-02-02 22:23 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-02-02 22:23 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-02-02 22:23 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-02-02 22:23 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-02-02 22:23 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-02-02 22:23 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-02-02 22:23 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-02-02 22:23 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-02-02 22:23 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-02-02 22:23 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-02-02 22:23 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-02-02 22:23 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-02-02 22:23 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-02-02 22:23 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-02-02 22:23 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-02-02 22:23 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-02-02 22:23 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-02-02 22:23 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-02-02 22:23 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-02-02 22:23 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-02-02 22:23 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-02-02 22:23 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-02-02 22:23 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-02-02 22:23 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-02-02 22:23 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-02-02 22:23 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-02-02 22:23 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-02-02 22:23 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-02-02 22:23 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-02-02 22:23 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-02 22:23 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-02-02 22:23 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-02-02 22:23 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-02-02 22:23 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-02-02 22:23 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-02 22:23 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-02-02 22:23 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-02-02 22:23 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-02-02 22:23 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-02-02 22:23 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-02-02 22:23 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-02-02 22:23 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-02-02 22:23 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-02-02 22:23 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-02-02 22:23 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-02-02 22:23 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-02-02 22:23 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-02-02 22:23 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-02-02 22:23 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-02-02 22:23 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-02-02 22:23 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-02-02 22:23 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-02-02 22:23 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-02-02 22:23 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-02-02 22:23 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-02-02 22:23 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-02-02 22:13 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-02-02 22:12 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-26 00:12 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-26 00:11 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-22 13:28 - 2017-01-22 13:28 - 00000000 ____D C:\Program Files (x86)\ku0exy0x
2017-01-18 18:55 - 2017-02-03 13:42 - 00000000 ____D C:\Users\Tomáš\AppData\LocalLow\Mozilla
2017-01-18 18:55 - 2017-01-18 18:55 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-18 18:55 - 2017-01-18 18:55 - 00002007 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-18 18:55 - 2017-01-18 18:55 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Mozilla
2017-01-18 18:55 - 2017-01-18 18:55 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Firefox
2017-01-18 18:55 - 2017-01-18 18:55 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Firefox
2017-01-18 16:36 - 2017-01-18 16:39 - 00000000 ____D C:\Program Files (x86)\zu79ac08
2017-01-13 15:55 - 2017-02-03 21:17 - 00000000 ____D C:\Users\Tomáš\AppData\Local\1
2017-01-13 15:55 - 2016-12-09 19:27 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-01-13 15:52 - 2017-02-03 21:17 - 00000000 ____D C:\Users\Tomáš\AppData\Local\0
2017-01-10 19:27 - 2017-01-10 19:28 - 00000000 ____D C:\Program Files (x86)\9t8m7li4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 22:33 - 2016-09-04 17:07 - 00000000 ____D C:\Users\Tomáš\AppData\LocalLow\Spyware Terminator
2017-02-04 21:39 - 2015-08-30 16:38 - 00002352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 21:38 - 2016-08-16 00:22 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-04 20:54 - 2016-07-16 23:25 - 00964534 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-04 20:54 - 2016-07-16 23:25 - 00236362 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-04 20:54 - 2016-02-18 23:02 - 02443934 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-04 20:53 - 2015-08-31 10:39 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-04 20:53 - 2015-08-30 16:37 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Google
2017-02-04 20:52 - 2015-08-30 16:26 - 00000000 ___RD C:\Users\Tomáš\OneDrive
2017-02-04 20:51 - 2016-08-16 00:24 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-04 20:51 - 2015-08-30 16:40 - 00000000 __SHD C:\Users\Tomáš\IntelGraphicsProfiles
2017-02-04 20:50 - 2016-09-04 17:07 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2017-02-04 20:50 - 2016-08-16 00:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-04 20:49 - 2016-08-16 00:28 - 00000000 ____D C:\Users\Tomáš
2017-02-04 20:49 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-04 20:46 - 2016-05-09 18:03 - 00001041 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-02-04 20:46 - 2016-05-06 14:46 - 00000000 ____D C:\WINDOWS\system32\log
2017-02-04 20:21 - 2015-09-18 12:29 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Adobe
2017-02-03 21:29 - 2016-08-16 00:41 - 00004012 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1462813391
2017-02-03 21:29 - 2016-05-09 18:03 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-03 21:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-03 21:23 - 2015-09-08 14:58 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-03 21:21 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-03 21:17 - 2016-08-16 00:22 - 04863680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-03 21:15 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-03 21:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-02-03 21:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-03 21:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-02-03 21:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-02-03 21:12 - 2015-09-29 14:53 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\uTorrent
2017-02-03 20:13 - 2016-10-12 18:17 - 00000000 ____D C:\Users\Tomáš\AppData\Local\CrashDumps
2017-02-03 18:05 - 2015-08-30 16:37 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-03 03:56 - 2016-08-16 00:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-02-02 23:11 - 2016-12-22 19:27 - 00000000 ____D C:\ProgramData\Spyware Terminator
2017-02-02 22:43 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-02 15:12 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-18 19:15 - 2015-08-30 16:20 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Adobe
2017-01-13 15:57 - 2016-03-24 15:35 - 00001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-01-13 15:57 - 2016-03-24 15:35 - 00001971 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-01-13 15:56 - 2016-08-31 17:07 - 00044952 _____ () C:\WINDOWS\system32\Drivers\staport.sys
2017-01-13 15:56 - 2016-08-16 00:41 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-01-11 20:55 - 2015-09-06 14:49 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 19:43 - 2016-12-06 18:24 - 00003282 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-11 19:43 - 2016-02-19 14:03 - 00002436 _____ C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-09 22:37 - 2016-09-08 17:32 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-09 22:12 - 2016-01-03 18:02 - 651703347 _____ C:\WINDOWS\MEMORY.DMP

