VIRY.CZ

Zdravím, nějaký čas pozoruji zpomalení PC, které odpovídá nárazovým intervalům. Zpomalení registruji, i když neprobíhá žádná operace. Častým jevem je taktéž snížená rychlost internetu. Přikládám log z RSIT. Moc děkuji za kontrolu.

Logfile of random's system information tool 1.16 (written by random/random)
Run by bee03 at 2017-07-02 15:56:23
Microsoft Windows 10 Home
System drive C: has 9 GB (5%) free of 199 GB
Total RAM: 8071 MB (49% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:56:34, on 2. 7. 2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\bee03\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\bee03\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
E:\Bee\Hry\World_of_Tanks\worldoftanks.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files\trend micro\bee03_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [EADM] "E:\Bee\Programy\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\bee03\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\bee03\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [GalaxyClient] C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
O4 - HKCU\..\Run: [BingSvc] C:\Users\bee03\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\bee03\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Odeslat do OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
O4 - Global Startup: SteelSeries Engine 3.lnk = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.584\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Wireless Controller Service - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
O23 - Service: Origin Client Service - Electronic Arts - E:\Bee\Programy\Origin\OriginClientService.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14215 bytes

====== Enumerating Processes ======

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
"C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe" -s
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe"
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe"
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files (x86)\PDF Architect\ConversionService.exe"
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
"C:\Program Files (x86)\PDF Architect\HelperService.exe"
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -c
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe"
C:\Program Files\AVAST Software\Avast\AvastUI.exe
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe"
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe" -Embedding
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe"
"C:\Users\bee03\AppData\Local\Microsoft\BingSvc\BingSvc.exe"
"C:\Users\bee03\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
C:\WINDOWS\system32\AUDIODG.EXE 0x3e8
"C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe"
"C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe" /runWithoutUpdating
C:\Program Files\CCleaner\CCleaner64.exe
"C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe" -dataPath="C:\ProgramData\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe" /tsr
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe"
"C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe" --type=gpu-process --channel="6660.0.1071893529\1228324992" --no-sandbox --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,13,25,54,69 --gpu-vendor-id=0x10de --gpu-device-id=0x1184 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.7653 --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --mojo-platform-channel-handle=1952 /prefetch:2
"C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe"
"C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe" --type=renderer --enable-smooth-scrolling --js-flags=--expose-gc --no-sandbox --primordial-pipe-token=B472A2F59E0207ABE1E144C912CCDDBF --lang=en-US --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --disable-spell-checking --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="6660.1.1832273413\1089296601" --mojo-platform-channel-handle=2240 /prefetch:1
"C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe" --type=renderer --enable-smooth-scrolling --js-flags=--expose-gc --no-sandbox --primordial-pipe-token=2C5DACD51575CF95103FF2A01A7E2DE6 --lang=en-US --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --disable-spell-checking --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="6660.2.992363219\310037837" --mojo-platform-channel-handle=2304 /prefetch:1
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\WINDOWS\system32\fontdrvhost.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
"C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE" "C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE" -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=renderer --disable-gpu-compositing --no-sandbox --enable-begin-frame-scheduling --primordial-pipe-token=37E8290360D417B6542B8BE9987B73DF --lang=en-US --lang=en-US --log-file="C:\Users\bee03\AppData\Local\NVIDIA Corporation\NVIDIA Share\CefCache\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="5676.0.646822935\1754577678" --mojo-platform-channel-handle=1480 /prefetch:1
"E:\Bee\Hry\World_of_Tanks\worldoftanks.exe" wot_wait_for_mutex
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\bee03\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=59.0.3071.115 --initial-client-data=0x1a8,0x1ac,0x1b0,0x1a4,0x1b4,0x7fff2dd219d0,0x7fff2dd219b8,0x7fff2dd219e8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3336 --on-initialized-event-handle=608 --parent-handle=612 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1504 --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,20,21,24,43,76 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x10de --gpu-device-id=0x1184 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.7653 --gpu-driver-date=12-29-2016 --gpu-secondary-vendor-ids=0x8086 --gpu-secondary-device-ids=0x0412 --service-request-channel-token=063E52277424268ECDB9BB16F3A5A8AE --mojo-platform-channel-handle=1512 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504 --primordial-pipe-token=FD9E2BF87A1D301FEEA9B138327DAE15 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=FD9E2BF87A1D301FEEA9B138327DAE15 --renderer-client-id=4 --mojo-platform-channel-handle=3388 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504 --primordial-pipe-token=06FBE1A0A37C33CE0AB1A9F9B9E5C02F --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=06FBE1A0A37C33CE0AB1A9F9B9E5C02F --renderer-client-id=7 --mojo-platform-channel-handle=4956 /prefetch:1
C:\WINDOWS\SysWOW64\ctfmon.exe
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Users\bee03\Downloads\RSITx64.exe"

====== Scheduled tasks folder ======

C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\ASUS Smart Gesture Launcher - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
C:\WINDOWS\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\WINDOWS\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\WINDOWS\system32\tasks\CreateChoiceProcessTask - C:\Windows\BrowserChoice\browserchoice.exe /launch
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA1cf2cbd586be398 - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\Java Updater - C:\Users\bee03\AppData\Roaming\nircmd.exe exec hide "C:\Users\bee03\AppData\Roaming\Redist.exe"
C:\WINDOWS\system32\tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
C:\WINDOWS\system32\tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\WINDOWS\system32\tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\WINDOWS\system32\tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
C:\WINDOWS\system32\tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
C:\WINDOWS\system32\tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task - C:\Users\bee03\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\Opera scheduled Autoupdate 1477514651 - C:\Users\bee03\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\system32\tasks\SafeZone scheduled Autoupdate 1475235077 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{8CB3FDBD-251B-405A-A41C-EFB65A11E118} - C:\Windows\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\{2958F222-82B8-4E28-B4D7-4A01F21CB7A1} - "c:\windows\system32\launchwinapp.exe" http://ui.skype.com/ui/0/7.12.0.101/cs/ ... rogressBar
C:\WINDOWS\system32\tasks\{50B188D6-055B-43BB-8899-95CFEB4AD90A} - "c:\windows\system32\launchwinapp.exe" http://ui.skype.com/ui/0/7.12.0.101/cs/ ... rogressBar
C:\WINDOWS\system32\tasks\{9C7E9F00-011D-4632-8BD0-092816DE6230} - "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.4.64.102/cs/ ... rogressBar
C:\WINDOWS\system32\tasks\{B1BA272F-E71C-4AD4-BC84-8402FFCD5CFA} - "c:\windows\system32\launchwinapp.exe" http://ui.skype.com/ui/0/7.12.0.101/cs/ ... rogressBar
C:\WINDOWS\system32\tasks\{DEE1E62A-8D57-4AA1-AE1B-AB2CD3C8EA30} - "c:\windows\system32\launchwinapp.exe" http://ui.skype.com/ui/0/7.10.0.101/cs/ ... =tsInstall
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network - C:\Windows\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - C:\WINDOWS\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\UNP\RunCampaignManager - %windir%\System32\UNP\UNPCampaignManager.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\WINDOWS\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService
C:\WINDOWS\system32\tasks\Microsoft\Office\Office Subscription Maintenance - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
C:\WINDOWS\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs

=========Mozilla firefox=========

ProfilePath - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/?clid=22668"
prefs.js - "keyword.URL" - "http://search.seznam.cz/?sourceid=quick ... earchTerms}&"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.131 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.131.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=E:\Bee\Programy\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=E:\Bee\Programy\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.131 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll


C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\searchplugins\
bing-.xml
doplky-pro-firefox.xml
seznam-avast.xml

C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
S3.Google Translator - extension - s3google@translator
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\extensions.json
PDF Architect Converter For Firefox - extension - FFPDFArchitectConverter@pdfarchitect.com - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
Bing Search - extension - bingsearch.full@microsoft.com - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\extensions\bingsearch.full@microsoft.com.xpi
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b} - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Firefox Screenshots - extension - screenshots@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Avast Online Security - webextension - wrc@avast.com - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\extensions\wrc@avast.com.xpi
Avast SafePrice - webextension - sp@avast.com - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\extensions\sp@avast.com.xpi
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Follow-on Search Telemetry - extension - followonsearch@mozilla.com - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\features\{6c23c57a-6c53-442c-993a-eb93e281bd15}\followonsearch@mozilla.com.xpi
Shield Recipe Client - extension - shield-recipe-client@mozilla.org - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\features\{6c23c57a-6c53-442c-993a-eb93e281bd15}\shield-recipe-client@mozilla.org.xpi
S3.Google Translator - extension - s3google@translator - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\extensions\s3google@translator.xpi

C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\pluginreg.dat
Plugin - Shockwave Flash - 26.0.0.131 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll

=========Google Chrome=========

C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension bgjpfhpjcgdppjbgnpnjllokbmcdllig 0 Seznam Lištička - Email 1.4.2
Extension blmojkbhnkkphngknkmgccmlenfaelkd 0 Seznam Lištička - Slovník 1.4.6
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.60
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg Settings 0.2
Extension eofcbnmajmjmplflapaojjnihcjkigck 0 Avast SafePrice 12.0.222
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock 3.13.0
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.222
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lifbcibllhkdhoafpjfnlhfpfgnpldfl 0 Skype 10.2.0.3000
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension ndibdjnfmopecpmkdieinmbadjfpblof
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.3
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.2
Extension olfeabkoenfaoljndfecamgilllcpiak 0 Seznam Lištička - Rychlá volba 1.9.1
Extension pafkbggdmjlpgkdkcbjmhmfcdpncadgh Google Now 1.2.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5917.424.0.6
Homepage: http://google.cz/
default_search_provider.search_url:
C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]
"Path"=


======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-06-26 229064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14 2351920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08 92208]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-30 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-30 186944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{25A3A431-30BB-47C8-AD6A-E1063801134F} - PDF Architect Toolbar - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08 654384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24 13885696]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2016-11-02 401896]
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 2114376]
"Windows Mobile Device Center"=C:\WINDOWS\WindowsMobile\wmdc.exe [2007-05-31 660360]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2016-11-17 1854400]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-06-30 213832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EADM"=E:\Bee\Programy\Origin\Origin.exe [2016-11-08 3639280]
"cz.seznam.software.autoupdate"=C:\Users\bee03\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\bee03\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"GalaxyClient"=C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [2017-06-26 4982336]
"BingSvc"=C:\Users\bee03\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2016-02-25 144008]
"OneDrive"=C:\Users\bee03\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-06-21 1555664]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-02-07 4701888]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-06-27 27784672]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-06-13 9803992]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-09-16 134616]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15 587288]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2017-05-22 6153128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
SteelSeries Engine 3.lnk - C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe

C:\Users\bee03\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Odeslat do OneNote.lnk - C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath" = %SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"VIDC.WVC1"=d3dgeardecoder64.dll
"VIDC.WMV3"=d3dgeardecoder64.dll
"VIDC.MJPG"=d3dgeardecoder64.dll
"VIDC.M4S2"=d3dgeardecoder64.dll
"VIDC.FVFW"=d3dgeardecoder64.dll
"VIDC.FFVH"=d3dgeardecoder64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2017-07-02 15:56:23 ----D---- C:\rsit
2017-07-02 15:09:19 ----HD---- C:\OneDriveTemp
2017-07-01 14:12:32 ----HD---- C:\$WINDOWS.~BT
2017-07-01 13:41:18 ----D---- C:\ProgramData\SWCUTemp
2017-07-01 12:29:53 ----D---- C:\WINDOWS\Panther
2017-07-01 12:26:59 ----D---- C:\Users\bee03\AppData\Roaming\Tunngle
2017-07-01 12:26:58 ----A---- C:\WINDOWS\system32\drivers\tap0901t.sys
2017-07-01 12:26:57 ----D---- C:\Program Files (x86)\Tunngle
2017-07-01 10:57:30 ----D---- C:\ProgramData\LogMeIn
2017-07-01 10:57:11 ----AD---- C:\Program Files (x86)\LogMeIn Hamachi
2017-06-30 16:29:15 ----A---- C:\WINDOWS\system32\drivers\lpsport.sys
2017-06-30 15:28:06 ----A---- C:\WINDOWS\system32\aswBoot.exe
2017-06-30 14:54:51 ----AD---- C:\Program Files\CCleaner
2017-06-26 14:21:01 ----D---- C:\ProgramData\McAfee Security Scan

