VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

prosím o kontrolu logu , mám v PC havěť

https://forum.viry.cz:443/viewtopic.php?t=155180

Stránka 1 z 1

prosím o kontrolu logu , mám v PC havěť

Napsal: 17 lis 2018 13:59
od Paulie0001
Dobrý den,
mám nějak zpomalený chod počítače, a internetový prohlížeč chrome mi taky začal blbnout, tak se obracím na Vás.
Když zapnu Chrome a jdu na seznam, často si pročítávám zprávy na novinkách. Když ale kliknu na nějaký titulek, tak se mi objeví pouze nadpis a stručné info k článku, ale nikoli celý obsah toho článku (do přílohy přikládám obrázek pro lepší pochopení).

Dále když chci jít na stránku http://www.topserialy.to, tak jsem zvyklý vždy do vyhledáváče napsat T a stisknout enter, automaticky mne to vždy vyhodilo na požadovanou stránku. Teď tam ale místo toho mám nějaký malware, protože mi tam na první místo skočí ne topserialy, ale tato stránka http://theforexworld.info, která mě následně přesune na stránku s pornografickým obsahem. Nevíte, jak se toho zbavit?

Posílám log z rsit:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Paulie at 2018-11-17 13:44:49
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 12 GB (10%) free of 114 GB
Total RAM: 3996 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:44:51, on 17.11.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19003)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
E:\PROGRAMY\hamachi\hamachi-2-ui.exe
E:\PROGRAMY\hamachi\LMIGuardianSvc.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
E:\PROGRAMY\Steam\Steam.exe
C:\Program Files\trend micro\Paulie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_172\bin\ssv.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_172\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "E:\PROGRAMY\hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Steam] "E:\PROGRAMY\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "D:\PROGRAMY\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Avast Cleanup Premium.lnk = C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
O4 - Global Startup: Canon LBP2900 Status Window.lnk = C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
O4 - Global Startup: ScpToolkit Tray Notifications.lnk = E:\PROGRAMY\SCP TOOLKIT\ScpTrayApp.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{7721449B-54C2-4422-B45D-91B5D03753DA}: NameServer = 192.168.1.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_core.dll,-101 (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
O23 - Service: Avast Cleanup Premium (CleanupPSvc) - AVAST Software - C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
O23 - Service: VMware Horizon Client (client_service) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: SCP DSx Service (Ds3Service) - Scarlet.Crush Productions - E:\PROGRAMY\SCP TOOLKIT\ScpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: VMware Netlink Supervisor Service (ftnlsv3hv) - Unknown owner - C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
O23 - Service: VMware Scanner Redirection Client (ftscanmgrhv) - Unknown owner - C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\PROGRAMY\hamachi\x64\hamachi-2.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - E:\PROGRAMY\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware Serial Com Redirection Client service (vmwsprrdpwks) - VMware - C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12938 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe" -SCMStartup mfwStartFlags=2
C:\Windows\System32\svchost.exe -k utcsvc
"E:\PROGRAMY\SCP TOOLKIT\ScpService.exe"
"C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe"
"C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe"
"C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service
"C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe"
E:\PROGRAMY\hamachi\x64\hamachi-2.exe -s
"E:\PROGRAMY\hamachi\x64\LMIGuardianSvc.exe" /escort 3040 /CUSTOM Hamachi
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
C:\Windows\system32\CNAB4RPD.EXE
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\DbxSvc.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
atieclxx
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
AvastUI.exe /nogui
"C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe" /nogui
"E:\PROGRAMY\SCP TOOLKIT\ScpTrayApp.exe"
"C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:crashpad-handler --no-upload-gzip --no-rate-limit --capture-python --no-identify-client-via-url --database=C:\Users\Paulie\AppData\Local\Dropbox\Crashpad --metrics-dir=0 --url=https://d.dropbox.com/report_crashpad_minidump --https-pin=0x23,0xf2,0xed,0xff,0x3e,0xde,0x90,0x25,0x9a,0x9e,0x30,0xf4,0xa,0xf8,0xf9,0x12,0xa5,0xe5,0xb3,0x69,0x4e,0x69,0x38,0x44,0x3,0x41,0xf6,0x6,0xe,0x1,0x4f,0xfa --https-pin=0xaf,0xf9,0x88,0x90,0x6d,0xde,0x12,0x95,0x5d,0x9b,0xeb,0xbf,0x92,0x8f,0xdc,0xc3,0x1c,0xce,0x32,0x8d,0x5b,0x93,0x84,0xf2,0x1c,0x89,0x41,0xca,0x26,0xe2,0x3,0x91 --https-pin=0x5a,0x88,0x96,0x47,0x22,0xe,0x54,0xd6,0xbd,0x8a,0x16,0x81,0x72,0x24,0x52,0xb,0xb5,0xc7,0x8e,0x58,0x98,0x4b,0xd5,0x70,0x50,0x63,0x88,0xb9,0xde,0xf,0x7,0x5f --https-pin=0xfe,0xa2,0xb7,0xd6,0x45,0xfb,0xa7,0x3d,0x75,0x3c,0x1e,0xc9,0xa7,0x87,0xc,0x40,0xe1,0xf7,0xb0,0xc5,0x61,0xe9,0x27,0xb9,0x85,0xbf,0x71,0x18,0x66,0xe3,0x6f,0x22 --https-pin=0x76,0xee,0x85,0x90,0x37,0x4c,0x71,0x54,0x37,0xbb,0xca,0x6b,0xba,0x60,0x28,0xea,0xdd,0xe2,0xdc,0x6d,0xbb,0xb8,0xc3,0xf6,0x10,0xe8,0x51,0xf1,0x1d,0x1a,0xb7,0xf5 --https-pin=0x6d,0xbf,0xae,0x0,0xd3,0x7b,0x9c,0xd7,0x3f,0x8f,0xb4,0x7d,0xe6,0x59,0x17,0xaf,0x0,0xe0,0xdd,0xdf,0x42,0xdb,0xce,0xac,0x20,0xc1,0x7c,0x2,0x75,0xee,0x20,0x95 --https-pin=0x1e,0xa3,0xc5,0xe4,0x3e,0xd6,0x6c,0x2d,0xa2,0x98,0x3a,0x42,0xa4,0xa7,0x9b,0x1e,0x90,0x67,0x86,0xce,0x9f,0x1b,0x58,0x62,0x14,0x19,0xa0,0x4,0x63,0xa8,0x7d,0x38 --https-pin=0x87,0xaf,0x34,0xd6,0x6f,0xb3,0xf2,0xfd,0xf3,0x6e,0x9,0x11,0x1e,0x9a,0xba,0x2f,0x6f,0x44,0xb2,0x7,0xf3,0x86,0x3f,0x3d,0xb,0x54,0xb2,0x50,0x23,0x90,0x9a,0xa5 --https-pin=0xbc,0xfb,0x44,0xaa,0xb9,0xad,0x2,0x10,0x15,0x70,0x6b,0x41,0x21,0xea,0x76,0x1c,0x81,0xc9,0xe8,0x89,0x67,0x59,0xf,0x6f,0x94,0xae,0x74,0x4d,0xc8,0x8b,0x78,0xfb --https-pin=0xab,0x98,0x49,0x52,0x76,0xad,0xf1,0xec,0xaf,0xf2,0x8f,0x35,0xc5,0x30,0x48,0x78,0x1e,0x5c,0x17,0x18,0xda,0xb9,0xc8,0xe6,0x7a,0x50,0x4f,0x4f,0x6a,0x51,0x32,0x8f --https-pin=0x49,0x5,0x46,0x66,0x23,0xab,0x41,0x78,0xbe,0x92,0xac,0x5c,0xbd,0x65,0x84,0xf7,0xa1,0xe1,0x7f,0x27,0x65,0x2d,0x5a,0x85,0xaf,0x89,0x50,0x4e,0xa2,0x39,0xaa,0xaa --https-pin=0x56,0x32,0xd9,0x7b,0xfa,0x77,0x5b,0xf3,0xc9,0x9d,0xde,0xa5,0x2f,0xc2,0x55,0x34,0x10,0x86,0x40,0x16,0x72,0x9c,0x52,0xdd,0x65,0x24,0xc8,0xa9,0xc3,0xb4,0x48,0x9f --https-pin=0x2a,0x8f,0x2d,0x8a,0xf0,0xeb,0x12,0x38,0x98,0xf7,0x4c,0x86,0x6a,0xc3,0xfa,0x66,0x90,0x54,0xe2,0x3c,0x17,0xbc,0x7a,0x95,0xbd,0x2,0x34,0x19,0x2d,0xc6,0x35,0xd0 --https-pin=0x32,0xb6,0x4b,0x66,0x72,0x7a,0x20,0x63,0xe4,0x6,0x6f,0x3b,0x95,0x8c,0xb0,0xaa,0xee,0x57,0x6a,0x5e,0xce,0xfd,0x95,0x33,0x99,0xbb,0x88,0x74,0x73,0x1d,0x95,0x87 --https-pin=0xf5,0x3c,0x22,0x5,0x98,0x17,0xdd,0x96,0xf4,0x0,0x65,0x16,0x39,0xd2,0xf8,0x57,0xe2,0x10,0x70,0xa5,0x9a,0xbe,0xd9,0x7,0x94,0x0,0xd9,0xf6,0x95,0x50,0x69,0x0 --https-pin=0x67,0xdc,0x4f,0x32,0xfa,0x10,0xe7,0xd0,0x1a,0x79,0xa0,0x73,0xaa,0xc,0x9e,0x2,0x12,0xec,0x2f,0xfc,0x3d,0x77,0x9e,0xa,0xa7,0xf9,0xc0,0xf0,0xe1,0xc2,0xc8,0x93 --https-pin=0x19,0x6,0xc6,0x12,0x4d,0xbb,0x43,0x85,0x78,0xd0,0xe,0x6,0x6d,0x50,0x54,0xc6,0xc3,0x7f,0xf,0xa6,0x2,0x8c,0x5,0x54,0x5e,0x9,0x94,0xed,0xda,0xec,0x86,0x29 --https-pin=0x1d,0x75,0xd0,0x83,0x1b,0x9e,0x8,0x85,0x39,0x4d,0x32,0xc7,0xa1,0xbf,0xdb,0x3d,0xbc,0x1c,0x28,0xe2,0xb0,0xe8,0x39,0x1f,0xb1,0x35,0x98,0x1d,0xbc,0x5b,0xa9,0x36 --annotation=host_int_account1_boot=25737545808 --annotation=machine_id=efbafa68-6015-44ec-8c40-fabb2c395ef9 --annotation=platform=win --annotation=platform_version=7 --initial-client-data=0xdc,0xe0,0xe4,0xd8,0xe8,0x6c60dda4,0x6c60ddb4,0x6c60ddc4
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -session-token:28b2b2b3-b0ce-4c17-b551-d0d596c873d9 -target-handle:240 -target-shutdown-event:232 -target-restart-event:216 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /systemstartup" -python-version:3.5.4 -method:collectupload -handler-pipe:\\.\pipe\crashpad_13984_UZYPVLEFHHUIINIA
"E:\PROGRAMY\hamachi\hamachi-2-ui.exe" --auto-start
"E:\PROGRAMY\hamachi\LMIGuardianSvc.exe" /escort 12844 /CUSTOM Hamachi
taskeng.exe {03DE53D5-5795-45E9-BE80-8CF95DE43804}
C:\Windows\DAODx.exe
C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe atlogon
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Paulie\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Paulie\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=70.0.3538.102 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fee8ad54d0,0x7fee8ad54e0,0x7fee8ad54f0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4900 --on-initialized-event-handle=352 --parent-handle=364 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=15241696921292208871 --mojo-platform-channel-handle=1008 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=1944002674174045702 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1944002674174045702 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=15226513685364069552 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15226513685364069552 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2392 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=5368684993855664127 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5368684993855664127 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=15605803999971129486 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15605803999971129486 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1928 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=14313192516611950083 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14313192516611950083 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=1086541565316985834 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1086541565316985834 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=8561905909079867940 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8561905909079867940 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12012 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=8289790578161563768 