==================== Files in the root of some directories =======

2016-07-28 12:21 - 2016-08-23 08:02 - 0143080 _____ () C:\Program Files (x86)\SSFK.exe
2016-08-16 00:25 - 2016-08-16 00:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-12-15 21:31 - 2016-12-15 21:31 - 2964472 _____ (Google) C:\Users\Tomáš\AppData\Local\Temp\19D5.exe
2017-02-03 13:38 - 2017-02-03 13:38 - 3078648 _____ (Google) C:\Users\Tomáš\AppData\Local\Temp\530F.exe
2016-12-30 21:36 - 2016-12-30 21:36 - 2964472 _____ (Google) C:\Users\Tomáš\AppData\Local\Temp\7A0C.exe
2016-12-01 21:31 - 2016-12-01 21:31 - 2956792 _____ (Google) C:\Users\Tomáš\AppData\Local\Temp\B620.exe
2016-12-23 21:36 - 2016-12-23 21:36 - 2964472 _____ (Google) C:\Users\Tomáš\AppData\Local\Temp\D0B0.exe
2017-02-03 18:14 - 2017-02-03 18:14 - 3078648 _____ (Google) C:\Users\Tomáš\AppData\Local\Temp\E2BF.exe
2017-01-13 15:55 - 2017-01-22 14:08 - 26645720 _____ () C:\Users\Tomáš\AppData\Local\Temp\inst12.exe
2016-08-17 11:34 - 2015-07-02 21:36 - 0098760 _____ () C:\Users\Tomáš\AppData\Local\Temp\LMkRstPt.exe
2016-12-28 23:12 - 2016-12-28 23:12 - 0788480 _____ () C:\Users\Tomáš\AppData\Local\Temp\~ct13E0.tmp.dll
2016-12-23 14:30 - 2016-12-23 14:30 - 0792064 _____ (Fun Dw) C:\Users\Tomáš\AppData\Local\Temp\~ct6035.tmp.dll
2017-01-05 21:43 - 2017-01-05 21:43 - 0361472 _____ (update) C:\Users\Tomáš\AppData\Local\Temp\~ct6A83.tmp.dll
2016-12-28 17:32 - 2016-12-28 17:32 - 0792064 _____ (Fun Dw) C:\Users\Tomáš\AppData\Local\Temp\~ct794F.tmp.dll
2017-01-05 15:42 - 2017-01-05 15:42 - 0361472 _____ (update) C:\Users\Tomáš\AppData\Local\Temp\~ct80C4.tmp.dll
2017-01-03 20:57 - 2017-01-03 20:57 - 0471552 _____ () C:\Users\Tomáš\AppData\Local\Temp\~ct81DC.tmp.dll
2016-12-27 15:33 - 2016-12-27 15:33 - 0788480 _____ () C:\Users\Tomáš\AppData\Local\Temp\~ct8A05.tmp.dll
2017-01-03 20:43 - 2017-01-03 20:43 - 0471552 _____ () C:\Users\Tomáš\AppData\Local\Temp\~ctCC42.tmp.dll
2016-12-23 13:34 - 2016-12-23 13:34 - 0792064 _____ (Fun Dw) C:\Users\Tomáš\AppData\Local\Temp\~ctE30E.tmp.dll
2016-12-30 18:49 - 2016-12-30 18:49 - 0461824 _____ () C:\Users\Tomáš\AppData\Local\Temp\~ctECDA.tmp.dll
2016-12-21 15:03 - 2016-12-21 15:03 - 0784384 _____ (Fun Dw) C:\Users\Tomáš\AppData\Local\Temp\~ctECED.tmp.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Tom ç\Desktop" je 8 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