====== List of files/folders modified in the last 1 month ======

2017-07-02 15:56:34 ----D---- C:\Program Files\trend micro
2017-07-02 15:56:23 ----D---- C:\WINDOWS\Prefetch
2017-07-02 15:53:40 ----D---- C:\WINDOWS\Temp
2017-07-02 15:35:42 ----D---- C:\WINDOWS\CbsTemp
2017-07-02 15:18:16 ----D---- C:\WINDOWS\system32\config
2017-07-02 15:16:56 ----D---- C:\Users\bee03\AppData\Roaming\Seznam.cz
2017-07-02 15:14:51 ----D---- C:\Users\bee03\AppData\Roaming\Skype
2017-07-02 15:13:23 ----D---- C:\WINDOWS\system32\drivers
2017-07-02 15:06:05 ----D---- C:\WINDOWS\system32\NDF
2017-07-02 15:05:33 ----D---- C:\ProgramData\NVIDIA
2017-07-02 15:05:23 ----D---- C:\ProgramData\ASUS Smart Gesture
2017-07-02 15:05:04 ----D---- C:\WINDOWS\System32
2017-07-02 15:05:04 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-02 15:04:59 ----D---- C:\WINDOWS\AppReadiness
2017-07-02 15:01:22 ----D---- C:\WINDOWS\system32\SleepStudy
2017-07-01 21:45:00 ----D---- C:\WINDOWS\system32\sru
2017-07-01 20:56:07 ----D---- C:\WINDOWS\WinSxS
2017-07-01 20:50:48 ----RD---- C:\WINDOWS\Microsoft.NET
2017-07-01 20:39:14 ----D---- C:\Users\bee03\AppData\Roaming\TS3Client
2017-07-01 16:40:41 ----AD---- C:\Program Files\Microsoft Silverlight
2017-07-01 16:40:41 ----AD---- C:\Program Files (x86)\Microsoft Silverlight
2017-07-01 14:58:33 ----D---- C:\WINDOWS\system32\CatRoot
2017-07-01 14:58:33 ----D---- C:\WINDOWS\INF
2017-07-01 14:58:32 ----D---- C:\WINDOWS\system32\DriverStore
2017-07-01 14:41:18 ----SHDC---- C:\WINDOWS\Installer
2017-07-01 14:41:14 ----D---- C:\WINDOWS\system32\UNP
2017-07-01 14:41:14 ----AD---- C:\Program Files\UNP
2017-07-01 14:21:57 ----D---- C:\WINDOWS\system32\MRT
2017-07-01 14:17:54 ----D---- C:\WINDOWS\debug
2017-07-01 14:17:48 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-07-01 14:16:39 ----D---- C:\WINDOWS\SysWOW64
2017-07-01 14:16:35 ----D---- C:\WINDOWS\system32\catroot2
2017-07-01 14:15:59 ----D---- C:\WINDOWS\system32\appraiser
2017-07-01 13:41:18 ----HD---- C:\ProgramData
2017-07-01 13:39:23 ----D---- C:\WINDOWS\system32\wbem
2017-07-01 13:39:23 ----D---- C:\Windows
2017-07-01 13:35:30 ----RD---- C:\Program Files
2017-07-01 13:27:48 ----D---- C:\WINDOWS\registration
2017-07-01 13:21:45 ----SHD---- C:\System Volume Information
2017-07-01 13:20:52 ----D---- C:\WINDOWS\Logs
2017-07-01 12:54:41 ----RSD---- C:\WINDOWS\Fonts
2017-07-01 12:35:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-01 12:30:16 ----D---- C:\WINDOWS\system32\Tasks
2017-07-01 12:29:27 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2017-07-01 12:29:26 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-01 12:26:57 ----RD---- C:\Program Files (x86)
2017-07-01 12:22:49 ----D---- C:\Users\bee03\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
2017-07-01 10:56:39 ----HD---- C:\Program Files\WindowsApps
2017-06-30 19:48:34 ----D---- C:\ProgramData\Skype
2017-06-30 19:48:26 ----D---- C:\Program Files (x86)\Common Files
2017-06-30 15:28:02 ----D---- C:\ProgramData\AVAST Software
2017-06-30 15:25:59 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2017-06-30 15:25:18 ----D---- C:\Program Files (x86)\Java
2017-06-30 15:18:35 ----D---- C:\WINDOWS\Tasks
2017-06-30 15:18:31 ----D---- C:\WINDOWS\system32\Macromed
2017-06-30 15:18:27 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-06-30 14:56:37 ----D---- C:\Users\bee03\AppData\Roaming\uTorrent
2017-06-30 14:56:37 ----D---- C:\Users\bee03\AppData\Roaming\DAEMON Tools Lite
2017-06-30 14:56:37 ----D---- C:\Program Files (x86)\Steam
2017-06-30 14:56:27 ----D---- C:\WINDOWS\LiveKernelReports
2017-06-26 15:02:07 ----RSD---- C:\WINDOWS\assembly
2017-06-26 15:02:04 ----AD---- C:\ProgramData\regid.1991-06.com.microsoft
2017-06-26 15:01:28 ----AD---- C:\Program Files\Microsoft Office 15
2017-06-26 14:38:25 ----RD---- C:\Program Files (x86)\Skype
2017-06-26 14:24:07 ----D---- C:\ProgramData\Package Cache
2017-06-26 14:22:48 ----AD---- C:\Program Files (x86)\GalaxyClient
2017-06-26 14:21:10 ----D---- C:\Program Files\McAfee Security Scan
2017-06-03 08:36:03 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [2017-06-30 198944]
R0 aswblog;aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [2017-06-30 343264]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [2017-06-30 57704]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2017-06-30 84392]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2017-07-01 361336]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [2017-06-30 319984]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2017-06-30 41800]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2017-06-30 110352]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2017-06-30 1015848]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2017-06-30 585608]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2017-06-30 146664]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2017-06-30 198768]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R3 AsusVBus;AsusVBus; C:\WINDOWS\System32\drivers\AsusVBus.sys [2016-09-22 39704]
R3 ATP;@oem8.inf,%AsusTP%;ASUS Touchpad; C:\WINDOWS\System32\drivers\AsusTP.sys [2016-09-22 84472]
R3 dtlitescsibus;@oem54.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2017-02-21 30264]
R3 dtliteusbbus;@oem56.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2017-02-21 47672]
R3 Hamachi;@oem61.inf,%Hamachi.Service.DispName%;LogMeIn Hamachi Virtual Miniport); C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [2017-05-22 45680]
R3 iwdbus;@oem16.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2013-10-29 27032]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2015-10-05 25816]
R3 NVHDA;@oem49.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2017-01-04 221640]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [2017-01-04 14199224]
R3 nvvad_WaveExtensible;@oem31.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2016-11-17 46016]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-07-16 589824]
R3 ssdevfactory;@oem36.inf,%ssdevfactory.SVCDESC%;SteelSeries Device Factory Service; C:\WINDOWS\System32\drivers\ssdevfactory.sys [2015-10-03 40568]
R3 sshid;@oem60.inf,%sshid.SvcDesc%;SteelSeries HID Service; C:\WINDOWS\System32\drivers\sshid.sys [2017-05-10 45896]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 aswHwid;aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [2017-06-30 46984]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-10-05 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2013-10-29 39320]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2015-10-05 64216]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-11-17 27584]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-06-30 263312]
R2 CDPUserSvc_d0f98;CDPUserSvc_d0f98; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2017-03-14 3042544]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2017-05-22 3760040]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [2016-05-27 419248]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-11-17 462784]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2016-12-29 458176]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [2016-11-17 1163712]
R2 OneSyncSvc_d0f98;Hostitel synchronizace_d0f98; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-04-08 1320496]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-04-08 799280]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-06-30 7430992]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-02-07 1471168]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
R3 PimIndexMaintenanceSvc_d0f98;Data kontaktů_d0f98; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\TimeBrokerServer.dll
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-06-01 317400]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 GalaxyClientService;GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [2017-06-26 488000]
S3 GalaxyCommunication;GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2017-06-26 8077376]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.11.584\McCHSvc.exe [2017-06-23 404368]
S3 MessagingService_d0f98;Služba zasílání zpráv_d0f98; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-06-30 175560]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-11-17 462784]
S3 Origin Client Service;Origin Client Service; E:\Bee\Programy\Origin\OriginClientService.exe [2016-11-08 2122248]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-06-11 150600]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Zdravím. Dnes se téměř nemůžu dostat na internet bez omezení rychlosti. Hostitel služby: Místní systém neustále stahuje rychlostí okolo 3 Mb/ s. Konkrétně nejvíce dat tahá svchost.exe (netsvcs) Přikládám log a děkuji za kontrolu.

# AdwCleaner v6.047 - Log vytvořen 03/07/2017 v 10:13:14
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-06-29.3 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : bee03 - BEE
# Spuštěno z : C:\Users\bee03\Desktop\adwcleaner_6.047.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\invalidprefs.js


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
[-] Klíč smazán: HKU\.DEFAULT\Software\Goobzo
[-] Klíč smazán: HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\Software\Goobzo
[-] Klíč smazán: HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\Software\PRODUCTSETUP
[-] Klíč smazán: HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\Software\csastats
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\Goobzo
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\Goobzo
[#] Klíč smazán po restartu: HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: HKCU\Software\csastats
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\Goobzo
[#] Klíč smazán po restartu: [x64] HKCU\Software\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\Goobzo
[#] Klíč smazán po restartu: [x64] HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: [x64] HKCU\Software\csastats
[-] Klíč smazán: [x64] HKLM\SOFTWARE\ShopperPro
[-] Klíč smazán: HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}


***** [ Prohlížeče ] *****

[-] [C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: mysearch.avg.com_
[-] [C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: mysearch.avg.com
[-] [C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Smazáno: hxxp://mysearch.avg.com?cid={485229BB-FFCE-4D4F-9511-94A015FB8B52}&mid=8feb1ea30b2e40efa5551b527b2ba498-f7433c71a7f1ee7ea0f145d5d1d089f5ec529823&lang=en&ds=ag011&coid=avgtbdisag&cmpid=&pr=sa&d=2014-06-18 12:20:42&v=18.1.0.443&pid=safeguard&sg=&sap=hp
[-] [C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: ndibdjnfmopecpmkdieinmbadjfpblof


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4006 Bajty] - [03/07/2017 10:13:14]
C:\AdwCleaner\AdwCleaner[R0].txt - [2631 Bajty] - [07/08/2015 10:19:17]
C:\AdwCleaner\AdwCleaner[R1].txt - [855 Bajty] - [08/08/2015 10:53:41]
C:\AdwCleaner\AdwCleaner[R2].txt - [969 Bajty] - [08/08/2015 10:58:21]
C:\AdwCleaner\AdwCleaner[S0].txt - [2581 Bajty] - [07/08/2015 10:20:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [916 Bajty] - [08/08/2015 10:54:16]
C:\AdwCleaner\AdwCleaner[S2].txt - [4683 Bajty] - [03/07/2017 10:12:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4514 Bajty] ##########

Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Log FRST zde:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2017
Ran by bee03 (administrator) on BEE (03-07-2017 17:54:12)
Running from C:\Users\bee03\Desktop
Loaded Profiles: bee03 (Available Profiles: bee03)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(© 2015 Microsoft Corporation) C:\Users\bee03\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
(GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(TeamSpeak Systems GmbH) C:\Users\bee03\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\bee03\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401896 2016-11-02] ()
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-06-30] (AVAST Software)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [6153128 2017-05-22] (LogMeIn Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\Run: [EADM] => E:\Bee\Programy\Origin\Origin.exe [3639280 2016-11-08] (Electronic Arts)
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\bee03\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\bee03\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [4982336 2017-06-26] (GOG.com)
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\Run: [BingSvc] => C:\Users\bee03\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-25] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\MountPoints2: {122cf2fb-f37f-11e6-8520-10feed2788cd} - "F:\Autorun.exe"
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\MountPoints2: {122cf3a9-f37f-11e6-8520-10feed2788cd} - "G:\Autorun.exe"
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-06-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-11-16]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\bee03\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2015-11-03]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{3cb10d63-ed34-46a9-ab7b-79fc3f712fbd}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{66d864f8-94cb-41de-96bd-8f62cf650eb0}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-06-26] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-30] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-08-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-06-01] (Skype Technologies)

FireFox:
========
FF DefaultProfile: 0yufjmn0.default
FF ProfilePath: C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default [2017-07-03]
FF NewTab: Mozilla\Firefox\Profiles\0yufjmn0.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\0yufjmn0.default -> Seznam
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\0yufjmn0.default -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\0yufjmn0.default -> Seznam
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\0yufjmn0.default -> Seznam
FF Homepage: Mozilla\Firefox\Profiles\0yufjmn0.default -> hxxps://www.seznam.cz/?clid=22668
FF Keyword.URL: Mozilla\Firefox\Profiles\0yufjmn0.default -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Extension: (Bing Search) - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-02-25]
FF Extension: (S3.Google Translator) - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\Extensions\s3google@translator.xpi [2017-07-01]
FF Extension: (Avast SafePrice) - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\Extensions\sp@avast.com.xpi [2017-06-30]
FF Extension: (Avast Online Security) - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\Extensions\wrc@avast.com.xpi [2017-06-30]
FF Extension: (Adblock Plus) - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-01]
FF Extension: (Seznam lištička) - C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-06-21]
FF SearchPlugin: C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\searchplugins\bing-.xml [2016-02-25]
FF SearchPlugin: C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\searchplugins\doplky-pro-firefox.xml [2015-11-12]
FF SearchPlugin: C:\Users\bee03\AppData\Roaming\Mozilla\Firefox\Profiles\0yufjmn0.default\searchplugins\seznam-avast.xml [2016-10-19]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-10] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-11] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> E:\Bee\Programy\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> E:\Bee\Programy\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3429784814-2776821652-1915457752-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-02-09] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.cz/
CHR DefaultSearchURL: Default -> hxxp://mysearch.avg.com/search?cid={485229BB-FFCE-4D4F-9511-94A015FB8B52}&mid=8feb1ea30b2e40efa5551b527b2ba498-f7433c71a7f1ee7ea0f145d5d1d089f5ec529823&lang=en&ds=ag011&coid=avgtbdisag&cmpid=&pr=sa&d=2014-06-18 12:20:42&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default [2017-07-03]
CHR Extension: (Dokumenty Google) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Disk Google) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Seznam Lištička - Email) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-06-21]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-06-21]
CHR Extension: (YouTube) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-01]
CHR Extension: (Avast Online Security) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-26]
CHR Extension: (Skype) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-06-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-06-21]
CHR Extension: (Gmail) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\bee03\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
CHR HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmojkbhnkkphngknkmgccmlenfaelkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Users\bee03\AppData\Local\Programs\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-06-30] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-06-30] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [488000 2017-06-26] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8077376 2017-06-26] (GOG.com)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3760040 2017-05-22] (LogMeIn Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.584\McCHSvc.exe [404368 2017-06-23] (McAfee, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
S3 Origin Client Service; E:\Bee\Programy\Origin\OriginClientService.exe [2122248 2016-11-08] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusVBus; C:\WINDOWS\System32\drivers\AsusVBus.sys [39704 2016-09-22] (Windows (R) Win 7 DDK provider)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [319984 2017-06-30] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198944 2017-06-30] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343264 2017-06-30] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57704 2017-06-30] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-06-30] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-06-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146664 2017-06-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-06-30] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-06-30] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015848 2017-06-30] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-06-30] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-06-30] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-01] (AVAST Software)
R3 athur; C:\WINDOWS\System32\drivers\athuw8x.sys [2919936 2013-06-02] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [84472 2016-09-22] (ASUS Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-02-21] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-02-21] (Disc Soft Ltd)
R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2017-05-22] (LogMeIn Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [40568 2015-10-03] (SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45896 2017-05-10] (SteelSeries ApS)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-03 17:54 - 2017-07-03 17:54 - 00028530 _____ C:\Users\bee03\Desktop\FRST.txt
2017-07-03 17:54 - 2017-07-03 17:54 - 00000000 ____D C:\FRST
2017-07-03 17:51 - 2017-07-03 17:53 - 00112640 _____ (forum.viry.cz) C:\Users\bee03\Desktop\FRSTLauncher.exe
2017-07-03 17:48 - 2017-07-03 17:53 - 02435584 _____ (Farbar) C:\Users\bee03\Desktop\FRST64.exe
2017-07-03 15:50 - 2017-07-03 15:53 - 00007619 _____ C:\Users\bee03\AppData\Local\Resmon.ResmonCfg
2017-07-03 15:04 - 2017-07-03 15:04 - 00000000 ___HD C:\OneDriveTemp
2017-07-03 13:22 - 2017-07-03 13:22 - 00000845 _____ C:\Users\bee03\Desktop\Aslains WoT Logs Archiver.lnk
2017-07-03 12:40 - 2017-07-03 12:40 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-03 12:25 - 2017-07-03 12:40 - 121373666 _____ (Aslain ) C:\Users\bee03\Downloads\Aslains_WoT_Modpack_Installer_v.9.19.0.2_15.exe
2017-07-03 10:09 - 2017-07-03 10:10 - 04110280 _____ C:\Users\bee03\Desktop\adwcleaner_6.047.exe
2017-07-02 18:51 - 2017-07-02 19:10 - 00000000 ____D C:\Users\bee03\Desktop\STÁTNICE GEOGRAFIE
2017-07-02 15:56 - 2017-07-02 15:56 - 00000000 ____D C:\rsit
2017-07-01 14:12 - 2017-07-01 14:13 - 00000000 ___HD C:\$WINDOWS.~BT
2017-07-01 12:29 - 2017-07-02 18:46 - 00000000 ____D C:\WINDOWS\Panther
2017-07-01 12:26 - 2017-07-01 12:54 - 00000000 ____D C:\Program Files (x86)\Tunngle
2017-07-01 12:26 - 2017-07-01 12:46 - 00000000 ____D C:\Users\bee03\AppData\Roaming\Tunngle
2017-07-01 12:26 - 2016-04-26 16:10 - 00048824 _____ (Tunngle.net GmbH) C:\WINDOWS\system32\Drivers\tap0901t.sys
2017-07-01 10:57 - 2017-07-03 15:03 - 00000000 ____D C:\Users\bee03\AppData\Local\LogMeIn Hamachi
2017-07-01 10:57 - 2017-07-01 10:57 - 00000000 ____D C:\Users\bee03\AppData\Local\LogMeIn
2017-07-01 10:57 - 2017-07-01 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2017-07-01 10:57 - 2017-07-01 10:57 - 00000000 ____D C:\ProgramData\LogMeIn
2017-07-01 10:57 - 2017-07-01 10:57 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2017-07-01 10:56 - 2017-07-03 15:03 - 00000176 _____ C:\Users\bee03\BullseyeCoverageError.txt
2017-06-30 16:29 - 2017-06-30 16:29 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-06-30 15:28 - 2017-06-30 15:27 - 00400464 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-06-30 14:54 - 2017-06-30 14:54 - 00002846 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-06-30 14:54 - 2017-06-30 14:54 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-06-30 14:54 - 2017-06-30 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-06-30 14:54 - 2017-06-30 14:54 - 00000000 ____D C:\Program Files\CCleaner
2017-06-26 14:21 - 2017-06-26 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-06-26 14:21 - 2017-06-26 14:21 - 00000000 ____D C:\ProgramData\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-03 17:51 - 2016-11-21 19:45 - 00000000 ____D C:\Users\bee03\AppData\LocalLow\Mozilla
2017-07-03 17:47 - 2016-10-05 19:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-03 17:30 - 2015-07-18 18:07 - 00000000 ____D C:\Users\bee03\AppData\Roaming\TS3Client
2017-07-03 15:52 - 2016-10-05 20:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-03 15:37 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-03 15:18 - 2014-03-06 19:59 - 00000000 ____D C:\Users\bee03\AppData\Roaming\Skype
2017-07-03 15:08 - 2014-10-28 11:23 - 00000000 ____D C:\Users\bee03\AppData\Roaming\Seznam.cz
2017-07-03 15:04 - 2016-10-26 22:28 - 00000000 ____D C:\Users\bee03\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
2017-07-03 15:04 - 2016-10-05 19:51 - 00000000 ____D C:\Users\bee03
2017-07-03 15:04 - 2015-07-11 12:16 - 00000000 ___RD C:\Users\bee03\OneDrive
2017-07-03 15:03 - 2016-10-26 22:28 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-07-03 15:03 - 2016-10-05 19:48 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-03 15:03 - 2016-10-05 19:48 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-03 15:03 - 2015-08-05 22:31 - 00000000 __SHD C:\Users\bee03\IntelGraphicsProfiles
2017-07-03 14:05 - 2016-12-19 20:33 - 00000000 ____D C:\Users\bee03\AppData\Local\CrashDumps
2017-07-03 12:06 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-03 12:04 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-07-03 11:59 - 2015-08-11 20:00 - 00000000 ____D C:\Users\bee03\AppData\Local\ElevatedDiagnostics
2017-07-03 10:13 - 2015-08-07 10:19 - 00000000 ____D C:\AdwCleaner
2017-07-02 20:37 - 2016-10-11 11:24 - 00000000 ____D C:\Users\bee03\AppData\Local\Deployment
2017-07-02 20:37 - 2014-01-31 16:50 - 00000000 ____D C:\Users\bee03\AppData\Local\Packages
2017-07-02 15:56 - 2015-08-06 09:02 - 00000000 ____D C:\Program Files\trend micro
2017-07-02 15:04 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-01 16:40 - 2016-11-09 18:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-07-01 16:40 - 2016-11-09 18:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-07-01 14:58 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-07-01 14:41 - 2017-04-20 13:31 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-07-01 14:41 - 2017-04-20 13:31 - 00000000 ____D C:\Program Files\UNP
2017-07-01 14:21 - 2014-01-31 19:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-01 14:17 - 2016-11-09 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-07-01 14:17 - 2014-01-31 19:34 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-01 14:15 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-01 13:27 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\registration
2017-07-01 13:02 - 2016-10-05 19:46 - 00351432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-01 12:37 - 2014-03-04 14:38 - 00361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-07-01 12:35 - 2016-07-17 00:25 - 00818496 _____ C:\WINDOWS\system32\perfh005.dat
2017-07-01 12:35 - 2016-07-17 00:25 - 00198334 _____ C:\WINDOWS\system32\perfc005.dat
2017-07-01 12:35 - 2015-08-05 22:26 - 02180076 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-01 12:33 - 2014-01-31 16:50 - 00000000 ____D C:\Users\bee03\AppData\Local\VirtualStore
2017-07-01 12:30 - 2016-10-05 20:07 - 00003998 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1475235077
2017-07-01 12:30 - 2016-09-30 13:31 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-01 12:29 - 2017-05-11 17:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-01 12:29 - 2015-11-04 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-01 12:22 - 2017-02-21 19:09 - 00000000 ____D C:\Users\bee03\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
2017-07-01 10:56 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-30 19:48 - 2014-03-06 19:59 - 00000000 ____D C:\ProgramData\Skype
2017-06-30 16:20 - 2014-01-31 17:06 - 00000000 ____D C:\Users\bee03\AppData\Local\NVIDIA Corporation
2017-06-30 16:19 - 2015-07-29 19:43 - 00000000 ____D C:\Users\bee03\AppData\Local\NVIDIA
2017-06-30 15:29 - 2017-03-22 11:58 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-06-30 15:28 - 2014-03-04 14:33 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-30 15:27 - 2014-05-04 17:56 - 00046984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-06-30 15:27 - 2014-03-04 14:38 - 00585608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-06-30 15:27 - 2014-03-04 14:38 - 00198768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-06-30 15:27 - 2014-03-04 14:38 - 00146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-06-30 15:27 - 2014-03-04 14:38 - 00110352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-06-30 15:27 - 2014-03-04 14:38 - 00084392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-06-30 15:26 - 2017-03-22 11:58 - 00343264 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-06-30 15:26 - 2017-03-22 11:58 - 00319984 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-06-30 15:26 - 2017-03-22 11:58 - 00198944 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-06-30 15:26 - 2017-03-22 11:58 - 00057704 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-06-30 15:26 - 2016-09-26 19:24 - 00041800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-06-30 15:26 - 2015-04-19 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-30 15:26 - 2014-03-04 14:38 - 01015848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-06-30 15:25 - 2015-04-19 16:15 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-06-30 15:25 - 2015-04-19 16:14 - 00000000 ____D C:\Program Files (x86)\Java
2017-06-30 15:21 - 2014-03-25 13:23 - 00000737 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-06-30 15:18 - 2016-10-05 20:07 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-30 15:18 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-30 15:18 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-30 14:56 - 2017-02-21 18:27 - 00000000 ____D C:\Users\bee03\AppData\Roaming\uTorrent
2017-06-30 14:56 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-30 14:56 - 2014-10-28 11:22 - 00000000 ____D C:\Users\bee03\AppData\Roaming\DAEMON Tools Lite
2017-06-30 14:56 - 2014-06-10 23:32 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-30 14:51 - 2016-10-26 22:44 - 00003976 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1477514651
2017-06-26 20:20 - 2014-02-01 21:09 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-26 20:20 - 2014-02-01 21:09 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-26 15:02 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-26 15:01 - 2015-07-11 11:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-06-26 14:38 - 2017-03-15 22:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-26 14:24 - 2014-06-11 00:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-26 14:22 - 2015-05-24 00:36 - 00000000 ____D C:\Users\bee03\AppData\Local\GOG.com
2017-06-26 14:22 - 2015-05-21 20:32 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2017-06-26 14:21 - 2017-05-11 17:18 - 00002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-06-26 14:21 - 2015-11-16 13:27 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-06-21 07:49 - 2016-12-31 11:03 - 00003266 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-21 07:49 - 2015-08-05 22:34 - 00002391 _____ C:\Users\bee03\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-03 08:36 - 2017-03-16 12:11 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 08:36 - 2017-03-16 12:11 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-11-07 11:24 - 2014-05-24 11:09 - 0603763 ___SH () C:\Users\bee03\AppData\Roaming\libcurl-4.dll
2014-11-07 11:24 - 2014-05-26 10:16 - 0626176 ___SH (The cURL library, http://curl.haxx.se/) C:\Users\bee03\AppData\Roaming\libcurl.dll
2014-11-07 11:24 - 2014-05-26 10:16 - 1704448 ___SH (The OpenSSL Project, http://www.openssl.org/) C:\Users\bee03\AppData\Roaming\libeay32.dll
2014-11-07 11:24 - 2014-05-26 10:16 - 0112142 ___SH () C:\Users\bee03\AppData\Roaming\libgcc_s_dw2-1.dll
2014-11-07 11:24 - 2014-05-26 10:16 - 0279955 ___SH () C:\Users\bee03\AppData\Roaming\libidn-11.dll
2014-11-07 11:24 - 2014-05-26 10:16 - 0148760 ___SH () C:\Users\bee03\AppData\Roaming\libpdcurses.dll
2014-11-07 11:24 - 2014-05-04 01:16 - 0207360 ___SH (CodePlex Community) C:\Users\bee03\AppData\Roaming\Microsoft.Win32.TaskScheduler.dll
2014-11-07 11:24 - 2013-08-11 05:41 - 0044032 ___SH (NirSoft) C:\Users\bee03\AppData\Roaming\nircmd.exe
2014-11-07 11:24 - 2014-05-24 11:09 - 0042496 ___SH (Open Source Software community project) C:\Users\bee03\AppData\Roaming\pthreadGC2-w64.dll
2014-11-07 11:24 - 2014-05-26 10:16 - 0119704 ___SH (Open Source Software community LGPL) C:\Users\bee03\AppData\Roaming\pthreadGC2.dll
2014-11-07 11:24 - 2014-05-26 10:16 - 0364544 ___SH (The OpenSSL Project, http://www.openssl.org/) C:\Users\bee03\AppData\Roaming\ssleay32.dll
2014-11-07 11:24 - 2014-05-26 10:16 - 0113166 ___SH () C:\Users\bee03\AppData\Roaming\zlib1.dll
2017-07-03 15:50 - 2017-07-03 15:53 - 0007619 _____ () C:\Users\bee03\AppData\Local\Resmon.ResmonCfg
2016-10-05 19:48 - 2016-10-05 19:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-07-01 10:56 - 2017-07-01 10:56 - 0008720 _____ () C:\Users\bee03\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2017-07-01 10:57 - 2017-07-01 10:57 - 0012080 _____ () C:\Users\bee03\AppData\Local\Temp\BullseyeCoverage-x64-3.dll
2017-07-01 10:57 - 2017-07-01 10:57 - 0010520 _____ () C:\Users\bee03\AppData\Local\Temp\BullseyeCoverage-x86-3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-03 10:31

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:194.36 GB) (Free:79.97 GB) NTFS
Drive e: ( (E:)) (Fixed) (Total:736.2 GB) (Free:473.42 GB) NTFS
Drive f: (LOTRBFME2) (CDROM) (Total:5.54 GB) (Free:0 GB) CDFS
Drive g: (LOTRBFME2EP1) (CDROM) (Total:4.21 GB) (Free:0 GB) UDF

Available physical RAM: 5014.15 MB
Total physical RAM: 8070.8 MB
Percentage of memory in use: 37%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: A725D4BA)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [118]

==================== Security Center ==================

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\bee03\Desktop" je 2495 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\Run: [BingSvc] => C:\Users\bee03\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-25] (© 2015 Microsoft Corporation)
C:\Users\bee03\AppData\Local\Microsoft\BingSvc
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\MountPoints2: {122cf2fb-f37f-11e6-8520-10feed2788cd} - "F:\Autorun.exe"
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\MountPoints2: {122cf3a9-f37f-11e6-8520-10feed2788cd} - "G:\Autorun.exe"
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR DefaultSearchURL: Default -> hxxp://mysearch.avg.com/search?cid={485229BB-FFCE-4D4F-9511-94A015FB8B52}&mid=8feb1ea30b2e40efa5551b527b2ba498-f7433c71a7f1ee7ea0f145d5d1d089f5ec529823&lang=en&ds=ag011&coid=avgtbdisag&cmpid=&pr=sa&d=2014-06-18 12:20:42&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.584\McCHSvc.exe [404368 2017-06-23] (McAfee, Inc.)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
C:\ProgramData\McAfee Security Scan
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
C:\ProgramData\DP45977C.lfl
C:\Users\bee03\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [118]

EmptyTemp:
ResetHosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\bee03\Desktop" je 2495 MB.

To je příliš mnoho a může to způsobovat zpomelný start systému. Vytvořte v C:\Users\bee03 novou složku, do níž přesuňte všechna data z plochy (lromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.

Po spuštění FRST Launcher se nic nestalo a ikona zmizla z plochy, takže jsem jej stáhl znova a přikládám log. Co se týká dat z plochy, tak většinu tvoří právě zástupci. Vše ostatní ( o velikosti cca 300Mb) jsem přetáhl do Users.

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017
Ran by bee03 (03-07-2017 19:43:10) Run:1
Running from C:\Users\bee03\Desktop
Loaded Profiles: bee03 (Available Profiles: bee03)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\Run: [BingSvc] => C:\Users\bee03\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-25] (� 2015 Microsoft Corporation)
C:\Users\bee03\AppData\Local\Microsoft\BingSvc
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\MountPoints2: {122cf2fb-f37f-11e6-8520-10feed2788cd} - "F:\Autorun.exe"
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\...\MountPoints2: {122cf3a9-f37f-11e6-8520-10feed2788cd} - "G:\Autorun.exe"
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR DefaultSearchURL: Default -> hxxp://mysearch.avg.com/search?cid={485229BB-FFCE-4D4F-9511-94A015FB8B52}&mid=8feb1ea30b2e40efa5551b527b2ba498-f7433c71a7f1ee7ea0f145d5d1d089f5ec529823&lang=en&ds=ag011&coid=avgtbdisag&cmpid=&pr=sa&d=2014-06-18 12:20:42&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.584\McCHSvc.exe [404368 2017-06-23] (McAfee, Inc.)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
C:\ProgramData\McAfee Security Scan
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
C:\ProgramData\DP45977C.lfl
C:\Users\bee03\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [118]

EmptyTemp:
ResetHosts:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
C:\Users\bee03\AppData\Local\Microsoft\BingSvc => moved successfully
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{122cf2fb-f37f-11e6-8520-10feed2788cd} => key removed successfully
HKLM\Software\Classes\CLSID\{122cf2fb-f37f-11e6-8520-10feed2788cd} => key not found.
HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{122cf3a9-f37f-11e6-8520-10feed2788cd} => key removed successfully
HKLM\Software\Classes\CLSID\{122cf3a9-f37f-11e6-8520-10feed2788cd} => key not found.
C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe => moved successfully

"C:\Program Files\McAfee Security Scan" folder move:

Could not move "C:\Program Files\McAfee Security Scan" => Scheduled to move on reboot.

HKU\S-1-5-21-3429784814-2776821652-1915457752-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
HKLM\System\CurrentControlSet\Services\McComponentHostService => key removed successfully
McComponentHostService => service removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus => moved successfully
C:\ProgramData\McAfee Security Scan => moved successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\bee03\AppData\Local\Temp" folder move:

Could not move "C:\Users\bee03\AppData\Local\Temp" => Scheduled to move on reboot.

C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
ResetHosts: => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 1685408 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 71526664 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 184875 B
Edge => 0 B
Chrome => 517026940 B
Firefox => 54356688 B
Opera => 119808 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 8232960 B
bee03 => 14042400 B

RecycleBin => 230425 B
EmptyTemp: => 636.5 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-07-2017 19:51:54)

C:\Program Files\McAfee Security Scan => moved successfully
C:\Users\bee03\AppData\Local\Temp => moved successfully

==== End of Fixlog 19:51:56 ====

Smazáno. Nastala nějaká změna?

Zpomalení PC nepozoruji,nicméně Hostitel služby (svchost.exe) si stále bere přes 3 Mb sítě. Nevím zdali je problém v PC nebo někde v routeru, ale dělat by to nemělo

Na zloušku vypněte aut. aktualizace, příp. přeinstalujte Avast.