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8289790578161563768 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10876 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=18298686018687523859 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18298686018687523859 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=8598279076398715139 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8598279076398715139 --renderer-client-id=249 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10200 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=18034549636857644669 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18034549636857644669 --renderer-client-id=248 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=3460384294374146236 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3460384294374146236 --renderer-client-id=445 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=7276826053168702480 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7276826053168702480 --renderer-client-id=446 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=10815964677577437035 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10815964677577437035 --renderer-client-id=487 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10544 /prefetch:1
"E:\PROGRAMY\Steam\Steam.exe" "steam://rungameid/730"
E:\PROGRAMY\Steam\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=cs_CZ" "-cachedir=C:\Users\Paulie\AppData\Local\Steam\htmlcache" "-steampid=13756" "-buildid=1541819448" "-steamid=0" "-steamuniverse=Dev" "-clientui=E:\PROGRAMY\Steam\clientui" --disable-spell-checking --disable-out-of-process-pac --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-features=TouchpadAndWheelScrollLatching,AsyncWheelEvents --enable-media-stream --disable-smooth-scrolling --num-raster-threads=4 --enable-direct-write --disablehighdpi --force-device-scale-factor=1 --device-scale-factor=1 "--log-file=E:\PROGRAMY\Steam\logs\cef_log.txt"
E:\PROGRAMY\Steam\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=E:\PROGRAMY\Steam\dumps "--metrics-dir=C:\Users\Paulie\AppData\Local\CEF\User Data" --url=http://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1541819448 --initial-client-data=0x198,0x19c,0x1a0,0x194,0x1a4,0x7fee40d1f78,0x7fee40d1f88,0x7fee40d1f98
"E:\PROGRAMY\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --log-file="E:\PROGRAMY\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=cs-CZ --force-device-scale-factor=1 --disablehighdpi --buildid=1541819448 --steamid=0 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --log-file="E:\PROGRAMY\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=cs-CZ --force-device-scale-factor=1 --disablehighdpi --buildid=1541819448 --steamid=0 --service-request-channel-token=952138DDFCC9052F69DC36AD282C481B --mojo-platform-channel-handle=976 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"E:\PROGRAMY\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --force-device-scale-factor=1 --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --service-pipe-token=C9C9D26AC74E2B195508B6D9FB469C03 --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --lang=cs --log-file="E:\PROGRAMY\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --disable-spell-checking --force-device-scale-factor=1 --disablehighdpi --buildid=1541819448 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=C9C9D26AC74E2B195508B6D9FB469C03 --renderer-client-id=3 --mojo-platform-channel-handle=1476 /prefetch:1
"E:\PROGRAMY\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --force-device-scale-factor=1 --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --service-pipe-token=B24845578661C9116237ABC29F530C3E --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --lang=cs --log-file="E:\PROGRAMY\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --disable-spell-checking --force-device-scale-factor=1 --disablehighdpi --buildid=1541819448 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=B24845578661C9116237ABC29F530C3E --renderer-client-id=4 --mojo-platform-channel-handle=1812 /prefetch:1
taskeng.exe {AF429BDD-C50A-4611-8118-2707B2B1EBF1}
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=17729467539632858060 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17729467539632858060 --renderer-client-id=638 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe9_ Global\UsGthrCtrlFltPipeMssGthrPipe9 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=6959273995749447129 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6959273995749447129 --renderer-client-id=646 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8816 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,17919746699463963764,16147686834200170216,131072 --service-pipe-token=14537029481527687647 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14537029481527687647 --renderer-client-id=647 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11872 /prefetch:1
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Paulie\Downloads\RSITx64 (1).exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\ScpUpdater.job - E:\PROGRAMY\SCP TOOLKIT\ScpUpdater.exe /silent

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-03-08 6669000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - E:\PROGRAMY\JAVA\jre\bin\ssv.dll [2017-08-06 571968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23 162528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\PROGRAMY\JAVA\jre\bin\jp2ssv.dll [2017-08-06 235584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23 162528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-08 4171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_172\bin\ssv.dll [2018-05-10 480200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23 140512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-10 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23 140512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23 162528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23 140512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-10-04 7200984]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07 508128]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-10-12 242392]
"VMware Netlink 3 HV Install Utility"=C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [2017-07-12 75680]
"AdobeGCInvoker-1.0"=C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10 2670056]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=E:\PROGRAMY\Steam\steam.exe [2018-11-10 3131680]
"CCleaner Smart Cleaning"=D:\PROGRAMY\CCleaner\CCleaner64.exe [2018-09-10 18630056]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2016-04-23 3498720]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2018-11-06 3785536]
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2016-02-29 766464]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-28 588704]
"LogMeIn Hamachi Ui"=E:\PROGRAMY\hamachi\hamachi-2-ui.exe [2018-05-30 5885352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Avast Cleanup Premium.lnk - C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
Canon LBP2900 Status Window.lnk - C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
ScpToolkit Tray Notifications.lnk - E:\PROGRAMY\SCP TOOLKIT\ScpTrayApp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-03-08 6669000]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-08 4171464]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-11-17 13:44:49 ----D---- C:\rsit
2018-11-16 22:12:02 ----D---- C:\Users\Paulie\AppData\Roaming\WarThunder
2018-11-06 14:06:54 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2018-11-06 14:06:54 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2018-11-06 14:06:54 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2018-11-06 14:06:54 ----A---- C:\Windows\system32\DbxSvc.exe

======List of files/folders modified in the last 1 month======

2018-11-17 13:44:50 ----D---- C:\Program Files\trend micro
2018-11-17 13:44:39 ----D---- C:\Windows\Temp
2018-11-17 13:18:13 ----SHD---- C:\Windows\Installer
2018-11-16 23:26:09 ----D---- C:\Users\Paulie\AppData\Roaming\vlc
2018-11-16 22:22:03 ----D---- C:\Windows\system32\Tasks
2018-11-16 17:48:02 ----SHD---- C:\Config.Msi
2018-11-16 17:47:57 ----D---- C:\Windows\SysWOW64
2018-11-16 13:49:29 ----D---- C:\Windows\system32\config
2018-11-16 02:54:16 ----SHD---- C:\System Volume Information
2018-11-16 02:29:20 ----D---- C:\Windows\system32\drivers\etc
2018-11-14 03:21:06 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-11-14 03:21:04 ----D---- C:\Windows\system32\Macromed
2018-11-14 03:21:02 ----D---- C:\Windows\SYSWOW64\Macromed
2018-11-07 19:59:12 ----D---- C:\Windows\system32\drivers
2018-11-07 19:59:12 ----D---- C:\Windows\System32
2018-11-07 19:59:12 ----D---- C:\Program Files (x86)\Dropbox
2018-11-02 20:06:16 ----D---- C:\Windows\inf
2018-11-02 20:06:16 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2012-04-11 82560]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2012-04-11 42624]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2018-10-12 201928]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2018-10-12 346760]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2018-10-12 59664]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-10-12 88112]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-10-12 381144]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-10-12 201408]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2018-10-12 230512]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-10-12 185240]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2018-10-12 42456]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-10-12 111968]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-10-12 1028840]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-10-12 467904]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2016-02-10 137280]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2016-06-28 917032]
R1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [2016-06-28 119712]
R1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [2016-06-28 192864]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2016-06-28 143568]
R2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-10-12 163376]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-10-12 208640]
R2 hcmon;VMware hcmon; C:\Windows\system32\DRIVERS\hcmon.sys [2017-08-31 82904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-12-23 28725640]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-12-23 521608]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2013-08-16 140032]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2013-08-16 424192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-03-30 96256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-07 3680728]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
R3 ScpVBus;Scp Virtual Bus Driver; C:\Windows\system32\DRIVERS\ScpVBus.sys [2013-05-19 39168]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2016-04-26 39464]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2012-08-28 58536]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
S3 acsock;acsock; C:\Windows\system32\DRIVERS\acsock64.sys [2016-02-29 133168]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-10-12 47064]
S3 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys []
S3 EraserUtilDrv11510;EraserUtilDrv11510; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11510.sys [2016-06-06 153936]
S3 EraserUtilDrv11521;EraserUtilDrv11521; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [2016-06-06 156912]
S3 ew_usbccgpfilter;HwHandSet_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbccgpfilter.sys [2018-04-20 18944]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2016-11-11 34720]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2011-07-06 367976]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-12-26 805088]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2016-06-05 111344]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64-6.sys [2015-12-23 52592]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-29 23200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-08-13 83984]
R2 AGMService;Adobe Genuine Monitor Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2018-09-10 2910696]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2018-09-10 2704872]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-12-23 290184]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-08-30 361984]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-10-12 325024]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CleanupPSvc;Avast Cleanup Premium; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [2018-11-02 9121248]
R2 client_service;VMware Horizon Client; C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [2017-09-27 532456]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2018-11-06 51024]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Ds3Service;SCP DSx Service; E:\PROGRAMY\SCP TOOLKIT\ScpService.exe [2016-04-12 394944]
R2 ftnlsv3hv;VMware Netlink Supervisor Service; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [2017-07-12 218528]
R2 ftscanmgrhv;VMware Scanner Redirection Client; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe [2017-06-15 2949024]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; E:\PROGRAMY\hamachi\x64\hamachi-2.exe [2018-05-30 3346856]
R2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [2018-04-20 190784]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2017-08-31 882664]
R2 vmwsprrdpwks;VMware Serial Com Redirection Client service; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [2017-06-15 276896]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2016-02-29 573952]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-10-12 8188768]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-11-10 1684256]
S2 avast;Služba %1!s! Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-04 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-04 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-03 128608]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-08-06 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-06 152216]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-14 336008]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-10-03 52832]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-04 164984]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-08-06 143144]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-06 152216]
S3 chromoting;@C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_core.dll,-101; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [2018-10-18 73048]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-04-22 116224]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-03-08 30798512]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TunngleService;TunngleService; E:\PROGRAMY\Tunngle\TnglCtrl.exe [2016-06-23 872432]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]

-----------------EOF-----------------

Re: prosím o kontrolu logu , mám v PC havěť

Napsal: 17 lis 2018 17:01
od Conder
Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj

Re: prosím o kontrolu logu , mám v PC havěť

Napsal: 18 lis 2018 12:37
od Paulie0001
Zdravím, děkuju za odpověď :)

Adwcleaner mi dokonce rozchodil i tiskárnu :D ta z nějakého důvodu nedávno přestala tisknout a nic to nehlásilo za chybu, byla zapojená do PC a zapnutá, ale nic nechtěla vytisknout :D
Po skenu a restartu PC najednou začala tisknout dokumenty, které se za ten čas nashromáždily :D


posílám log z adwcleaner:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-14.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-18-2018
# Duration: 00:00:01
# OS: Windows 7 Professional
# Cleaned: 10
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Paulie\AppData\Roaming\DriverFinder
Deleted C:\Program Files (x86)\WEATHERHUB

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\FutureGames
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Deleted HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Deleted HKCU\Software\PRODUCTSETUP

***** [ Chromium (and derivatives) ] *****

Deleted Weather Hub

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2004 octets] - [18/11/2018 01:46:08]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: prosím o kontrolu logu , mám v PC havěť

Napsal: 18 lis 2018 17:27
od Conder
:arrow: Poprosim o obidva logy z FRST (FRST.txt a Addition.txt) podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679

Re: prosím o kontrolu logu , mám v PC havěť

Napsal: 18 lis 2018 18:19
od Paulie0001
posílám logy z FRST, oba najdete v příloze :)

Díky

Re: prosím o kontrolu logu , mám v PC havěť

Napsal: 19 lis 2018 22:40
od Conder
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: E:\PROGRAMY\SCP TOOLKIT\ScpService.exe
File: C:\Windows\DAODx.exe
File: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File: E:\PROGRAMY\Tunngle\TnglCtrl.exe

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {c591bfd7-2ad9-11e6-9155-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {ef9f63f2-9cb7-11e8-8122-99fdd327bea2} - H:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {ef9f63f8-9cb7-11e8-8122-99fdd327bea2} - H:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {ef9f63fc-9cb7-11e8-8122-99fdd327bea2} - H:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION
Toolbar: HKU\S-1-5-21-2623976002-1524246759-2826972749-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kbejacapfbbfcbonimhhmpdbbpjdoplf] - hxxps://clients2.google.com/service/update2/crx
S3 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2018-11-17 13:44 - 2018-11-17 13:44 - 001222144 _____ C:\Users\Paulie\Downloads\RSITx64 (2).exe
2018-11-17 13:44 - 2018-11-17 13:44 - 001222144 _____ C:\Users\Paulie\Downloads\RSITx64 (1).exe
2018-11-17 13:44 - 2018-11-17 13:44 - 000000000 ____D C:\rsit
2018-11-17 13:44 - 2017-05-28 21:55 - 000000000 ____D C:\Program Files\trend micro
2018-09-29 10:56 - 2018-09-29 10:56 - 000000000 _____ () C:\Users\Paulie\AppData\Local\oobelibMkey.log
C:\Windows\sysde32.exe

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
Task: {0523DB44-447D-4B7B-A1D8-D1FA4DE3B576} - System32\Tasks\svchostc => C:\Users\Paulie\AppData\Local\svchostc\svchostc.exe <==== ATTENTION
Task: {0CDF9102-004D-4CDF-BEBF-C23CA3DACBD9} - System32\Tasks\Norton Security\Norton Error Processor => D:\PROGRAMY\Norton\Engine\22.5.2.15\SymErr.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3E78501D-26E3-4B44-8530-152A088ACC81} - System32\Tasks\WarThunder3 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=1&aff_sub2=3oPFTa2CxUajipcNH2PTCNLf0whepipZBBrPDFRaOiixVmp88FMtisDipJgAAAJvA9XUie&click_id=7959f3a77f784004e53308750d6fe7629c4546a4 --app-window-size=1920,1080 <==== ATTENTION
Task: {40800322-3B1C-441D-91B1-2A9188C2F0AB} - System32\Tasks\{7DA5579A-B480-4872-94AF-AFC0CCA2E092} => C:\Windows\system32\pcalua.exe -a C:\bbuninst.exe -d C:\
Task: {4270D2FF-3FB7-4CF1-9C23-5D4E3B069787} - System32\Tasks\Norton WSC Integration => D:\PROGRAMY\Norton\Engine\22.5.2.15\WSCStub.exe
Task: {554FE7D5-26C0-410C-B830-51F089A5D06A} - System32\Tasks\{CE14BFDF-BB8E-485B-8D2B-0EFC704BE0E5} => C:\Windows\system32\pcalua.exe -a "E:\PROGRAMY\Free Rapid Downloader\frd.exe" -d "E:\PROGRAMY\Free Rapid Downloader"
Task: {6121A695-DE65-443D-949F-B03FB1B8AC0D} - System32\Tasks\SmartDefrag_Startup => E:\PROGRAMY\Smart Defrag\SmartDefrag.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B364E687-A2FD-4F33-9F86-E12B7B822F5C} - System32\Tasks\WinDef Update Service => FILEPATH
Task: {BCF27A25-5BCF-477B-ADDF-17792518B9C3} - System32\Tasks\Norton Security\Norton Error Analyzer => D:\PROGRAMY\Norton\Engine\22.5.2.15\SymErr.exe
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Re: prosím o kontrolu logu , mám v PC havěť