Re: Prosím o kontrolu

Napsal: 05 úno 2017 11:39
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
IFEO\MRT.exe: [Debugger] C:\Program Files (x86)\yesbnd\_ALLOWDEL_4cbf905\Gubed.exe -Yrrehs
GroupPolicy: Restriction <======= ATTENTION
0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A0D0A2320756E636865636B69745F626567
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... L1AAEL1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... L1AAEL1&q={searchTerms}
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04] (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
C:\Program Files (x86)\ku0exy0x
C:\Program Files (x86)\zu79ac08
C:\Program Files (x86)\9t8m7li4
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Program Files (x86)\SSFK.exe
C:\ProgramData\DP45977C.lfl
C:\Users\Tomáš\AppData\Local\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Prosím o kontrolu

Napsal: 05 úno 2017 15:33
od windyOMG
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Tomáš (05-02-2017 15:19:30) Run:1
Running from C:\Users\Tomáš\Desktop
Loaded Profiles: Tomáš (Available Profiles: Tomáš)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
IFEO\MRT.exe: [Debugger] C:\Program Files (x86)\yesbnd\_ALLOWDEL_4cbf905\Gubed.exe -Yrrehs
GroupPolicy: Restriction <======= ATTENTION
0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A0D0A2320756E636865636B69745F626567
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... L1AAEL1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... L1AAEL1&q={searchTerms}
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-2336630228-3131028875-1260933265-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04] (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
C:\Program Files (x86)\ku0exy0x
C:\Program Files (x86)\zu79ac08
C:\Program Files (x86)\9t8m7li4
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Program Files (x86)\SSFK.exe
C:\ProgramData\DP45977C.lfl
C:\Users\Tomáš\AppData\Local\Temp

EmptyTemp:
End


*****************

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MRT.exe => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A0D0A2320756E636865636B69745F626567 => Error: No automatic fix found for this entry.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully
HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-2336630228-3131028875-1260933265-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\Program Files (x86)\Google\Google Toolbar => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
C:\Program Files (x86)\ku0exy0x => moved successfully
C:\Program Files (x86)\zu79ac08 => moved successfully
C:\Program Files (x86)\9t8m7li4 => moved successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Program Files (x86)\SSFK.exe => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\Tomáš\AppData\Local\Temp" folder move:

Could not move "C:\Users\Tomáš\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 52999824 B
Java, Flash, Steam htmlcache => 18066070 B
Windows/system/drivers => 241728707 B
Edge => 3226978 B
Chrome => 560611203 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 266776 B
NetworkService => 1996370 B
Tomáš => 35584012589 B

RecycleBin => 915998759 B
EmptyTemp: => 34.8 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-02-2017 15:29:25)

C:\Users\Tomáš\AppData\Local\Temp => moved successfully

==== End of Fixlog 15:29:31 ====

Re: Prosím o kontrolu

Napsal: 05 úno 2017 17:44
od Rudy
OK. Log by již měl být čistý.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz