Dobrý den,
přes cloud jsem se připojoval na sloužku, kde byly soubory napadené Cerberem. ESET mi nic nehlásí. Přesto prosím o preventivku.
Děkuji.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2017
Ran by Ondřej (administrator) on NTB (27-02-2017 14:26:05)
Running from C:\Users\Ondřej\Downloads
Loaded Profiles: Ondřej (Available Profiles: Ondřej & UpdatusUser & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Google) C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\SwReporter\16.91.1\software_reporter_tool.exe
(Google) C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\SwReporter\16.91.1\software_reporter_tool.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533568 2012-08-23] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1762456 2016-10-01] (Lavasoft)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-09-13]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-10-01] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-10-01] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-10-01] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-10-01] (Lavasoft Limited)
Winsock: Catalog9 18 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-10-01] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-10-01] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-10-01] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-10-01] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-10-01] (Lavasoft Limited)
Winsock: Catalog9-x64 18 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-10-01] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 217.170.96.24 217.170.96.2 192.168.22.1
Tcpip\..\Interfaces\{8680d25c-04a7-4291-a79b-e558cd0be22a}: [DhcpNameServer] 217.170.96.24 217.170.96.2 192.168.22.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?l=dis&o=14469
SearchScopes: HKU\S-1-5-21-959826868-2704866173-1510423850-1002 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10011_pdf_cnet_partner_161001__yaie&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-17] (Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FireFox:
========
FF ProfilePath: C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 [2017-02-27]
FF NewTab: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> Seznam
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> Seznam
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> Seznam
FF Homepage: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> hxxps://www.seznam.cz/?clid=22668
FF Keyword.URL: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777\features\{14f6700f-65b0-40b6-8d34-14a5dd9c8e1f}\disableSHA1rollout@mozilla.org.xpi [2017-02-26]
FF SearchPlugin: C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777\searchplugins\seznam-avast.xml [2017-01-01]
FF SearchPlugin: C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777\searchplugins\yahoo-lavasoft.xml [2016-10-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-28] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-28] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-959826868-2704866173-1510423850-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ondřej\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-13] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=14341 ... X82NYT0EJT
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006"
CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> hxxps://www.google.com/complete/search?client=c ... earchTerms}
CHR Profile: C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default [2017-02-27]
CHR Extension: (Prezentace Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-08]
CHR Extension: (Dokumenty Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-08]
CHR Extension: (Disk Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-02-27]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-02-27]
CHR Extension: (YouTube) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09]
CHR Extension: (Vyhledávání Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-09]
CHR Extension: (Tabulky Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-02-27]
CHR Extension: (Gmail) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]
Opera:
=======
OPR StartupUrls:
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-24] (Acer Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2771848 2016-11-30] (ESET)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-10] (ELAN Microelectronics Corp.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-10-01] (Lavasoft Limited)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-13] (Dritek System INC.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25240 2016-10-01] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2015-02-20] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [262792 2016-11-30] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-06-28] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [197248 2016-11-30] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [153216 2016-11-30] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [208520 2016-11-30] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [61568 2016-11-30] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [84616 2016-11-30] (ESET)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9934c34dc6ca0c4b\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-13] (Dritek System Inc.)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-27 14:26 - 2017-02-27 14:34 - 00025862 _____ C:\Users\Ondřej\Downloads\FRST.txt
2017-02-27 14:25 - 2017-02-27 14:26 - 00000000 ____D C:\FRST
2017-02-27 14:24 - 2017-02-27 14:25 - 02423296 _____ (Farbar) C:\Users\Ondřej\Downloads\FRST64.exe
2017-02-20 17:19 - 2017-02-20 17:19 - 04481590 _____ C:\Users\Ondřej\Downloads\Nový Prezentace aplikace Microsoft PowerPoint.pptx
2017-02-19 17:37 - 2017-02-19 17:37 - 01274552 _____ (Microsoft Corporation) C:\Users\Ondřej\Downloads\NetFxRepairTool.exe
2017-02-19 17:30 - 2017-02-19 17:30 - 01424328 _____ (Microsoft Corporation) C:\Users\Ondřej\Downloads\NDP461-KB3102438-Web.exe
2017-02-19 17:21 - 2017-02-19 17:21 - 00267445 _____ C:\Users\Ondřej\Downloads\dotnetfx_cleanup_tool.zip
2017-02-19 17:21 - 2017-02-19 17:21 - 00000000 ____D C:\Users\Ondřej\Downloads\dotnetfx_cleanup_tool
2017-02-19 10:15 - 2017-02-19 10:15 - 00710981 _____ C:\Users\Ondřej\Downloads\Opereta.pptx
2017-02-08 14:18 - 2017-02-08 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 05:38 - 2017-02-07 05:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-05 10:22 - 2017-02-05 10:29 - 122003489 _____ C:\Users\Ondřej\Downloads\Zábavná-matematika.rar
2017-02-03 08:57 - 2017-02-03 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-03 08:56 - 2017-02-03 08:57 - 00000000 ____D C:\Program Files\iTunes
2017-02-03 08:56 - 2017-02-03 08:56 - 00000000 ____D C:\Program Files\iPod
2017-02-03 08:54 - 2017-02-03 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-02-03 08:52 - 2017-02-03 08:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-02-03 08:52 - 2017-02-03 08:52 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-01-29 15:08 - 2017-02-27 09:40 - 00000000 ____D C:\ProgramData\Family Farm
2017-01-29 15:08 - 2017-01-30 08:10 - 00000000 __SHD C:\Users\Ondřej\wc
2017-01-29 15:08 - 2017-01-29 15:08 - 00000000 __SHD C:\Users\Ondřej\AppData\Roaming\wyUpdate AU
2017-01-29 15:06 - 2017-01-29 15:06 - 00000000 ____D C:\Users\Ondřej\Downloads\Family.Farm.CRACKED.Cz
2017-01-28 09:16 - 2017-02-26 20:28 - 00000000 ____D C:\Users\Ondřej\Desktop\David
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-27 14:22 - 2016-11-18 07:26 - 00000000 ____D C:\Users\Ondřej\AppData\LocalLow\Mozilla
2017-02-27 14:22 - 2012-12-23 09:07 - 00000000 ____D C:\Users\Ondřej\Desktop\programy
2017-02-27 14:14 - 2015-08-06 15:57 - 00000000 ___RD C:\Users\Ondřej\OneDrive
2017-02-27 13:47 - 2016-06-27 13:38 - 00000000 ___RD C:\Users\Ondřej\Desktop\Dropbox
2017-02-27 09:21 - 2016-09-20 22:12 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-26 10:02 - 2014-01-23 15:26 - 00000000 ___RD C:\Users\Ondřej\Desktop\Elenka
2017-02-24 19:51 - 2014-02-15 07:41 - 00000000 ____D C:\Users\Ondřej\Documents\Noty a MuseScore
2017-02-21 18:28 - 2015-11-17 10:02 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-19 17:41 - 2016-09-20 23:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-19 17:40 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-18 19:54 - 2016-12-06 20:48 - 00003268 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-18 19:54 - 2015-08-06 15:57 - 00002427 _____ C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-17 14:33 - 2015-07-28 06:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-17 14:33 - 2015-07-28 06:52 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-17 14:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-17 14:32 - 2015-07-28 06:54 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-17 08:51 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-16 10:12 - 2015-02-20 22:07 - 00001689 _____ C:\Users\Ondřej\Desktop\POWERPNT – zástupce.lnk
2017-02-16 10:12 - 2015-02-20 22:07 - 00001678 _____ C:\Users\Ondřej\Desktop\WINWORD – zástupce.lnk
2017-02-16 10:12 - 2015-02-20 22:07 - 00001658 _____ C:\Users\Ondřej\Desktop\EXCEL – zástupce.lnk
2017-02-13 16:06 - 2016-09-20 22:26 - 00000000 ____D C:\Users\Ondřej
2017-02-13 16:06 - 2015-07-03 21:52 - 00000000 ____D C:\Users\Ondřej\Kindle
2017-02-12 21:09 - 2015-07-04 07:14 - 00000000 ____D C:\Users\Ondřej\Documents\My eBooks
2017-02-12 11:49 - 2015-03-08 21:40 - 00000000 ____D C:\Users\Ondřej\AppData\Local\Google
2017-02-08 14:18 - 2015-10-07 19:25 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-06 21:26 - 2015-03-08 21:42 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 08:56 - 2015-03-03 19:23 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-03 08:54 - 2015-03-03 20:45 - 00000000 ____D C:\Users\Ondřej\AppData\Local\Apple Inc
2017-02-03 08:52 - 2015-03-03 19:24 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-02-02 22:44 - 2015-03-03 20:45 - 00000000 ___RD C:\Users\Ondřej\iCloudDrive
2017-01-29 14:55 - 2015-04-13 20:19 - 00000000 ____D C:\Users\Ondřej\AppData\Roaming\uTorrent
2017-01-29 08:56 - 2015-09-05 20:17 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-28 16:07 - 2016-06-27 13:46 - 00000000 ____D C:\Users\Ondřej\Desktop\dr
2017-01-28 09:38 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-28 09:38 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-28 09:38 - 2015-02-11 10:07 - 00000000 ____D C:\Users\Ondřej\AppData\Local\Adobe
2017-01-28 09:34 - 2016-11-17 21:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 09:34 - 2015-02-11 10:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
==================== Files in the root of some directories =======
2016-01-30 07:46 - 2016-01-30 07:46 - 0000000 _____ () C:\Users\Ondřej\AppData\Roaming\mediaload.app.lock
2016-09-20 22:18 - 2016-09-20 22:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-02-17 14:30 - 2017-02-17 14:30 - 0739904 _____ (Oracle Corporation) C:\Users\Ondřej\AppData\Local\Temp\jre-8u121-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-21 18:56
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Cerber
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Cerber
Ještě připojuji Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by Ondřej (27-02-2017 14:36:11)
Running from C:\Users\Ondřej\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-20 22:29:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-959826868-2704866173-1510423850-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-959826868-2704866173-1510423850-503 - Limited - Disabled)
Guest (S-1-5-21-959826868-2704866173-1510423850-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-959826868-2704866173-1510423850-1016 - Limited - Enabled)
Ondřej (S-1-5-21-959826868-2704866173-1510423850-1002 - Administrator - Enabled) => C:\Users\Ondřej
UpdatusUser (S-1-5-21-959826868-2704866173-1510423850-1011 - Limited - Enabled) => C:\Users\UpdatusUser.ntb
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABC Amber Palm Converter (HKLM-x32\...\ABC Amber Palm Converter) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
avast! Browser Cleanup (HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\avast! Browser Cleanup) (Version: 10.2.2218.71 - AVAST Software)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
calibre 64bit (HKLM\...\{0F675D48-5FF3-48FC-B07F-B6EB91A440E5}) (Version: 2.44.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
Convert MOV to AVI 1.0 (HKLM-x32\...\{A39EA3C8-7BF3-4FA7-9A67-3D3611BAE59E}_is1) (Version: - convertmovtoavi.com)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
ESET Smart Security (HKLM\...\{D94B5945-22DD-47C9-9CA4-ED784C9B2427}) (Version: 9.0.385.1 - ESET, spol. s r.o.)
Fire Captain version 1.0 (HKLM-x32\...\{EFE597CD-937C-4388-AA52-E6B698112282}_is1) (Version: 1.0 - Brigades)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.1.1115 - Foxit Software Inc.)
Freemake Video Converter verze 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GoGear SA5MXX Device Manager (HKLM-x32\...\{813A14AE-62BB-42CF-B41F-FF68D44E7B21}) (Version: 1.00 - Philips)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.3.5254 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Acer Incorporated)
Malwarebytes Anti-Malware verze 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MuseScore 2 (HKLM-x32\...\{4F0E15EA-F64C-11E5-9992-E717EA7DB0C8}) (Version: 2.0.3 - Werner Schweer and Others)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.10 - Symantec Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA Ovladače grafiky 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Ovládací panel NVIDIA 369.09 (Version: 369.09 - NVIDIA Corporation) Hidden
Podpora aplikací Apple (64bitová) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stellarium 0.14.1 (HKLM\...\Stellarium_is1) (Version: 0.14.1 - Stellarium team)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
UnityPDF version 1.0.7.0 (HKLM-x32\...\{DBA31E1D-4CD2-4E8E-9EEB-ADBE24D8C04F}_is1) (Version: 1.0.7.0 - UnityPDF)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Web Companion (HKLM-x32\...\{4c8561f5-a5a8-4336-b033-0931ddf28bb5}) (Version: 2.3.1460.2843 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
YTD Video Downloader 4.9.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9.2 - GreenTree Applications SRL) <==== ATTENTION
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-959826868-2704866173-1510423850-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Ondřej\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\RobloxProxy64.dll (ROBLOX Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {087AE307-9CD3-4AFD-98B1-EE79A24C7AFA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1A3EF5D0-A88F-4113-903B-3D0ECE285CF1} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {1BB1A83B-D864-4DF0-B8B1-33F2BB71FA21} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {30CB288C-6BF9-42BE-AE51-0CFA6103CBE5} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {37786C24-BB95-41FF-BD26-AB1A2BBE9B4A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {382B4ED8-84A5-4965-8663-4821D2F05FBC} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Ondřej\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {39296EE3-CF67-49D7-95E9-297000DC865F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3AD3640F-897F-4CC5-A4AB-BA46FECA55F8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.)
Task: {41D7949E-B659-4F93-833A-5E01E5F838B9} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {52FDA480-7A39-4551-9BC0-70A32D2AD09C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-14] (Adobe Systems Incorporated)
Task: {55AE0F0D-5390-416D-B252-466DB5BED040} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {58F0BEF2-D76C-4760-BA4B-AC472B252869} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {5C608ED5-B742-4060-825B-22946DB25F00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {60469011-461B-45BE-87B9-4DCF9DAA931F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-26] (Google Inc.)
Task: {626B3A8C-37F6-4ED3-A637-CEEF3044109E} - System32\Tasks\avastBCLS-1-5-21-959826868-2704866173-1510423850-1002 => C:\Users\Ondřej\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2016-11-08] (AVAST Software)
Task: {672ECD12-730D-47BD-A56D-1B9D16D3F2FE} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {6E402C73-4731-468B-9638-4E7C4D8F9A8D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-28] (Adobe Systems Incorporated)
Task: {87BCC9DD-AB04-4E35-902F-631342D5C975} - System32\Tasks\avast! BCU UpdateS-1-5-21-959826868-2704866173-1510423850-1002 => C:\Users\Ondřej\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {8BAB3741-36BD-4876-B4D9-19687EDCFDF1} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe
Task: {A1852AAE-2544-494E-AD8E-FACC84D94E60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-26] (Google Inc.)
Task: {A7EE11A2-85FF-4B89-A729-76777AABF68C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8D33E03-C840-439E-A615-2CF9A8579A90} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B233F7AB-7A81-4F85-92F7-B0365F4107E1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B787328D-6708-4674-92C4-C5EA61F247AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B8A0E030-9F98-4C92-8360-6074C9413DD2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {BF728866-57A5-40D3-BB76-6F44A2CDF694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D77DEFE8-07B7-4662-B416-57C0DE2318FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E0DB9F8B-ECA7-48BE-AFE4-E8F92286AE13} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.)
Task: {E81148B5-7EE7-404A-989D-FFC3CFCBE901} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-24] ()
Task: {F155A46C-021D-424A-94F6-1749FAF98DDF} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {F5157A2F-D1F8-4D01-B3AA-F7573B2AA899} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F58F4A0B-4D42-4B35-8758-221565885AEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FD5869C3-622D-447F-966D-D1203F1AB49C} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Ondřej\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com
==================== Loaded Modules (Whitelisted) ==============
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-01 10:28 - 2016-10-01 10:28 - 00025240 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2016-10-01 10:28 - 2016-10-01 10:28 - 00017040 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2016-10-01 10:28 - 2016-10-01 10:28 - 00037008 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-01 08:36 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-01 08:36 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-01 08:36 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2012-06-22 02:12 - 2012-06-22 02:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2016-09-20 22:56 - 2016-09-20 22:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-11 19:18 - 2016-10-05 10:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-11 19:18 - 2016-10-05 10:34 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2012-08-22 23:04 - 2012-08-22 23:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-22 23:04 - 2012-08-22 23:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2016-10-11 19:18 - 2016-10-05 10:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-11 19:19 - 2016-10-05 10:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-11 19:19 - 2016-10-05 10:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-11 19:19 - 2016-10-05 10:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-11 19:19 - 2016-10-05 10:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-08-23 07:26 - 2012-08-23 07:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 07:26 - 2012-08-23 07:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 07:26 - 2012-08-23 07:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2012-09-13 22:21 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_email1229235768 [1431]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_firmy-216282473 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_novinky-1609642764 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_prozeny771666966 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_sport6476750 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_stream1444311432 [703]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_super-41222104 [2302]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2015-06-21 12:02 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Control Panel\Desktop\\Wallpaper -> c:\users\ondřej\desktop\p1330074.jpg
DNS Servers: 217.170.96.24 - 217.170.96.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: wuauserv => 3
HKLM\...\StartupApproved\StartupFolder: => "Acer Backup Manager Tray.lnk"
HKLM\...\StartupApproved\Run: => "mcpltui_exe"
HKLM\...\StartupApproved\Run: => "mcui_exe"
HKLM\...\StartupApproved\Run: => "Norton Online Backup"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "cpuminer"
HKLM\...\StartupApproved\Run: => "gpuminer"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\StartupFolder: => "crossbrowse.lnk"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{38EECC0E-0789-47EA-8120-B9A336BD182E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CC72DE1-BB65-4A11-A7C5-2AA2B4B8274C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6738E645-F10A-4A75-A918-CC3E2ACD378A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3A3B71CA-823F-4043-82EB-6F014EE688CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9636E7AE-3780-40F7-A7B8-446043D9EB43}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE14DFCA-44F7-45C5-B313-1C3ED0C528D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{93C4126F-6F69-4CE9-BE8C-AC65057614C6}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{5439F846-2233-4054-BA34-751859F31F67}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [{EEE78509-522C-4E24-A5DB-CCCBDF75ECAC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{1C9AC323-3F9A-4230-A0F0-E79247C466FC}C:\program files (x86)\fire captain\fire.exe] => (Block) C:\program files (x86)\fire captain\fire.exe
FirewallRules: [TCP Query User{2A0E6EAD-29B7-4A8F-8A6E-757F7D224E28}C:\program files (x86)\fire captain\fire.exe] => (Block) C:\program files (x86)\fire captain\fire.exe
FirewallRules: [UDP Query User{67A7ACB2-DFBC-4339-9086-05951F415566}C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{72E93C52-5A5F-434E-912B-406F223DE96D}C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{C493EAE8-ACF7-4D44-AF9D-38E92861C275}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{92D4EB48-EF5E-4121-81FD-8F4290040FF0}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{D072D69F-BB06-41C6-8939-C75C07F915E7}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{031A9002-9F87-40A7-8F9E-5EDFCD95338E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E30D0C0B-14CE-4B05-A987-1966C5725160}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F720BDE6-F9E1-44EA-8FED-FBC6FF8409B6}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{0890C160-D5C8-445C-BA0D-761FE9FE231E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{61EF0C51-18C2-4CEF-BA0D-3251DE25698B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{1CC83BFC-273C-4F8B-ADC0-45E923FCF279}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{E0AF2BB6-1D41-4489-BB32-F19488577C42}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{CD39EE26-21B4-4421-8A5D-DC2426376E17}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{ACB984C1-1E2E-4180-9A1D-1192C799213D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{E8729967-AAEB-4610-82CD-1EE4757C99E0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{E4ABDD0A-863E-45C0-81CD-9AD5A212D4DB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{64982B25-DA1C-4EC5-8638-72179B005451}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{9BE3C5EA-3008-4BB7-9749-195BF5E6C103}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{BEB62DD4-F0F3-4A91-AE1F-A287393C3A97}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{1237E698-EF2A-4F55-A337-3491696155D0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BC4087E1-18B9-4F0C-BF0E-14054B5D2C8F}] => (Allow) LPort=2869
FirewallRules: [{0D90A1E5-8E6B-4731-98F0-DD44D16D8E45}] => (Allow) LPort=1900
FirewallRules: [{3E2CB0E6-C8F8-4D0C-BEFB-9BE2FD1CA866}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCF23E33-0449-4C6E-AA45-AF1E8523F681}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BF32FF27-56CB-4647-88F0-FF9CA43FA3E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AAF72DD6-289F-4D8E-A00B-BCB45F95C92B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7F74776C-9D95-49B2-876A-C9DC2563D21A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{299EF1EA-10E8-43CA-A745-B4A11247C913}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7AFF9763-8BB0-4129-B8AC-6ECC4212A48A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{325FEEB4-6FBF-4B35-BBBB-2189FA46D0E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7CC741EA-AD1F-4E0F-8BDD-6DFD454EC2FC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
12-02-2017 10:11:32 Naplánovaný kontrolní bod
20-02-2017 18:15:02 Naplánovaný kontrolní bod
27-02-2017 13:49:19 Removed Podpora aplikací Apple (32bitová)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/27/2017 02:40:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:38:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:37:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:36:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:35:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:34:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:33:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:32:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:31:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:30:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
System errors:
=============
Error: (02/27/2017 01:49:07 PM) (Source: DCOM) (EventID: 10016) (User: ntb)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli ntb\Ondřej (SID: S-1-5-21-959826868-2704866173-1510423850-1002) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/27/2017 01:44:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/27/2017 01:44:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/27/2017 01:44:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_1271e1e1 byla ukončena s následující chybou:
Nespecifikovaná chyba
Error: (02/27/2017 08:11:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/26/2017 07:14:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/25/2017 07:46:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_9374ed6 byla ukončena s následující chybou:
Nespecifikovaná chyba
Error: (02/25/2017 07:46:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/25/2017 07:46:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/25/2017 09:20:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
CodeIntegrity:
===================================
Date: 2017-02-19 17:24:10.947
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:10.418
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:09.385
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:09.375
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:08.792
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:08.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:07.272
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:07.252
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:07.036
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:05.730
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 8005.27 MB
Available physical RAM: 5315.46 MB
Total Virtual: 27461.27 MB
Available Virtual: 8249.89 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:675.91 GB) (Free:381.69 GB) NTFS
Drive e: (AOE2) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
Drive f: (MARINE) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: D578584D)
Partition: GPT.
==================== End of Addition.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by Ondřej (27-02-2017 14:36:11)
Running from C:\Users\Ondřej\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-20 22:29:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-959826868-2704866173-1510423850-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-959826868-2704866173-1510423850-503 - Limited - Disabled)
Guest (S-1-5-21-959826868-2704866173-1510423850-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-959826868-2704866173-1510423850-1016 - Limited - Enabled)
Ondřej (S-1-5-21-959826868-2704866173-1510423850-1002 - Administrator - Enabled) => C:\Users\Ondřej
UpdatusUser (S-1-5-21-959826868-2704866173-1510423850-1011 - Limited - Enabled) => C:\Users\UpdatusUser.ntb
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABC Amber Palm Converter (HKLM-x32\...\ABC Amber Palm Converter) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
avast! Browser Cleanup (HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\avast! Browser Cleanup) (Version: 10.2.2218.71 - AVAST Software)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
calibre 64bit (HKLM\...\{0F675D48-5FF3-48FC-B07F-B6EB91A440E5}) (Version: 2.44.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
Convert MOV to AVI 1.0 (HKLM-x32\...\{A39EA3C8-7BF3-4FA7-9A67-3D3611BAE59E}_is1) (Version: - convertmovtoavi.com)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
ESET Smart Security (HKLM\...\{D94B5945-22DD-47C9-9CA4-ED784C9B2427}) (Version: 9.0.385.1 - ESET, spol. s r.o.)
Fire Captain version 1.0 (HKLM-x32\...\{EFE597CD-937C-4388-AA52-E6B698112282}_is1) (Version: 1.0 - Brigades)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.1.1115 - Foxit Software Inc.)
Freemake Video Converter verze 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GoGear SA5MXX Device Manager (HKLM-x32\...\{813A14AE-62BB-42CF-B41F-FF68D44E7B21}) (Version: 1.00 - Philips)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.3.5254 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Acer Incorporated)
Malwarebytes Anti-Malware verze 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MuseScore 2 (HKLM-x32\...\{4F0E15EA-F64C-11E5-9992-E717EA7DB0C8}) (Version: 2.0.3 - Werner Schweer and Others)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.10 - Symantec Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA Ovladače grafiky 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Ovládací panel NVIDIA 369.09 (Version: 369.09 - NVIDIA Corporation) Hidden
Podpora aplikací Apple (64bitová) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stellarium 0.14.1 (HKLM\...\Stellarium_is1) (Version: 0.14.1 - Stellarium team)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
UnityPDF version 1.0.7.0 (HKLM-x32\...\{DBA31E1D-4CD2-4E8E-9EEB-ADBE24D8C04F}_is1) (Version: 1.0.7.0 - UnityPDF)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Web Companion (HKLM-x32\...\{4c8561f5-a5a8-4336-b033-0931ddf28bb5}) (Version: 2.3.1460.2843 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
YTD Video Downloader 4.9.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9.2 - GreenTree Applications SRL) <==== ATTENTION
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-959826868-2704866173-1510423850-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Ondřej\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\RobloxProxy64.dll (ROBLOX Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {087AE307-9CD3-4AFD-98B1-EE79A24C7AFA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1A3EF5D0-A88F-4113-903B-3D0ECE285CF1} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {1BB1A83B-D864-4DF0-B8B1-33F2BB71FA21} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {30CB288C-6BF9-42BE-AE51-0CFA6103CBE5} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {37786C24-BB95-41FF-BD26-AB1A2BBE9B4A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {382B4ED8-84A5-4965-8663-4821D2F05FBC} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Ondřej\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {39296EE3-CF67-49D7-95E9-297000DC865F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3AD3640F-897F-4CC5-A4AB-BA46FECA55F8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.)
Task: {41D7949E-B659-4F93-833A-5E01E5F838B9} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {52FDA480-7A39-4551-9BC0-70A32D2AD09C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-14] (Adobe Systems Incorporated)
Task: {55AE0F0D-5390-416D-B252-466DB5BED040} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {58F0BEF2-D76C-4760-BA4B-AC472B252869} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {5C608ED5-B742-4060-825B-22946DB25F00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {60469011-461B-45BE-87B9-4DCF9DAA931F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-26] (Google Inc.)
Task: {626B3A8C-37F6-4ED3-A637-CEEF3044109E} - System32\Tasks\avastBCLS-1-5-21-959826868-2704866173-1510423850-1002 => C:\Users\Ondřej\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2016-11-08] (AVAST Software)
Task: {672ECD12-730D-47BD-A56D-1B9D16D3F2FE} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {6E402C73-4731-468B-9638-4E7C4D8F9A8D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-28] (Adobe Systems Incorporated)
Task: {87BCC9DD-AB04-4E35-902F-631342D5C975} - System32\Tasks\avast! BCU UpdateS-1-5-21-959826868-2704866173-1510423850-1002 => C:\Users\Ondřej\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {8BAB3741-36BD-4876-B4D9-19687EDCFDF1} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe
Task: {A1852AAE-2544-494E-AD8E-FACC84D94E60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-26] (Google Inc.)
Task: {A7EE11A2-85FF-4B89-A729-76777AABF68C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8D33E03-C840-439E-A615-2CF9A8579A90} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B233F7AB-7A81-4F85-92F7-B0365F4107E1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B787328D-6708-4674-92C4-C5EA61F247AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B8A0E030-9F98-4C92-8360-6074C9413DD2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {BF728866-57A5-40D3-BB76-6F44A2CDF694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D77DEFE8-07B7-4662-B416-57C0DE2318FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E0DB9F8B-ECA7-48BE-AFE4-E8F92286AE13} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.)
Task: {E81148B5-7EE7-404A-989D-FFC3CFCBE901} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-24] ()
Task: {F155A46C-021D-424A-94F6-1749FAF98DDF} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {F5157A2F-D1F8-4D01-B3AA-F7573B2AA899} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F58F4A0B-4D42-4B35-8758-221565885AEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FD5869C3-622D-447F-966D-D1203F1AB49C} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Ondřej\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com
==================== Loaded Modules (Whitelisted) ==============
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-01 10:28 - 2016-10-01 10:28 - 00025240 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2016-10-01 10:28 - 2016-10-01 10:28 - 00017040 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2016-10-01 10:28 - 2016-10-01 10:28 - 00037008 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-01 08:36 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-01 08:36 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-01 08:36 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2012-06-22 02:12 - 2012-06-22 02:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2016-09-20 22:56 - 2016-09-20 22:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-11 19:18 - 2016-10-05 10:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-11 19:18 - 2016-10-05 10:34 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2012-08-22 23:04 - 2012-08-22 23:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-22 23:04 - 2012-08-22 23:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2016-10-11 19:18 - 2016-10-05 10:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-11 19:19 - 2016-10-05 10:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-11 19:19 - 2016-10-05 10:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-11 19:19 - 2016-10-05 10:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-11 19:19 - 2016-10-05 10:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-08-23 07:26 - 2012-08-23 07:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 07:26 - 2012-08-23 07:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 07:26 - 2012-08-23 07:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2012-09-13 22:21 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_email1229235768 [1431]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_firmy-216282473 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_novinky-1609642764 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_prozeny771666966 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_sport6476750 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_stream1444311432 [703]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_super-41222104 [2302]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2015-06-21 12:02 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Control Panel\Desktop\\Wallpaper -> c:\users\ondřej\desktop\p1330074.jpg
DNS Servers: 217.170.96.24 - 217.170.96.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: wuauserv => 3
HKLM\...\StartupApproved\StartupFolder: => "Acer Backup Manager Tray.lnk"
HKLM\...\StartupApproved\Run: => "mcpltui_exe"
HKLM\...\StartupApproved\Run: => "mcui_exe"
HKLM\...\StartupApproved\Run: => "Norton Online Backup"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "cpuminer"
HKLM\...\StartupApproved\Run: => "gpuminer"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\StartupFolder: => "crossbrowse.lnk"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{38EECC0E-0789-47EA-8120-B9A336BD182E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CC72DE1-BB65-4A11-A7C5-2AA2B4B8274C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6738E645-F10A-4A75-A918-CC3E2ACD378A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3A3B71CA-823F-4043-82EB-6F014EE688CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9636E7AE-3780-40F7-A7B8-446043D9EB43}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE14DFCA-44F7-45C5-B313-1C3ED0C528D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{93C4126F-6F69-4CE9-BE8C-AC65057614C6}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{5439F846-2233-4054-BA34-751859F31F67}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [{EEE78509-522C-4E24-A5DB-CCCBDF75ECAC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{1C9AC323-3F9A-4230-A0F0-E79247C466FC}C:\program files (x86)\fire captain\fire.exe] => (Block) C:\program files (x86)\fire captain\fire.exe
FirewallRules: [TCP Query User{2A0E6EAD-29B7-4A8F-8A6E-757F7D224E28}C:\program files (x86)\fire captain\fire.exe] => (Block) C:\program files (x86)\fire captain\fire.exe
FirewallRules: [UDP Query User{67A7ACB2-DFBC-4339-9086-05951F415566}C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{72E93C52-5A5F-434E-912B-406F223DE96D}C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{C493EAE8-ACF7-4D44-AF9D-38E92861C275}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{92D4EB48-EF5E-4121-81FD-8F4290040FF0}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{D072D69F-BB06-41C6-8939-C75C07F915E7}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{031A9002-9F87-40A7-8F9E-5EDFCD95338E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E30D0C0B-14CE-4B05-A987-1966C5725160}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F720BDE6-F9E1-44EA-8FED-FBC6FF8409B6}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{0890C160-D5C8-445C-BA0D-761FE9FE231E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{61EF0C51-18C2-4CEF-BA0D-3251DE25698B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{1CC83BFC-273C-4F8B-ADC0-45E923FCF279}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{E0AF2BB6-1D41-4489-BB32-F19488577C42}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{CD39EE26-21B4-4421-8A5D-DC2426376E17}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{ACB984C1-1E2E-4180-9A1D-1192C799213D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{E8729967-AAEB-4610-82CD-1EE4757C99E0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{E4ABDD0A-863E-45C0-81CD-9AD5A212D4DB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{64982B25-DA1C-4EC5-8638-72179B005451}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{9BE3C5EA-3008-4BB7-9749-195BF5E6C103}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{BEB62DD4-F0F3-4A91-AE1F-A287393C3A97}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{1237E698-EF2A-4F55-A337-3491696155D0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BC4087E1-18B9-4F0C-BF0E-14054B5D2C8F}] => (Allow) LPort=2869
FirewallRules: [{0D90A1E5-8E6B-4731-98F0-DD44D16D8E45}] => (Allow) LPort=1900
FirewallRules: [{3E2CB0E6-C8F8-4D0C-BEFB-9BE2FD1CA866}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCF23E33-0449-4C6E-AA45-AF1E8523F681}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BF32FF27-56CB-4647-88F0-FF9CA43FA3E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AAF72DD6-289F-4D8E-A00B-BCB45F95C92B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7F74776C-9D95-49B2-876A-C9DC2563D21A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{299EF1EA-10E8-43CA-A745-B4A11247C913}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7AFF9763-8BB0-4129-B8AC-6ECC4212A48A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{325FEEB4-6FBF-4B35-BBBB-2189FA46D0E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7CC741EA-AD1F-4E0F-8BDD-6DFD454EC2FC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
12-02-2017 10:11:32 Naplánovaný kontrolní bod
20-02-2017 18:15:02 Naplánovaný kontrolní bod
27-02-2017 13:49:19 Removed Podpora aplikací Apple (32bitová)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/27/2017 02:40:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:38:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:37:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:36:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:35:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:34:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:33:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:32:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:31:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (02/27/2017 02:30:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (412) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
System errors:
=============
Error: (02/27/2017 01:49:07 PM) (Source: DCOM) (EventID: 10016) (User: ntb)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli ntb\Ondřej (SID: S-1-5-21-959826868-2704866173-1510423850-1002) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/27/2017 01:44:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/27/2017 01:44:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/27/2017 01:44:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_1271e1e1 byla ukončena s následující chybou:
Nespecifikovaná chyba
Error: (02/27/2017 08:11:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/26/2017 07:14:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/25/2017 07:46:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_9374ed6 byla ukončena s následující chybou:
Nespecifikovaná chyba
Error: (02/25/2017 07:46:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/25/2017 07:46:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/25/2017 09:20:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
CodeIntegrity:
===================================
Date: 2017-02-19 17:24:10.947
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:10.418
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:09.385
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:09.375
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:08.792
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:08.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:07.272
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:07.252
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:07.036
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-19 17:24:05.730
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 8005.27 MB
Available physical RAM: 5315.46 MB
Total Virtual: 27461.27 MB
Available Virtual: 8249.89 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:675.91 GB) (Free:381.69 GB) NTFS
Drive e: (AOE2) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
Drive f: (MARINE) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: D578584D)
Partition: GPT.
==================== End of Addition.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Cerber
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Cerber
# AdwCleaner v6.043 - Log vytvořen 28/02/2017 v 21:19:19
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Ondřej - NTB
# Spuštěno z : C:\Users\Ondřej\Downloads\adwcleaner_6.043.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Služba nalezena: LavasoftTcpService
Služba nalezena: WCAssistantService
***** [ Složky ] *****
Složka nalezena: C:\Users\Ondřej\AppData\Roaming\lavasoft\web companion
Složka nalezena: C:\Users\Ondřej\Documents\vShare
Složka nalezena: C:\ProgramData\lavasoft\web companion
Složka nalezena: C:\ProgramData\ytd video downloader
Složka nalezena: C:\ProgramData\Application Data\lavasoft\web companion
Složka nalezena: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Složka nalezena: C:\Program Files (x86)\GreenTree Applications
Složka nalezena: C:\Program Files (x86)\lavasoft\web companion
***** [ Soubory ] *****
Soubor nalezen: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
Soubor nalezen: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
Soubor nalezen: C:\WINDOWS\SysWoW64\lavasofttcpservice.dll
Soubor nalezen: C:\WINDOWS\SysWoW64\LavasoftTcpServiceOff.ini
Soubor nalezen: C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777\searchplugins\yahoo-lavasoft.xml
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Žádný infikovaný zástupce nenalezen.
***** [ Naplánované úlohy ] *****
Žádná nebezpečná úloha nenalezena.
***** [ Registry ] *****
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Klíč nalezen: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Klíč nalezen: HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Klíč nalezen: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč nalezen: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Ask.com
Klíč nalezen: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč nalezen: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\AppDataLow\Software\AskToolbar
Klíč nalezen: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč nalezen: HKCU\Software\Ask.com
Klíč nalezen: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč nalezen: HKCU\Software\AppDataLow\Software\AskToolbar
Klíč nalezen: HKLM\SOFTWARE\Lavasoft\Web Companion
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Klíč nalezen: [x64] HKCU\Software\Ask.com
Klíč nalezen: [x64] HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč nalezen: [x64] HKCU\Software\AppDataLow\Software\AskToolbar
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gpuminer
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Data nalezena: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.search.ask.com/?l=dis&o=14469
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.search.ask.com/?l=dis&o=14469
Data nalezena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.search.ask.com/?l=dis&o=14469
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... BAXMQ01ABD
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... BAXMQ01ABD
Klíč nalezen: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Hodnota nalezena: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [cpuminer]
Hodnota nalezena: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [gpuminer]
Hodnota nalezena: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
Hodnota nalezena: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]
Hodnota nalezena: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
Hodnota nalezena: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Internetové prohlížeče ] *****
Firefox nastavení nalezeno: [C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777\prefs.js] - "browser.newtabpage.url" - "hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcomp ... _WCYID1001
Chromium nastavení nalezeno: [C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mystartsearch.com/webfavicon.ico
Chromium nastavení nalezeno: [C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://www.mystartsearch.com/?type=hp&ts=14341 ... &uid=TOSHI
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [9339 Bajty] - [28/02/2017 21:19:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9412 Bajty] ##########
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Ondřej - NTB
# Spuštěno z : C:\Users\Ondřej\Downloads\adwcleaner_6.043.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Služba nalezena: LavasoftTcpService
Služba nalezena: WCAssistantService
***** [ Složky ] *****
Složka nalezena: C:\Users\Ondřej\AppData\Roaming\lavasoft\web companion
Složka nalezena: C:\Users\Ondřej\Documents\vShare
Složka nalezena: C:\ProgramData\lavasoft\web companion
Složka nalezena: C:\ProgramData\ytd video downloader
Složka nalezena: C:\ProgramData\Application Data\lavasoft\web companion
Složka nalezena: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Složka nalezena: C:\Program Files (x86)\GreenTree Applications
Složka nalezena: C:\Program Files (x86)\lavasoft\web companion
***** [ Soubory ] *****
Soubor nalezen: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
Soubor nalezen: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
Soubor nalezen: C:\WINDOWS\SysWoW64\lavasofttcpservice.dll
Soubor nalezen: C:\WINDOWS\SysWoW64\LavasoftTcpServiceOff.ini
Soubor nalezen: C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777\searchplugins\yahoo-lavasoft.xml
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Žádný infikovaný zástupce nenalezen.
***** [ Naplánované úlohy ] *****
Žádná nebezpečná úloha nenalezena.
***** [ Registry ] *****
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Klíč nalezen: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Klíč nalezen: HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Klíč nalezen: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč nalezen: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Ask.com
Klíč nalezen: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč nalezen: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\AppDataLow\Software\AskToolbar
Klíč nalezen: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč nalezen: HKCU\Software\Ask.com
Klíč nalezen: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč nalezen: HKCU\Software\AppDataLow\Software\AskToolbar
Klíč nalezen: HKLM\SOFTWARE\Lavasoft\Web Companion
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Klíč nalezen: [x64] HKCU\Software\Ask.com
Klíč nalezen: [x64] HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč nalezen: [x64] HKCU\Software\AppDataLow\Software\AskToolbar
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gpuminer
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Data nalezena: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.search.ask.com/?l=dis&o=14469
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.search.ask.com/?l=dis&o=14469
Data nalezena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.search.ask.com/?l=dis&o=14469
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... BAXMQ01ABD
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... BAXMQ01ABD
Klíč nalezen: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Hodnota nalezena: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [cpuminer]
Hodnota nalezena: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [gpuminer]
Hodnota nalezena: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
Hodnota nalezena: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]
Hodnota nalezena: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
Hodnota nalezena: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Internetové prohlížeče ] *****
Firefox nastavení nalezeno: [C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777\prefs.js] - "browser.newtabpage.url" - "hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcomp ... _WCYID1001
Chromium nastavení nalezeno: [C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mystartsearch.com/webfavicon.ico
Chromium nastavení nalezeno: [C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://www.mystartsearch.com/?type=hp&ts=14341 ... &uid=TOSHI
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [9339 Bajty] - [28/02/2017 21:19:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9412 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Cerber
ADW nemazal, neklikl jste na mazání. Zkuste ještě jednou.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Cerber
Máte pravdu, vložený log byl po scanu.
Při následném mazaní se mi program zasekl, musel jsem celý proces opakovat. Hrozeb již nalezl ale podstatně méně.
Zde je log po druhém (a dokončeném) mazání.
# AdwCleaner v6.043 - Log vytvořen 28/02/2017 v 21:37:09
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Ondřej - NTB
# Spuštěno z : C:\Users\Ondřej\Downloads\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
[#] Soubor smazán: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[#] Soubor smazán: C:\WINDOWS\SysWoW64\lavasofttcpservice.dll
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
***** [ Prohlížeče ] *****
[-] [C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default] [favicon_url] Smazáno: hxxp://www.mystartsearch.com/webfavicon.ico
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1064 Bajty] - [28/02/2017 21:37:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [9607 Bajty] - [28/02/2017 21:19:19]
C:\AdwCleaner\AdwCleaner[S1].txt - [1607 Bajty] - [28/02/2017 21:30:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [1680 Bajty] - [28/02/2017 21:36:49]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1356 Bajty] ##########
Při následném mazaní se mi program zasekl, musel jsem celý proces opakovat. Hrozeb již nalezl ale podstatně méně.
Zde je log po druhém (a dokončeném) mazání.
# AdwCleaner v6.043 - Log vytvořen 28/02/2017 v 21:37:09
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Ondřej - NTB
# Spuštěno z : C:\Users\Ondřej\Downloads\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
[#] Soubor smazán: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[#] Soubor smazán: C:\WINDOWS\SysWoW64\lavasofttcpservice.dll
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
***** [ Prohlížeče ] *****
[-] [C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default] [favicon_url] Smazáno: hxxp://www.mystartsearch.com/webfavicon.ico
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1064 Bajty] - [28/02/2017 21:37:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [9607 Bajty] - [28/02/2017 21:19:19]
C:\AdwCleaner\AdwCleaner[S1].txt - [1607 Bajty] - [28/02/2017 21:30:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [1680 Bajty] - [28/02/2017 21:36:49]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1356 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Cerber
Teď je to OK. Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Cerber
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by Ondřej (administrator) on NTB (01-03-2017 13:46:59)
Running from C:\Users\Ondřej\Downloads
Loaded Profiles: Ondřej (Available Profiles: Ondřej & UpdatusUser & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(AVAST Software) C:\Users\Ondřej\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533568 2012-08-23] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\MountPoints2: {c8d47fba-f2f1-11e2-bfc0-68942315ce82} - "E:\aoesetup.exe" /autorun
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\MountPoints2: {c8d48001-f2f1-11e2-bfc0-68942315ce82} - "F:\Setup.exe"
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-09-13]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 217.170.96.24 217.170.96.2 192.168.22.1
Tcpip\..\Interfaces\{8680d25c-04a7-4291-a79b-e558cd0be22a}: [DhcpNameServer] 217.170.96.24 217.170.96.2 192.168.22.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-17] (Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FireFox:
========
FF ProfilePath: C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 [2017-03-01]
FF NewTab: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> Seznam
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> Seznam
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> Seznam
FF Homepage: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> hxxps://www.seznam.cz/?clid=22668
FF Keyword.URL: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777\features\{14f6700f-65b0-40b6-8d34-14a5dd9c8e1f}\disableSHA1rollout@mozilla.org.xpi [2017-02-26]
FF SearchPlugin: C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777\searchplugins\seznam-avast.xml [2017-01-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-28] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-28] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-959826868-2704866173-1510423850-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ondřej\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-13] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006"
CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> hxxps://www.google.com/complete/search?client=c ... earchTerms}
CHR Profile: C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default [2017-02-27]
CHR Extension: (Prezentace Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-08]
CHR Extension: (Dokumenty Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-08]
CHR Extension: (Disk Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-02-27]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-02-27]
CHR Extension: (YouTube) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09]
CHR Extension: (Vyhledávání Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-09]
CHR Extension: (Tabulky Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-02-27]
CHR Extension: (Gmail) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]
Opera:
=======
OPR StartupUrls:
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-24] (Acer Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2771848 2016-11-30] (ESET)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-10] (ELAN Microelectronics Corp.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-13] (Dritek System INC.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2015-02-20] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [262792 2016-11-30] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-06-28] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [197248 2016-11-30] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [153216 2016-11-30] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [208520 2016-11-30] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [61568 2016-11-30] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [84616 2016-11-30] (ESET)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9934c34dc6ca0c4b\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-13] (Dritek System Inc.)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-01 13:46 - 2017-03-01 13:46 - 00000000 ____D C:\Users\Ondřej\Downloads\FRST-OlderVersion
2017-02-28 21:54 - 2017-02-28 21:54 - 03890448 _____ C:\Users\Ondřej\Downloads\Ort,-J.---Kapitoly-ze-sociologie-stáří-(Společenské-a-sociální-aspekty-stárnutí)-[poprehadzované]-(2004)-ZMEN-2.pdf
2017-02-28 21:40 - 2017-02-28 21:40 - 00000000 ___HD C:\OneDriveTemp
2017-02-28 21:31 - 2017-02-28 21:31 - 00000000 ____D C:\Users\Ondřej\Downloads\Zábavná-matematika
2017-02-28 21:14 - 2017-02-28 21:37 - 00000000 ____D C:\AdwCleaner
2017-02-28 21:13 - 2017-02-28 21:13 - 04015056 _____ C:\Users\Ondřej\Downloads\adwcleaner_6.043.exe
2017-02-28 19:30 - 2017-02-28 19:30 - 00002519 _____ C:\Users\Ondřej\Desktop\z181015251_01b.xml
2017-02-28 08:17 - 2017-02-28 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-27 14:36 - 2017-02-27 14:40 - 00052065 _____ C:\Users\Ondřej\Downloads\Addition.txt
2017-02-27 14:26 - 2017-03-01 13:46 - 00025093 _____ C:\Users\Ondřej\Downloads\FRST.txt
2017-02-27 14:25 - 2017-03-01 13:46 - 00000000 ____D C:\FRST
2017-02-27 14:24 - 2017-03-01 13:46 - 02423808 _____ (Farbar) C:\Users\Ondřej\Downloads\FRST64.exe
2017-02-21 19:49 - 2017-02-21 19:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-21 19:49 - 2017-02-21 19:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-20 17:19 - 2017-02-20 17:19 - 04481590 _____ C:\Users\Ondřej\Downloads\Nový Prezentace aplikace Microsoft PowerPoint.pptx
2017-02-19 17:37 - 2017-02-19 17:37 - 01274552 _____ (Microsoft Corporation) C:\Users\Ondřej\Downloads\NetFxRepairTool.exe
2017-02-19 17:30 - 2017-02-19 17:30 - 01424328 _____ (Microsoft Corporation) C:\Users\Ondřej\Downloads\NDP461-KB3102438-Web.exe
2017-02-19 17:21 - 2017-02-19 17:21 - 00267445 _____ C:\Users\Ondřej\Downloads\dotnetfx_cleanup_tool.zip
2017-02-19 17:21 - 2017-02-19 17:21 - 00000000 ____D C:\Users\Ondřej\Downloads\dotnetfx_cleanup_tool
2017-02-19 10:15 - 2017-02-19 10:15 - 00710981 _____ C:\Users\Ondřej\Downloads\Opereta.pptx
2017-02-09 09:33 - 2017-02-09 09:33 - 00046408 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-09 09:33 - 2017-02-09 09:33 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-05 10:22 - 2017-02-05 10:29 - 122003489 _____ C:\Users\Ondřej\Downloads\Zábavná-matematika.rar
2017-02-03 08:57 - 2017-02-03 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-03 08:56 - 2017-02-03 08:57 - 00000000 ____D C:\Program Files\iTunes
2017-02-03 08:56 - 2017-02-03 08:56 - 00000000 ____D C:\Program Files\iPod
2017-02-03 08:54 - 2017-02-03 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-02-03 08:52 - 2017-02-03 08:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-02-03 08:52 - 2017-02-03 08:52 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-01 13:41 - 2016-11-18 07:26 - 00000000 ____D C:\Users\Ondřej\AppData\LocalLow\Mozilla
2017-03-01 13:38 - 2016-09-20 22:12 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-28 21:41 - 2016-06-27 13:38 - 00000000 ___RD C:\Users\Ondřej\Desktop\Dropbox
2017-02-28 21:40 - 2015-08-06 15:57 - 00000000 ___RD C:\Users\Ondřej\OneDrive
2017-02-28 21:38 - 2016-09-20 23:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-28 21:38 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-28 21:22 - 2016-10-01 10:28 - 00000000 ____D C:\Users\Ondřej\AppData\Roaming\Lavasoft
2017-02-28 21:22 - 2016-10-01 10:28 - 00000000 ____D C:\ProgramData\Lavasoft
2017-02-28 21:22 - 2016-10-01 10:28 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2017-02-28 08:18 - 2015-10-07 19:25 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-27 14:22 - 2012-12-23 09:07 - 00000000 ____D C:\Users\Ondřej\Desktop\programy
2017-02-27 09:40 - 2017-01-29 15:08 - 00000000 ____D C:\ProgramData\Family Farm
2017-02-26 20:28 - 2017-01-28 09:16 - 00000000 ____D C:\Users\Ondřej\Desktop\David
2017-02-26 10:02 - 2014-01-23 15:26 - 00000000 ___RD C:\Users\Ondřej\Desktop\Elenka
2017-02-24 19:51 - 2014-02-15 07:41 - 00000000 ____D C:\Users\Ondřej\Documents\Noty a MuseScore
2017-02-21 18:28 - 2015-11-17 10:02 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-18 19:54 - 2016-12-06 20:48 - 00003268 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-18 19:54 - 2015-08-06 15:57 - 00002427 _____ C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-17 14:33 - 2015-07-28 06:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-17 14:33 - 2015-07-28 06:52 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-17 14:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-17 14:32 - 2015-07-28 06:54 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-17 08:51 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-16 10:12 - 2015-02-20 22:07 - 00001689 _____ C:\Users\Ondřej\Desktop\POWERPNT – zástupce.lnk
2017-02-16 10:12 - 2015-02-20 22:07 - 00001678 _____ C:\Users\Ondřej\Desktop\WINWORD – zástupce.lnk
2017-02-16 10:12 - 2015-02-20 22:07 - 00001658 _____ C:\Users\Ondřej\Desktop\EXCEL – zástupce.lnk
2017-02-13 16:06 - 2016-09-20 22:26 - 00000000 ____D C:\Users\Ondřej
2017-02-13 16:06 - 2015-07-03 21:52 - 00000000 ____D C:\Users\Ondřej\Kindle
2017-02-12 21:09 - 2015-07-04 07:14 - 00000000 ____D C:\Users\Ondřej\Documents\My eBooks
2017-02-12 11:49 - 2015-03-08 21:40 - 00000000 ____D C:\Users\Ondřej\AppData\Local\Google
2017-02-06 21:26 - 2015-03-08 21:42 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 08:56 - 2015-03-03 19:23 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-03 08:54 - 2015-03-03 20:45 - 00000000 ____D C:\Users\Ondřej\AppData\Local\Apple Inc
2017-02-03 08:52 - 2015-03-03 19:24 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-02-02 22:44 - 2015-03-03 20:45 - 00000000 ___RD C:\Users\Ondřej\iCloudDrive
2017-01-30 08:10 - 2017-01-29 15:08 - 00000000 __SHD C:\Users\Ondřej\wc
==================== Files in the root of some directories =======
2016-01-30 07:46 - 2016-01-30 07:46 - 0000000 _____ () C:\Users\Ondřej\AppData\Roaming\mediaload.app.lock
2016-09-20 22:18 - 2016-09-20 22:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-02-17 14:30 - 2017-02-17 14:30 - 0739904 _____ (Oracle Corporation) C:\Users\Ondřej\AppData\Local\Temp\jre-8u121-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-21 18:56
==================== End of FRST.txt ============================
Ran by Ondřej (administrator) on NTB (01-03-2017 13:46:59)
Running from C:\Users\Ondřej\Downloads
Loaded Profiles: Ondřej (Available Profiles: Ondřej & UpdatusUser & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(AVAST Software) C:\Users\Ondřej\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533568 2012-08-23] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\MountPoints2: {c8d47fba-f2f1-11e2-bfc0-68942315ce82} - "E:\aoesetup.exe" /autorun
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\MountPoints2: {c8d48001-f2f1-11e2-bfc0-68942315ce82} - "F:\Setup.exe"
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-09-13]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 217.170.96.24 217.170.96.2 192.168.22.1
Tcpip\..\Interfaces\{8680d25c-04a7-4291-a79b-e558cd0be22a}: [DhcpNameServer] 217.170.96.24 217.170.96.2 192.168.22.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-17] (Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FireFox:
========
FF ProfilePath: C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 [2017-03-01]
FF NewTab: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> Seznam
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> Seznam
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> Seznam
FF Homepage: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> hxxps://www.seznam.cz/?clid=22668
FF Keyword.URL: Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777 -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777\features\{14f6700f-65b0-40b6-8d34-14a5dd9c8e1f}\disableSHA1rollout@mozilla.org.xpi [2017-02-26]
FF SearchPlugin: C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\z4zx0szz.default-1432210523777\searchplugins\seznam-avast.xml [2017-01-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-28] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-28] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-959826868-2704866173-1510423850-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ondřej\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-13] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006"
CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> hxxps://www.google.com/complete/search?client=c ... earchTerms}
CHR Profile: C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default [2017-02-27]
CHR Extension: (Prezentace Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-08]
CHR Extension: (Dokumenty Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-08]
CHR Extension: (Disk Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-02-27]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-02-27]
CHR Extension: (YouTube) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09]
CHR Extension: (Vyhledávání Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-09]
CHR Extension: (Tabulky Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-02-27]
CHR Extension: (Gmail) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]
Opera:
=======
OPR StartupUrls:
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-24] (Acer Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2771848 2016-11-30] (ESET)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-10] (ELAN Microelectronics Corp.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-13] (Dritek System INC.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2015-02-20] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [262792 2016-11-30] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-06-28] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [197248 2016-11-30] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [153216 2016-11-30] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [208520 2016-11-30] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [61568 2016-11-30] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [84616 2016-11-30] (ESET)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9934c34dc6ca0c4b\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-13] (Dritek System Inc.)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-01 13:46 - 2017-03-01 13:46 - 00000000 ____D C:\Users\Ondřej\Downloads\FRST-OlderVersion
2017-02-28 21:54 - 2017-02-28 21:54 - 03890448 _____ C:\Users\Ondřej\Downloads\Ort,-J.---Kapitoly-ze-sociologie-stáří-(Společenské-a-sociální-aspekty-stárnutí)-[poprehadzované]-(2004)-ZMEN-2.pdf
2017-02-28 21:40 - 2017-02-28 21:40 - 00000000 ___HD C:\OneDriveTemp
2017-02-28 21:31 - 2017-02-28 21:31 - 00000000 ____D C:\Users\Ondřej\Downloads\Zábavná-matematika
2017-02-28 21:14 - 2017-02-28 21:37 - 00000000 ____D C:\AdwCleaner
2017-02-28 21:13 - 2017-02-28 21:13 - 04015056 _____ C:\Users\Ondřej\Downloads\adwcleaner_6.043.exe
2017-02-28 19:30 - 2017-02-28 19:30 - 00002519 _____ C:\Users\Ondřej\Desktop\z181015251_01b.xml
2017-02-28 08:17 - 2017-02-28 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-27 14:36 - 2017-02-27 14:40 - 00052065 _____ C:\Users\Ondřej\Downloads\Addition.txt
2017-02-27 14:26 - 2017-03-01 13:46 - 00025093 _____ C:\Users\Ondřej\Downloads\FRST.txt
2017-02-27 14:25 - 2017-03-01 13:46 - 00000000 ____D C:\FRST
2017-02-27 14:24 - 2017-03-01 13:46 - 02423808 _____ (Farbar) C:\Users\Ondřej\Downloads\FRST64.exe
2017-02-21 19:49 - 2017-02-21 19:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-21 19:49 - 2017-02-21 19:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-20 17:19 - 2017-02-20 17:19 - 04481590 _____ C:\Users\Ondřej\Downloads\Nový Prezentace aplikace Microsoft PowerPoint.pptx
2017-02-19 17:37 - 2017-02-19 17:37 - 01274552 _____ (Microsoft Corporation) C:\Users\Ondřej\Downloads\NetFxRepairTool.exe
2017-02-19 17:30 - 2017-02-19 17:30 - 01424328 _____ (Microsoft Corporation) C:\Users\Ondřej\Downloads\NDP461-KB3102438-Web.exe
2017-02-19 17:21 - 2017-02-19 17:21 - 00267445 _____ C:\Users\Ondřej\Downloads\dotnetfx_cleanup_tool.zip
2017-02-19 17:21 - 2017-02-19 17:21 - 00000000 ____D C:\Users\Ondřej\Downloads\dotnetfx_cleanup_tool
2017-02-19 10:15 - 2017-02-19 10:15 - 00710981 _____ C:\Users\Ondřej\Downloads\Opereta.pptx
2017-02-09 09:33 - 2017-02-09 09:33 - 00046408 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-09 09:33 - 2017-02-09 09:33 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-05 10:22 - 2017-02-05 10:29 - 122003489 _____ C:\Users\Ondřej\Downloads\Zábavná-matematika.rar
2017-02-03 08:57 - 2017-02-03 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-03 08:56 - 2017-02-03 08:57 - 00000000 ____D C:\Program Files\iTunes
2017-02-03 08:56 - 2017-02-03 08:56 - 00000000 ____D C:\Program Files\iPod
2017-02-03 08:54 - 2017-02-03 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-02-03 08:52 - 2017-02-03 08:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-02-03 08:52 - 2017-02-03 08:52 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-01 13:41 - 2016-11-18 07:26 - 00000000 ____D C:\Users\Ondřej\AppData\LocalLow\Mozilla
2017-03-01 13:38 - 2016-09-20 22:12 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-28 21:41 - 2016-06-27 13:38 - 00000000 ___RD C:\Users\Ondřej\Desktop\Dropbox
2017-02-28 21:40 - 2015-08-06 15:57 - 00000000 ___RD C:\Users\Ondřej\OneDrive
2017-02-28 21:38 - 2016-09-20 23:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-28 21:38 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-28 21:22 - 2016-10-01 10:28 - 00000000 ____D C:\Users\Ondřej\AppData\Roaming\Lavasoft
2017-02-28 21:22 - 2016-10-01 10:28 - 00000000 ____D C:\ProgramData\Lavasoft
2017-02-28 21:22 - 2016-10-01 10:28 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2017-02-28 08:18 - 2015-10-07 19:25 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-27 14:22 - 2012-12-23 09:07 - 00000000 ____D C:\Users\Ondřej\Desktop\programy
2017-02-27 09:40 - 2017-01-29 15:08 - 00000000 ____D C:\ProgramData\Family Farm
2017-02-26 20:28 - 2017-01-28 09:16 - 00000000 ____D C:\Users\Ondřej\Desktop\David
2017-02-26 10:02 - 2014-01-23 15:26 - 00000000 ___RD C:\Users\Ondřej\Desktop\Elenka
2017-02-24 19:51 - 2014-02-15 07:41 - 00000000 ____D C:\Users\Ondřej\Documents\Noty a MuseScore
2017-02-21 18:28 - 2015-11-17 10:02 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-18 19:54 - 2016-12-06 20:48 - 00003268 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-18 19:54 - 2015-08-06 15:57 - 00002427 _____ C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-17 14:33 - 2015-07-28 06:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-17 14:33 - 2015-07-28 06:52 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-17 14:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-17 14:32 - 2015-07-28 06:54 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-17 08:51 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-16 10:12 - 2015-02-20 22:07 - 00001689 _____ C:\Users\Ondřej\Desktop\POWERPNT – zástupce.lnk
2017-02-16 10:12 - 2015-02-20 22:07 - 00001678 _____ C:\Users\Ondřej\Desktop\WINWORD – zástupce.lnk
2017-02-16 10:12 - 2015-02-20 22:07 - 00001658 _____ C:\Users\Ondřej\Desktop\EXCEL – zástupce.lnk
2017-02-13 16:06 - 2016-09-20 22:26 - 00000000 ____D C:\Users\Ondřej
2017-02-13 16:06 - 2015-07-03 21:52 - 00000000 ____D C:\Users\Ondřej\Kindle
2017-02-12 21:09 - 2015-07-04 07:14 - 00000000 ____D C:\Users\Ondřej\Documents\My eBooks
2017-02-12 11:49 - 2015-03-08 21:40 - 00000000 ____D C:\Users\Ondřej\AppData\Local\Google
2017-02-06 21:26 - 2015-03-08 21:42 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 08:56 - 2015-03-03 19:23 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-03 08:54 - 2015-03-03 20:45 - 00000000 ____D C:\Users\Ondřej\AppData\Local\Apple Inc
2017-02-03 08:52 - 2015-03-03 19:24 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-02-02 22:44 - 2015-03-03 20:45 - 00000000 ___RD C:\Users\Ondřej\iCloudDrive
2017-01-30 08:10 - 2017-01-29 15:08 - 00000000 __SHD C:\Users\Ondřej\wc
==================== Files in the root of some directories =======
2016-01-30 07:46 - 2016-01-30 07:46 - 0000000 _____ () C:\Users\Ondřej\AppData\Roaming\mediaload.app.lock
2016-09-20 22:18 - 2016-09-20 22:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-02-17 14:30 - 2017-02-17 14:30 - 0739904 _____ (Oracle Corporation) C:\Users\Ondřej\AppData\Local\Temp\jre-8u121-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-21 18:56
==================== End of FRST.txt ============================
Re: Cerber
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by Ondřej (01-03-2017 13:49:53)
Running from C:\Users\Ondřej\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-20 22:29:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-959826868-2704866173-1510423850-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-959826868-2704866173-1510423850-503 - Limited - Disabled)
Guest (S-1-5-21-959826868-2704866173-1510423850-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-959826868-2704866173-1510423850-1016 - Limited - Enabled)
Ondřej (S-1-5-21-959826868-2704866173-1510423850-1002 - Administrator - Enabled) => C:\Users\Ondřej
UpdatusUser (S-1-5-21-959826868-2704866173-1510423850-1011 - Limited - Enabled) => C:\Users\UpdatusUser.ntb
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABC Amber Palm Converter (HKLM-x32\...\ABC Amber Palm Converter) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
avast! Browser Cleanup (HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\avast! Browser Cleanup) (Version: 10.2.2218.71 - AVAST Software)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
calibre 64bit (HKLM\...\{0F675D48-5FF3-48FC-B07F-B6EB91A440E5}) (Version: 2.44.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
Convert MOV to AVI 1.0 (HKLM-x32\...\{A39EA3C8-7BF3-4FA7-9A67-3D3611BAE59E}_is1) (Version: - convertmovtoavi.com)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
ESET Smart Security (HKLM\...\{D94B5945-22DD-47C9-9CA4-ED784C9B2427}) (Version: 9.0.385.1 - ESET, spol. s r.o.)
Fire Captain version 1.0 (HKLM-x32\...\{EFE597CD-937C-4388-AA52-E6B698112282}_is1) (Version: 1.0 - Brigades)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.1.1115 - Foxit Software Inc.)
Freemake Video Converter verze 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GoGear SA5MXX Device Manager (HKLM-x32\...\{813A14AE-62BB-42CF-B41F-FF68D44E7B21}) (Version: 1.00 - Philips)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.3.5254 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Acer Incorporated)
Malwarebytes Anti-Malware verze 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MuseScore 2 (HKLM-x32\...\{4F0E15EA-F64C-11E5-9992-E717EA7DB0C8}) (Version: 2.0.3 - Werner Schweer and Others)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.10 - Symantec Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA Ovladače grafiky 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Ovládací panel NVIDIA 369.09 (Version: 369.09 - NVIDIA Corporation) Hidden
Podpora aplikací Apple (64bitová) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stellarium 0.14.1 (HKLM\...\Stellarium_is1) (Version: 0.14.1 - Stellarium team)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
UnityPDF version 1.0.7.0 (HKLM-x32\...\{DBA31E1D-4CD2-4E8E-9EEB-ADBE24D8C04F}_is1) (Version: 1.0.7.0 - UnityPDF)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Web Companion (HKLM-x32\...\{4c8561f5-a5a8-4336-b033-0931ddf28bb5}) (Version: 2.3.1460.2843 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-959826868-2704866173-1510423850-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Ondřej\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\RobloxProxy64.dll (ROBLOX Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {087AE307-9CD3-4AFD-98B1-EE79A24C7AFA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1A3EF5D0-A88F-4113-903B-3D0ECE285CF1} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {1BB1A83B-D864-4DF0-B8B1-33F2BB71FA21} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {30CB288C-6BF9-42BE-AE51-0CFA6103CBE5} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {37786C24-BB95-41FF-BD26-AB1A2BBE9B4A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {382B4ED8-84A5-4965-8663-4821D2F05FBC} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Ondřej\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {39296EE3-CF67-49D7-95E9-297000DC865F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3AD3640F-897F-4CC5-A4AB-BA46FECA55F8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.)
Task: {41D7949E-B659-4F93-833A-5E01E5F838B9} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {52FDA480-7A39-4551-9BC0-70A32D2AD09C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-14] (Adobe Systems Incorporated)
Task: {55AE0F0D-5390-416D-B252-466DB5BED040} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {58F0BEF2-D76C-4760-BA4B-AC472B252869} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {5C608ED5-B742-4060-825B-22946DB25F00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {60469011-461B-45BE-87B9-4DCF9DAA931F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-26] (Google Inc.)
Task: {626B3A8C-37F6-4ED3-A637-CEEF3044109E} - System32\Tasks\avastBCLS-1-5-21-959826868-2704866173-1510423850-1002 => C:\Users\Ondřej\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2016-11-08] (AVAST Software)
Task: {672ECD12-730D-47BD-A56D-1B9D16D3F2FE} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {6E402C73-4731-468B-9638-4E7C4D8F9A8D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-28] (Adobe Systems Incorporated)
Task: {87BCC9DD-AB04-4E35-902F-631342D5C975} - System32\Tasks\avast! BCU UpdateS-1-5-21-959826868-2704866173-1510423850-1002 => C:\Users\Ondřej\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {8BAB3741-36BD-4876-B4D9-19687EDCFDF1} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe
Task: {A1852AAE-2544-494E-AD8E-FACC84D94E60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-26] (Google Inc.)
Task: {A7EE11A2-85FF-4B89-A729-76777AABF68C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8D33E03-C840-439E-A615-2CF9A8579A90} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B233F7AB-7A81-4F85-92F7-B0365F4107E1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B787328D-6708-4674-92C4-C5EA61F247AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B8A0E030-9F98-4C92-8360-6074C9413DD2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {BF728866-57A5-40D3-BB76-6F44A2CDF694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D77DEFE8-07B7-4662-B416-57C0DE2318FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E0DB9F8B-ECA7-48BE-AFE4-E8F92286AE13} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.)
Task: {E81148B5-7EE7-404A-989D-FFC3CFCBE901} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-24] ()
Task: {F155A46C-021D-424A-94F6-1749FAF98DDF} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {F5157A2F-D1F8-4D01-B3AA-F7573B2AA899} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F58F4A0B-4D42-4B35-8758-221565885AEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FD5869C3-622D-447F-966D-D1203F1AB49C} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Ondřej\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-01 08:36 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-20 22:20 - 2016-08-01 13:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-01 08:36 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-20 22:56 - 2016-09-20 22:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-11 19:18 - 2016-10-05 10:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-11 19:18 - 2016-10-05 10:34 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-10-11 19:18 - 2016-10-05 10:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-11 19:19 - 2016-10-05 10:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-11 19:19 - 2016-10-05 10:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-11 19:19 - 2016-10-05 10:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-11 19:19 - 2016-10-05 10:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-02-12 22:13 - 2016-02-12 22:13 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2012-08-22 23:04 - 2012-08-22 23:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-22 23:04 - 2012-08-22 23:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2016-10-20 13:33 - 2016-10-20 13:35 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-10-20 13:33 - 2016-10-20 13:35 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-20 13:33 - 2016-10-20 13:35 - 35253760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-08-25 08:01 - 2016-08-25 08:01 - 03763712 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
2012-08-23 07:26 - 2012-08-23 07:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 07:26 - 2012-08-23 07:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 07:26 - 2012-08-23 07:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2017-02-28 08:17 - 2017-02-21 19:58 - 00802112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-02-08 14:14 - 2017-01-25 22:03 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-02-08 14:14 - 2017-01-25 22:03 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-01-24 09:23 - 2017-01-25 22:03 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-01-24 09:23 - 2017-02-21 20:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-01-24 09:23 - 2017-01-25 22:03 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-02-08 14:14 - 2017-01-25 22:04 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-28 08:17 - 2017-01-25 22:03 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-28 08:17 - 2017-01-25 22:04 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-28 08:17 - 2017-01-25 22:03 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-01-24 09:23 - 2017-01-25 22:06 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-24 09:23 - 2017-01-25 22:06 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-02-28 08:17 - 2017-01-25 22:03 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-28 08:17 - 2017-01-25 22:06 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-01-24 09:23 - 2017-02-21 20:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-01-24 09:23 - 2017-01-25 22:06 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-01-24 09:23 - 2017-01-25 22:06 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-01-24 09:23 - 2017-01-25 22:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-01-24 09:23 - 2017-01-25 22:06 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-02-08 14:14 - 2017-01-25 22:05 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-01-24 09:23 - 2017-01-25 22:04 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-28 08:17 - 2017-01-25 22:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-28 08:17 - 2017-02-21 20:01 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-02-28 08:17 - 2017-01-27 03:02 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-02-28 08:17 - 2017-02-21 20:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-28 08:17 - 2017-01-25 22:11 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-28 08:17 - 2017-01-25 22:11 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-28 08:17 - 2017-02-21 20:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2012-09-13 22:21 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_email1229235768 [1431]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_firmy-216282473 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_novinky-1609642764 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_prozeny771666966 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_sport6476750 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_stream1444311432 [703]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_super-41222104 [2302]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\localhost -> localhost
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2015-06-21 12:02 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Control Panel\Desktop\\Wallpaper -> c:\users\ondřej\desktop\p1330074.jpg
DNS Servers: 217.170.96.24 - 217.170.96.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: wuauserv => 3
HKLM\...\StartupApproved\StartupFolder: => "Acer Backup Manager Tray.lnk"
HKLM\...\StartupApproved\Run: => "mcpltui_exe"
HKLM\...\StartupApproved\Run: => "mcui_exe"
HKLM\...\StartupApproved\Run: => "Norton Online Backup"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\StartupFolder: => "crossbrowse.lnk"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{38EECC0E-0789-47EA-8120-B9A336BD182E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CC72DE1-BB65-4A11-A7C5-2AA2B4B8274C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6738E645-F10A-4A75-A918-CC3E2ACD378A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3A3B71CA-823F-4043-82EB-6F014EE688CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9636E7AE-3780-40F7-A7B8-446043D9EB43}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE14DFCA-44F7-45C5-B313-1C3ED0C528D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{93C4126F-6F69-4CE9-BE8C-AC65057614C6}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{5439F846-2233-4054-BA34-751859F31F67}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [{EEE78509-522C-4E24-A5DB-CCCBDF75ECAC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{1C9AC323-3F9A-4230-A0F0-E79247C466FC}C:\program files (x86)\fire captain\fire.exe] => (Block) C:\program files (x86)\fire captain\fire.exe
FirewallRules: [TCP Query User{2A0E6EAD-29B7-4A8F-8A6E-757F7D224E28}C:\program files (x86)\fire captain\fire.exe] => (Block) C:\program files (x86)\fire captain\fire.exe
FirewallRules: [UDP Query User{67A7ACB2-DFBC-4339-9086-05951F415566}C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{72E93C52-5A5F-434E-912B-406F223DE96D}C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{C493EAE8-ACF7-4D44-AF9D-38E92861C275}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{92D4EB48-EF5E-4121-81FD-8F4290040FF0}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{D072D69F-BB06-41C6-8939-C75C07F915E7}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{031A9002-9F87-40A7-8F9E-5EDFCD95338E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E30D0C0B-14CE-4B05-A987-1966C5725160}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F720BDE6-F9E1-44EA-8FED-FBC6FF8409B6}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{0890C160-D5C8-445C-BA0D-761FE9FE231E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{61EF0C51-18C2-4CEF-BA0D-3251DE25698B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{1CC83BFC-273C-4F8B-ADC0-45E923FCF279}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{E0AF2BB6-1D41-4489-BB32-F19488577C42}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{CD39EE26-21B4-4421-8A5D-DC2426376E17}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{ACB984C1-1E2E-4180-9A1D-1192C799213D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{E8729967-AAEB-4610-82CD-1EE4757C99E0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{E4ABDD0A-863E-45C0-81CD-9AD5A212D4DB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{64982B25-DA1C-4EC5-8638-72179B005451}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{9BE3C5EA-3008-4BB7-9749-195BF5E6C103}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{BEB62DD4-F0F3-4A91-AE1F-A287393C3A97}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{1237E698-EF2A-4F55-A337-3491696155D0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BC4087E1-18B9-4F0C-BF0E-14054B5D2C8F}] => (Allow) LPort=2869
FirewallRules: [{0D90A1E5-8E6B-4731-98F0-DD44D16D8E45}] => (Allow) LPort=1900
FirewallRules: [{3E2CB0E6-C8F8-4D0C-BEFB-9BE2FD1CA866}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCF23E33-0449-4C6E-AA45-AF1E8523F681}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BF32FF27-56CB-4647-88F0-FF9CA43FA3E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AAF72DD6-289F-4D8E-A00B-BCB45F95C92B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7F74776C-9D95-49B2-876A-C9DC2563D21A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{299EF1EA-10E8-43CA-A745-B4A11247C913}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7AFF9763-8BB0-4129-B8AC-6ECC4212A48A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{325FEEB4-6FBF-4B35-BBBB-2189FA46D0E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AD332EAC-6E5F-490F-BD3A-5063A284CB2B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
12-02-2017 10:11:32 Naplánovaný kontrolní bod
20-02-2017 18:15:02 Naplánovaný kontrolní bod
27-02-2017 13:49:19 Removed Podpora aplikací Apple (32bitová)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/01/2017 01:52:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:50:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:49:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:47:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:45:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:44:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:43:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:41:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:40:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:39:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
System errors:
=============
Error: (03/01/2017 07:34:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby Spooler bylo dosaženo časového limitu (30000 ms).
Error: (03/01/2017 07:34:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/28/2017 09:42:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby:
Služba nebyla zahájena, protože se nepodařilo přihlásit.
Error: (02/28/2017 09:42:39 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s aktuálně konfigurovaným heslem z důvodu následující chyby:
Uživatelské jméno nebo heslo je nesprávné.
Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).
Error: (02/28/2017 09:39:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_2dd38 byla ukončena s následující chybou:
Nespecifikovaná chyba
Error: (02/28/2017 09:38:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/28/2017 09:38:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/28/2017 09:38:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Apple Mobile Device Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedenou cestu.
Error: (02/28/2017 09:37:46 PM) (Source: DCOM) (EventID: 10010) (User: ntb)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/28/2017 09:37:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Apple Mobile Device Service byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
CodeIntegrity:
===================================
Date: 2017-03-01 13:47:03.381
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:47:03.376
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:42:12.486
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:42:12.480
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:42:01.421
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:42:01.415
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:39:55.748
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:39:55.743
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:35:05.347
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:35:05.342
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 8005.27 MB
Available physical RAM: 5296.04 MB
Total Virtual: 27461.27 MB
Available Virtual: 24965.57 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:675.91 GB) (Free:379.81 GB) NTFS
Drive e: (AOE2) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
Drive f: (MARINE) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: D578584D)
Partition: GPT.
==================== End of Addition.txt ============================
Ran by Ondřej (01-03-2017 13:49:53)
Running from C:\Users\Ondřej\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-20 22:29:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-959826868-2704866173-1510423850-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-959826868-2704866173-1510423850-503 - Limited - Disabled)
Guest (S-1-5-21-959826868-2704866173-1510423850-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-959826868-2704866173-1510423850-1016 - Limited - Enabled)
Ondřej (S-1-5-21-959826868-2704866173-1510423850-1002 - Administrator - Enabled) => C:\Users\Ondřej
UpdatusUser (S-1-5-21-959826868-2704866173-1510423850-1011 - Limited - Enabled) => C:\Users\UpdatusUser.ntb
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABC Amber Palm Converter (HKLM-x32\...\ABC Amber Palm Converter) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
avast! Browser Cleanup (HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\avast! Browser Cleanup) (Version: 10.2.2218.71 - AVAST Software)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
calibre 64bit (HKLM\...\{0F675D48-5FF3-48FC-B07F-B6EB91A440E5}) (Version: 2.44.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
Convert MOV to AVI 1.0 (HKLM-x32\...\{A39EA3C8-7BF3-4FA7-9A67-3D3611BAE59E}_is1) (Version: - convertmovtoavi.com)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
ESET Smart Security (HKLM\...\{D94B5945-22DD-47C9-9CA4-ED784C9B2427}) (Version: 9.0.385.1 - ESET, spol. s r.o.)
Fire Captain version 1.0 (HKLM-x32\...\{EFE597CD-937C-4388-AA52-E6B698112282}_is1) (Version: 1.0 - Brigades)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.1.1115 - Foxit Software Inc.)
Freemake Video Converter verze 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GoGear SA5MXX Device Manager (HKLM-x32\...\{813A14AE-62BB-42CF-B41F-FF68D44E7B21}) (Version: 1.00 - Philips)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.3.5254 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Acer Incorporated)
Malwarebytes Anti-Malware verze 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MuseScore 2 (HKLM-x32\...\{4F0E15EA-F64C-11E5-9992-E717EA7DB0C8}) (Version: 2.0.3 - Werner Schweer and Others)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.10 - Symantec Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA Ovladače grafiky 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Ovládací panel NVIDIA 369.09 (Version: 369.09 - NVIDIA Corporation) Hidden
Podpora aplikací Apple (64bitová) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stellarium 0.14.1 (HKLM\...\Stellarium_is1) (Version: 0.14.1 - Stellarium team)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
UnityPDF version 1.0.7.0 (HKLM-x32\...\{DBA31E1D-4CD2-4E8E-9EEB-ADBE24D8C04F}_is1) (Version: 1.0.7.0 - UnityPDF)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Web Companion (HKLM-x32\...\{4c8561f5-a5a8-4336-b033-0931ddf28bb5}) (Version: 2.3.1460.2843 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-959826868-2704866173-1510423850-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Ondřej\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\RobloxProxy64.dll (ROBLOX Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {087AE307-9CD3-4AFD-98B1-EE79A24C7AFA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1A3EF5D0-A88F-4113-903B-3D0ECE285CF1} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {1BB1A83B-D864-4DF0-B8B1-33F2BB71FA21} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {30CB288C-6BF9-42BE-AE51-0CFA6103CBE5} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {37786C24-BB95-41FF-BD26-AB1A2BBE9B4A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {382B4ED8-84A5-4965-8663-4821D2F05FBC} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Ondřej\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {39296EE3-CF67-49D7-95E9-297000DC865F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3AD3640F-897F-4CC5-A4AB-BA46FECA55F8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.)
Task: {41D7949E-B659-4F93-833A-5E01E5F838B9} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {52FDA480-7A39-4551-9BC0-70A32D2AD09C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-14] (Adobe Systems Incorporated)
Task: {55AE0F0D-5390-416D-B252-466DB5BED040} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {58F0BEF2-D76C-4760-BA4B-AC472B252869} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {5C608ED5-B742-4060-825B-22946DB25F00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {60469011-461B-45BE-87B9-4DCF9DAA931F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-26] (Google Inc.)
Task: {626B3A8C-37F6-4ED3-A637-CEEF3044109E} - System32\Tasks\avastBCLS-1-5-21-959826868-2704866173-1510423850-1002 => C:\Users\Ondřej\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2016-11-08] (AVAST Software)
Task: {672ECD12-730D-47BD-A56D-1B9D16D3F2FE} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {6E402C73-4731-468B-9638-4E7C4D8F9A8D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-28] (Adobe Systems Incorporated)
Task: {87BCC9DD-AB04-4E35-902F-631342D5C975} - System32\Tasks\avast! BCU UpdateS-1-5-21-959826868-2704866173-1510423850-1002 => C:\Users\Ondřej\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {8BAB3741-36BD-4876-B4D9-19687EDCFDF1} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe
Task: {A1852AAE-2544-494E-AD8E-FACC84D94E60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-26] (Google Inc.)
Task: {A7EE11A2-85FF-4B89-A729-76777AABF68C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8D33E03-C840-439E-A615-2CF9A8579A90} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B233F7AB-7A81-4F85-92F7-B0365F4107E1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B787328D-6708-4674-92C4-C5EA61F247AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B8A0E030-9F98-4C92-8360-6074C9413DD2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {BF728866-57A5-40D3-BB76-6F44A2CDF694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D77DEFE8-07B7-4662-B416-57C0DE2318FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E0DB9F8B-ECA7-48BE-AFE4-E8F92286AE13} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.)
Task: {E81148B5-7EE7-404A-989D-FFC3CFCBE901} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-24] ()
Task: {F155A46C-021D-424A-94F6-1749FAF98DDF} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {F5157A2F-D1F8-4D01-B3AA-F7573B2AA899} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F58F4A0B-4D42-4B35-8758-221565885AEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FD5869C3-622D-447F-966D-D1203F1AB49C} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Ondřej\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-01 08:36 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-20 22:20 - 2016-08-01 13:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-01 08:36 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-20 22:56 - 2016-09-20 22:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-11 19:18 - 2016-10-05 10:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-11 19:18 - 2016-10-05 10:34 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-10-11 19:18 - 2016-10-05 10:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-11 19:19 - 2016-10-05 10:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-11 19:19 - 2016-10-05 10:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-11 19:19 - 2016-10-05 10:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-11 19:19 - 2016-10-05 10:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-02-12 22:13 - 2016-02-12 22:13 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2012-08-22 23:04 - 2012-08-22 23:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-22 23:04 - 2012-08-22 23:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2016-10-20 13:33 - 2016-10-20 13:35 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-10-20 13:33 - 2016-10-20 13:35 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-20 13:33 - 2016-10-20 13:35 - 35253760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-08-25 08:01 - 2016-08-25 08:01 - 03763712 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
2012-08-23 07:26 - 2012-08-23 07:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 07:26 - 2012-08-23 07:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 07:25 - 2012-08-23 07:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 07:26 - 2012-08-23 07:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2017-02-28 08:17 - 2017-02-21 19:58 - 00802112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-02-08 14:14 - 2017-01-25 22:03 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-02-08 14:14 - 2017-01-25 22:03 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-01-24 09:23 - 2017-01-25 22:03 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-01-24 09:23 - 2017-02-21 20:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-01-24 09:23 - 2017-01-25 22:03 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-02-08 14:14 - 2017-01-25 22:04 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-28 08:17 - 2017-01-25 22:03 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-28 08:17 - 2017-01-25 22:04 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-28 08:17 - 2017-01-25 22:03 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-01-24 09:23 - 2017-01-25 22:06 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-24 09:23 - 2017-01-25 22:06 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-02-28 08:17 - 2017-01-25 22:03 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-28 08:17 - 2017-01-25 22:06 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-01-24 09:23 - 2017-02-21 20:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-01-24 09:23 - 2017-01-25 22:06 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-01-24 09:23 - 2017-01-25 22:06 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-01-24 09:23 - 2017-01-25 22:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-01-24 09:23 - 2017-01-25 22:06 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-02-08 14:14 - 2017-01-25 22:05 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-01-24 09:23 - 2017-01-25 22:04 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-28 08:17 - 2017-01-25 22:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-28 08:17 - 2017-02-21 20:01 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-02-28 08:17 - 2017-01-27 03:02 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-02-28 08:17 - 2017-02-21 20:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-28 08:17 - 2017-01-25 22:11 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-28 08:17 - 2017-01-25 22:11 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-28 08:17 - 2017-02-21 20:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-02-08 14:14 - 2017-01-25 22:06 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-08 14:14 - 2017-02-21 20:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-28 08:17 - 2017-02-21 20:01 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2012-09-13 22:21 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_email1229235768 [1431]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_firmy-216282473 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_novinky-1609642764 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_prozeny771666966 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_sport6476750 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_stream1444311432 [703]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_super-41222104 [2302]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\localhost -> localhost
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2015-06-21 12:02 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Control Panel\Desktop\\Wallpaper -> c:\users\ondřej\desktop\p1330074.jpg
DNS Servers: 217.170.96.24 - 217.170.96.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: wuauserv => 3
HKLM\...\StartupApproved\StartupFolder: => "Acer Backup Manager Tray.lnk"
HKLM\...\StartupApproved\Run: => "mcpltui_exe"
HKLM\...\StartupApproved\Run: => "mcui_exe"
HKLM\...\StartupApproved\Run: => "Norton Online Backup"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\StartupFolder: => "crossbrowse.lnk"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{38EECC0E-0789-47EA-8120-B9A336BD182E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CC72DE1-BB65-4A11-A7C5-2AA2B4B8274C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6738E645-F10A-4A75-A918-CC3E2ACD378A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3A3B71CA-823F-4043-82EB-6F014EE688CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9636E7AE-3780-40F7-A7B8-446043D9EB43}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE14DFCA-44F7-45C5-B313-1C3ED0C528D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{93C4126F-6F69-4CE9-BE8C-AC65057614C6}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{5439F846-2233-4054-BA34-751859F31F67}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [{EEE78509-522C-4E24-A5DB-CCCBDF75ECAC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{1C9AC323-3F9A-4230-A0F0-E79247C466FC}C:\program files (x86)\fire captain\fire.exe] => (Block) C:\program files (x86)\fire captain\fire.exe
FirewallRules: [TCP Query User{2A0E6EAD-29B7-4A8F-8A6E-757F7D224E28}C:\program files (x86)\fire captain\fire.exe] => (Block) C:\program files (x86)\fire captain\fire.exe
FirewallRules: [UDP Query User{67A7ACB2-DFBC-4339-9086-05951F415566}C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{72E93C52-5A5F-434E-912B-406F223DE96D}C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\ondřej\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{C493EAE8-ACF7-4D44-AF9D-38E92861C275}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{92D4EB48-EF5E-4121-81FD-8F4290040FF0}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{D072D69F-BB06-41C6-8939-C75C07F915E7}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{031A9002-9F87-40A7-8F9E-5EDFCD95338E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E30D0C0B-14CE-4B05-A987-1966C5725160}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F720BDE6-F9E1-44EA-8FED-FBC6FF8409B6}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{0890C160-D5C8-445C-BA0D-761FE9FE231E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{61EF0C51-18C2-4CEF-BA0D-3251DE25698B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{1CC83BFC-273C-4F8B-ADC0-45E923FCF279}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{E0AF2BB6-1D41-4489-BB32-F19488577C42}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{CD39EE26-21B4-4421-8A5D-DC2426376E17}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{ACB984C1-1E2E-4180-9A1D-1192C799213D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{E8729967-AAEB-4610-82CD-1EE4757C99E0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{E4ABDD0A-863E-45C0-81CD-9AD5A212D4DB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{64982B25-DA1C-4EC5-8638-72179B005451}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{9BE3C5EA-3008-4BB7-9749-195BF5E6C103}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{BEB62DD4-F0F3-4A91-AE1F-A287393C3A97}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{1237E698-EF2A-4F55-A337-3491696155D0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BC4087E1-18B9-4F0C-BF0E-14054B5D2C8F}] => (Allow) LPort=2869
FirewallRules: [{0D90A1E5-8E6B-4731-98F0-DD44D16D8E45}] => (Allow) LPort=1900
FirewallRules: [{3E2CB0E6-C8F8-4D0C-BEFB-9BE2FD1CA866}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCF23E33-0449-4C6E-AA45-AF1E8523F681}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BF32FF27-56CB-4647-88F0-FF9CA43FA3E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AAF72DD6-289F-4D8E-A00B-BCB45F95C92B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7F74776C-9D95-49B2-876A-C9DC2563D21A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{299EF1EA-10E8-43CA-A745-B4A11247C913}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7AFF9763-8BB0-4129-B8AC-6ECC4212A48A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{325FEEB4-6FBF-4B35-BBBB-2189FA46D0E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AD332EAC-6E5F-490F-BD3A-5063A284CB2B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
12-02-2017 10:11:32 Naplánovaný kontrolní bod
20-02-2017 18:15:02 Naplánovaný kontrolní bod
27-02-2017 13:49:19 Removed Podpora aplikací Apple (32bitová)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/01/2017 01:52:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:50:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:49:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:47:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:45:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:44:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:43:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:41:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:40:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
Error: (03/01/2017 01:39:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (984) SRUJet: Ověření načtení stránky databáze ze souboru C:\WINDOWS\system32\SRU\SRUDB.dat na posunu 4079616 (0x00000000003e4000) (stránka databáze 995 (0x3E3)) o 4096 (0x00001000) bajtů selhalo. Došlo k neshodě kontrolního součtu stránky. Uložil se kontrolní součet [b0ff4d65fdc5eb96], ale vypočítaný kontrolní součet byl [2620262047aa77b9]. Operace čtení selže a dojde k chybě -1018 (0xfffffc06). Pokud s tím budou dál problémy, obnovte prosím databázi z předchozí zálohy. Tento problém je pravděpodobně způsobený vadným hardwarem. O další pomoc s diagnostikováním problému požádejte dodavatele hardwaru.
System errors:
=============
Error: (03/01/2017 07:34:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby Spooler bylo dosaženo časového limitu (30000 ms).
Error: (03/01/2017 07:34:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/28/2017 09:42:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby:
Služba nebyla zahájena, protože se nepodařilo přihlásit.
Error: (02/28/2017 09:42:39 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s aktuálně konfigurovaným heslem z důvodu následující chyby:
Uživatelské jméno nebo heslo je nesprávné.
Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).
Error: (02/28/2017 09:39:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_2dd38 byla ukončena s následující chybou:
Nespecifikovaná chyba
Error: (02/28/2017 09:38:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/28/2017 09:38:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/28/2017 09:38:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Apple Mobile Device Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedenou cestu.
Error: (02/28/2017 09:37:46 PM) (Source: DCOM) (EventID: 10010) (User: ntb)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/28/2017 09:37:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Apple Mobile Device Service byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
CodeIntegrity:
===================================
Date: 2017-03-01 13:47:03.381
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:47:03.376
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:42:12.486
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:42:12.480
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:42:01.421
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:42:01.415
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:39:55.748
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:39:55.743
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:35:05.347
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 13:35:05.342
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 8005.27 MB
Available physical RAM: 5296.04 MB
Total Virtual: 27461.27 MB
Available Virtual: 24965.57 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:675.91 GB) (Free:379.81 GB) NTFS
Drive e: (AOE2) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
Drive f: (MARINE) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: D578584D)
Partition: GPT.
==================== End of Addition.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Cerber
Otevřte poznámkový blok a zkopírujte do něj:
Uložte do C:\Users\Ondřej\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
Task: {1BB1A83B-D864-4DF0-B8B1-33F2BB71FA21} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {37786C24-BB95-41FF-BD26-AB1A2BBE9B4A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {39296EE3-CF67-49D7-95E9-297000DC865F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {55AE0F0D-5390-416D-B252-466DB5BED040} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A7EE11A2-85FF-4B89-A729-76777AABF68C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8D33E03-C840-439E-A615-2CF9A8579A90} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B233F7AB-7A81-4F85-92F7-B0365F4107E1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B787328D-6708-4674-92C4-C5EA61F247AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BF728866-57A5-40D3-BB76-6F44A2CDF694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D77DEFE8-07B7-4662-B416-57C0DE2318FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F5157A2F-D1F8-4D01-B3AA-F7573B2AA899} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F58F4A0B-4D42-4B35-8758-221565885AEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_email1229235768 [1431]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_firmy-216282473 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_novinky-1609642764 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_prozeny771666966 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_sport6476750 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_stream1444311432 [703]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_super-41222104 [2302]
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\MountPoints2: {c8d47fba-f2f1-11e2-bfc0-68942315ce82} - "E:\aoesetup.exe" /autorun
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\MountPoints2: {c8d48001-f2f1-11e2-bfc0-68942315ce82} - "F:\Setup.exe"
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006"
CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}?trackid=sp-006
C:\ProgramData\DP45977C.lfl
C:\Users\Ondřej\AppData\Local\Temp
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Cerber
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by Ondřej (01-03-2017 18:51:57) Run:1
Running from C:\Users\Ondřej\Downloads
Loaded Profiles: Ondřej (Available Profiles: Ondřej & UpdatusUser & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
Task: {1BB1A83B-D864-4DF0-B8B1-33F2BB71FA21} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {37786C24-BB95-41FF-BD26-AB1A2BBE9B4A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {39296EE3-CF67-49D7-95E9-297000DC865F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {55AE0F0D-5390-416D-B252-466DB5BED040} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A7EE11A2-85FF-4B89-A729-76777AABF68C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8D33E03-C840-439E-A615-2CF9A8579A90} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B233F7AB-7A81-4F85-92F7-B0365F4107E1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B787328D-6708-4674-92C4-C5EA61F247AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BF728866-57A5-40D3-BB76-6F44A2CDF694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D77DEFE8-07B7-4662-B416-57C0DE2318FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F5157A2F-D1F8-4D01-B3AA-F7573B2AA899} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F58F4A0B-4D42-4B35-8758-221565885AEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_email1229235768 [1431]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_firmy-216282473 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_novinky-1609642764 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_prozeny771666966 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_sport6476750 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_stream1444311432 [703]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_super-41222104 [2302]
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\MountPoints2: {c8d47fba-f2f1-11e2-bfc0-68942315ce82} - "E:\aoesetup.exe" /autorun
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\MountPoints2: {c8d48001-f2f1-11e2-bfc0-68942315ce82} - "F:\Setup.exe"
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006"
CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}?trackid=sp-006
C:\ProgramData\DP45977C.lfl
C:\Users\Ondřej\AppData\Local\Temp
EmptyTemp:
End
*****************
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BB1A83B-D864-4DF0-B8B1-33F2BB71FA21} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BB1A83B-D864-4DF0-B8B1-33F2BB71FA21} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37786C24-BB95-41FF-BD26-AB1A2BBE9B4A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37786C24-BB95-41FF-BD26-AB1A2BBE9B4A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39296EE3-CF67-49D7-95E9-297000DC865F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39296EE3-CF67-49D7-95E9-297000DC865F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55AE0F0D-5390-416D-B252-466DB5BED040} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55AE0F0D-5390-416D-B252-466DB5BED040} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7EE11A2-85FF-4B89-A729-76777AABF68C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7EE11A2-85FF-4B89-A729-76777AABF68C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8D33E03-C840-439E-A615-2CF9A8579A90} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8D33E03-C840-439E-A615-2CF9A8579A90} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B233F7AB-7A81-4F85-92F7-B0365F4107E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B233F7AB-7A81-4F85-92F7-B0365F4107E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B787328D-6708-4674-92C4-C5EA61F247AD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B787328D-6708-4674-92C4-C5EA61F247AD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF728866-57A5-40D3-BB76-6F44A2CDF694} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF728866-57A5-40D3-BB76-6F44A2CDF694} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D77DEFE8-07B7-4662-B416-57C0DE2318FB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D77DEFE8-07B7-4662-B416-57C0DE2318FB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5157A2F-D1F8-4D01-B3AA-F7573B2AA899} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5157A2F-D1F8-4D01-B3AA-F7573B2AA899} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F58F4A0B-4D42-4B35-8758-221565885AEF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F58F4A0B-4D42-4B35-8758-221565885AEF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_email1229235768" ADS removed successfully.
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_firmy-216282473" ADS removed successfully.
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_novinky-1609642764" ADS removed successfully.
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_prozeny771666966" ADS removed successfully.
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_sport6476750" ADS removed successfully.
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_stream1444311432" ADS removed successfully.
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_super-41222104" ADS removed successfully.
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8d47fba-f2f1-11e2-bfc0-68942315ce82} => key removed successfully
HKCR\CLSID\{c8d47fba-f2f1-11e2-bfc0-68942315ce82} => key not found.
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8d48001-f2f1-11e2-bfc0-68942315ce82} => key removed successfully
HKCR\CLSID\{c8d48001-f2f1-11e2-bfc0-68942315ce82} => key not found.
",C:\WINDOWS\system32\nvinitx.dll" => Value data removed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKCR\PROTOCOLS\Filter\application/x-mfe-ipt => key not found.
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found.
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"C:\Users\Ondřej\AppData\Local\Temp" folder move:
Could not move "C:\Users\Ondřej\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 3614660 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 73304652 B
Java, Flash, Steam htmlcache => 11351 B
Windows/system/drivers => 1831073 B
Edge => 120009514 B
Chrome => 14527647 B
Firefox => 380702534 B
Opera => 113664 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 7309262 B
LocalService => 8978 B
NetworkService => 0 B
Ondřej => 734489203 B
UpdatusUser.ntb => 0 B
Administrator => 0 B
RecycleBin => 39287772 B
EmptyTemp: => 1.3 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-03-2017 19:01:06)
C:\Users\Ondřej\AppData\Local\Temp => moved successfully
==== End of Fixlog 19:01:21 ====
Ran by Ondřej (01-03-2017 18:51:57) Run:1
Running from C:\Users\Ondřej\Downloads
Loaded Profiles: Ondřej (Available Profiles: Ondřej & UpdatusUser & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
Task: {1BB1A83B-D864-4DF0-B8B1-33F2BB71FA21} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {37786C24-BB95-41FF-BD26-AB1A2BBE9B4A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {39296EE3-CF67-49D7-95E9-297000DC865F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {55AE0F0D-5390-416D-B252-466DB5BED040} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A7EE11A2-85FF-4B89-A729-76777AABF68C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8D33E03-C840-439E-A615-2CF9A8579A90} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B233F7AB-7A81-4F85-92F7-B0365F4107E1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B787328D-6708-4674-92C4-C5EA61F247AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BF728866-57A5-40D3-BB76-6F44A2CDF694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D77DEFE8-07B7-4662-B416-57C0DE2318FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F5157A2F-D1F8-4D01-B3AA-F7573B2AA899} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F58F4A0B-4D42-4B35-8758-221565885AEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_email1229235768 [1431]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_firmy-216282473 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_novinky-1609642764 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_prozeny771666966 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_sport6476750 [2302]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_stream1444311432 [703]
AlternateDataStreams: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_super-41222104 [2302]
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\MountPoints2: {c8d47fba-f2f1-11e2-bfc0-68942315ce82} - "E:\aoesetup.exe" /autorun
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\...\MountPoints2: {c8d48001-f2f1-11e2-bfc0-68942315ce82} - "F:\Setup.exe"
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ondřej\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006"
CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}?trackid=sp-006
C:\ProgramData\DP45977C.lfl
C:\Users\Ondřej\AppData\Local\Temp
EmptyTemp:
End
*****************
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BB1A83B-D864-4DF0-B8B1-33F2BB71FA21} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BB1A83B-D864-4DF0-B8B1-33F2BB71FA21} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37786C24-BB95-41FF-BD26-AB1A2BBE9B4A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37786C24-BB95-41FF-BD26-AB1A2BBE9B4A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39296EE3-CF67-49D7-95E9-297000DC865F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39296EE3-CF67-49D7-95E9-297000DC865F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55AE0F0D-5390-416D-B252-466DB5BED040} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55AE0F0D-5390-416D-B252-466DB5BED040} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7EE11A2-85FF-4B89-A729-76777AABF68C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7EE11A2-85FF-4B89-A729-76777AABF68C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8D33E03-C840-439E-A615-2CF9A8579A90} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8D33E03-C840-439E-A615-2CF9A8579A90} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B233F7AB-7A81-4F85-92F7-B0365F4107E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B233F7AB-7A81-4F85-92F7-B0365F4107E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B787328D-6708-4674-92C4-C5EA61F247AD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B787328D-6708-4674-92C4-C5EA61F247AD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF728866-57A5-40D3-BB76-6F44A2CDF694} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF728866-57A5-40D3-BB76-6F44A2CDF694} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D77DEFE8-07B7-4662-B416-57C0DE2318FB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D77DEFE8-07B7-4662-B416-57C0DE2318FB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5157A2F-D1F8-4D01-B3AA-F7573B2AA899} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5157A2F-D1F8-4D01-B3AA-F7573B2AA899} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F58F4A0B-4D42-4B35-8758-221565885AEF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F58F4A0B-4D42-4B35-8758-221565885AEF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_email1229235768" ADS removed successfully.
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_firmy-216282473" ADS removed successfully.
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_novinky-1609642764" ADS removed successfully.
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_prozeny771666966" ADS removed successfully.
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_sport6476750" ADS removed successfully.
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_stream1444311432" ADS removed successfully.
C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website => ":DESTICON_super-41222104" ADS removed successfully.
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8d47fba-f2f1-11e2-bfc0-68942315ce82} => key removed successfully
HKCR\CLSID\{c8d47fba-f2f1-11e2-bfc0-68942315ce82} => key not found.
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8d48001-f2f1-11e2-bfc0-68942315ce82} => key removed successfully
HKCR\CLSID\{c8d48001-f2f1-11e2-bfc0-68942315ce82} => key not found.
",C:\WINDOWS\system32\nvinitx.dll" => Value data removed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
HKU\S-1-5-21-959826868-2704866173-1510423850-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKCR\PROTOCOLS\Filter\application/x-mfe-ipt => key not found.
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found.
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"C:\Users\Ondřej\AppData\Local\Temp" folder move:
Could not move "C:\Users\Ondřej\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 3614660 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 73304652 B
Java, Flash, Steam htmlcache => 11351 B
Windows/system/drivers => 1831073 B
Edge => 120009514 B
Chrome => 14527647 B
Firefox => 380702534 B
Opera => 113664 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 7309262 B
LocalService => 8978 B
NetworkService => 0 B
Ondřej => 734489203 B
UpdatusUser.ntb => 0 B
Administrator => 0 B
RecycleBin => 39287772 B
EmptyTemp: => 1.3 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-03-2017 19:01:06)
C:\Users\Ondřej\AppData\Local\Temp => moved successfully
==== End of Fixlog 19:01:21 ====
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Cerber
Smazáno. Log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Cerber
Děkuji mockrát za ochotu a pomoc.
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Cerber
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?