Napsal: 21 lis 2018 00:35
od Paulie0001
posílám log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by Paulie (21-11-2018 00:30:42) Run:1
Running from C:\Users\Paulie\Desktop
Loaded Profiles: Paulie (Available Profiles: Paulie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: E:\PROGRAMY\SCP TOOLKIT\ScpService.exe
File: C:\Windows\DAODx.exe
File: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File: E:\PROGRAMY\Tunngle\TnglCtrl.exe

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {c591bfd7-2ad9-11e6-9155-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {ef9f63f2-9cb7-11e8-8122-99fdd327bea2} - H:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {ef9f63f8-9cb7-11e8-8122-99fdd327bea2} - H:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {ef9f63fc-9cb7-11e8-8122-99fdd327bea2} - H:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION
Toolbar: HKU\S-1-5-21-2623976002-1524246759-2826972749-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kbejacapfbbfcbonimhhmpdbbpjdoplf] - hxxps://clients2.google.com/service/update2/crx
S3 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2018-11-17 13:44 - 2018-11-17 13:44 - 001222144 _____ C:\Users\Paulie\Downloads\RSITx64 (2).exe
2018-11-17 13:44 - 2018-11-17 13:44 - 001222144 _____ C:\Users\Paulie\Downloads\RSITx64 (1).exe
2018-11-17 13:44 - 2018-11-17 13:44 - 000000000 ____D C:\rsit
2018-11-17 13:44 - 2017-05-28 21:55 - 000000000 ____D C:\Program Files\trend micro
2018-09-29 10:56 - 2018-09-29 10:56 - 000000000 _____ () C:\Users\Paulie\AppData\Local\oobelibMkey.log
C:\Windows\sysde32.exe

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
Task: {0523DB44-447D-4B7B-A1D8-D1FA4DE3B576} - System32\Tasks\svchostc => C:\Users\Paulie\AppData\Local\svchostc\svchostc.exe <==== ATTENTION
Task: {0CDF9102-004D-4CDF-BEBF-C23CA3DACBD9} - System32\Tasks\Norton Security\Norton Error Processor => D:\PROGRAMY\Norton\Engine\22.5.2.15\SymErr.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3E78501D-26E3-4B44-8530-152A088ACC81} - System32\Tasks\WarThunder3 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=1&aff_sub2=3oPFTa2CxUajipcNH2PTCNLf0whepipZBBrPDFRaOiixVmp88FMtisDipJgAAAJvA9XUie&click_id=7959f3a77f784004e53308750d6fe7629c4546a4 --app-window-size=1920,1080 <==== ATTENTION
Task: {40800322-3B1C-441D-91B1-2A9188C2F0AB} - System32\Tasks\{7DA5579A-B480-4872-94AF-AFC0CCA2E092} => C:\Windows\system32\pcalua.exe -a C:\bbuninst.exe -d C:\
Task: {4270D2FF-3FB7-4CF1-9C23-5D4E3B069787} - System32\Tasks\Norton WSC Integration => D:\PROGRAMY\Norton\Engine\22.5.2.15\WSCStub.exe
Task: {554FE7D5-26C0-410C-B830-51F089A5D06A} - System32\Tasks\{CE14BFDF-BB8E-485B-8D2B-0EFC704BE0E5} => C:\Windows\system32\pcalua.exe -a "E:\PROGRAMY\Free Rapid Downloader\frd.exe" -d "E:\PROGRAMY\Free Rapid Downloader"
Task: {6121A695-DE65-443D-949F-B03FB1B8AC0D} - System32\Tasks\SmartDefrag_Startup => E:\PROGRAMY\Smart Defrag\SmartDefrag.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B364E687-A2FD-4F33-9F86-E12B7B822F5C} - System32\Tasks\WinDef Update Service => FILEPATH
Task: {BCF27A25-5BCF-477B-ADDF-17792518B9C3} - System32\Tasks\Norton Security\Norton Error Analyzer => D:\PROGRAMY\Norton\Engine\22.5.2.15\SymErr.exe
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 1685
Average :
Sum : 16878375835
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========


========================= File: E:\PROGRAMY\SCP TOOLKIT\ScpService.exe ========================

E:\PROGRAMY\SCP TOOLKIT\ScpService.exe
File is digitally signed
MD5: BFC7F223D5D6EBE9E2B09CE05D0224ED
Creation and modification date: 2016-04-12 17:57 - 2016-04-12 17:57
Size: 000394944
Attributes: ----A
Company Name: Scarlet.Crush Productions
Internal Name: ScpService.exe
Original Name: ScpService.exe
Product: ScpService
Description: ScpService
File Version: 1.7.277.16103
Product Version: 1.7.277.16103
Copyright: Copyright © Scarlet.Crush Productions 2012-2014, Benjamin Höglinger 2015-2016
VirusTotal: https://www.virustotal.com/file/b408eb2 ... 523649259/

====== End of File: ======


========================= File: C:\Windows\DAODx.exe ========================

C:\Windows\DAODx.exe
File not signed
MD5: 6954474CE8D7C32918CF3448160F8DFC
Creation and modification date: 2009-03-30 07:32 - 2009-03-30 07:32
Size: 000032768
Attributes: ---RA
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/f44d0a7 ... 542113445/

====== End of File: ======


========================= File: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe ========================

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
File not signed
MD5: 33DAD4064F4E391D09A6FEAD8B3842D2
Creation and modification date: 2013-08-30 00:49 - 2013-08-30 00:49
Size: 000361984
Attributes: ----A
Company Name: Advanced Micro Devices, Inc.
Internal Name: Fuel
Original Name: Fuel.Service.exe
Product: AMD Fuel Service
Description: AMD Fuel Service
File Version: 1.0.0.0
Product Version: 1.0.0.0
Copyright: Copyright © 2009-2010 Advanced Micro Devices, Inc. All Rights Reserved
VirusTotal: https://www.virustotal.com/file/cb0ca40 ... 489728900/

====== End of File: ======


========================= File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe ========================

C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File not signed
MD5: 9CEE2BBB060DC4B7062BE4461774A7A0
Creation and modification date: 2018-04-20 07:28 - 2018-04-20 07:28
Size: 000190784
Attributes: ----A
Company Name:
Internal Name: DCSHOST
Original Name: HuaweiHiSuiteService.EXE
Product: HuaweiHiSuiteService
Description: HuaweiHiSuiteService
File Version: 2, 0, 0, 42
Product Version: 2, 0, 0, 42
Copyright: Copyright (C) 2008
VirusTotal: https://www.virustotal.com/file/bbe3aee ... 542683793/

====== End of File: ======


========================= File: E:\PROGRAMY\Tunngle\TnglCtrl.exe ========================

E:\PROGRAMY\Tunngle\TnglCtrl.exe
File not signed
MD5: E775DAF583CFF96F81306A4A93E501FE
Creation and modification date: 2016-11-18 13:11 - 2016-06-23 18:23
Size: 000872432
Attributes: ----A
Company Name: Tunngle.net GmbH
Internal Name: TunngleService
Original Name: TnglCtrl.exe
Product: Tunngle Network Service
Description: Tunngle Service
File Version: 5.8.7.0
Product Version: Release
Copyright: Copyright © Tunngle.net GmbH. All rights reserved.
VirusTotal: 0

====== End of File: ======

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => removed successfully
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H => removed successfully
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c591bfd7-2ad9-11e6-9155-806e6f6e6963} => removed successfully
HKLM\Software\Classes\CLSID\{c591bfd7-2ad9-11e6-9155-806e6f6e6963} => not found
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef9f63f2-9cb7-11e8-8122-99fdd327bea2} => removed successfully
HKLM\Software\Classes\CLSID\{ef9f63f2-9cb7-11e8-8122-99fdd327bea2} => not found
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef9f63f8-9cb7-11e8-8122-99fdd327bea2} => removed successfully
HKLM\Software\Classes\CLSID\{ef9f63f8-9cb7-11e8-8122-99fdd327bea2} => not found
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef9f63fc-9cb7-11e8-8122-99fdd327bea2} => removed successfully
HKLM\Software\Classes\CLSID\{ef9f63fc-9cb7-11e8-8122-99fdd327bea2} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kbejacapfbbfcbonimhhmpdbbpjdoplf => removed successfully
HKLM\System\CurrentControlSet\Services\eeCtrl => removed successfully
eeCtrl => service removed successfully
HKLM\System\CurrentControlSet\Services\gdrv => removed successfully
gdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMSwissArmy => removed successfully
MBAMSwissArmy => service removed successfully
C:\Users\Paulie\Downloads\RSITx64 (2).exe => moved successfully
C:\Users\Paulie\Downloads\RSITx64 (1).exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\Paulie\AppData\Local\oobelibMkey.log => moved successfully
C:\Windows\sysde32.exe => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{0523DB44-447D-4B7B-A1D8-D1FA4DE3B576}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0523DB44-447D-4B7B-A1D8-D1FA4DE3B576}" => removed successfully
C:\Windows\System32\Tasks\svchostc => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\svchostc" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CDF9102-004D-4CDF-BEBF-C23CA3DACBD9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CDF9102-004D-4CDF-BEBF-C23CA3DACBD9}" => removed successfully
C:\Windows\System32\Tasks\Norton Security\Norton Error Processor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security\Norton Error Processor" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E78501D-26E3-4B44-8530-152A088ACC81}" => not found
"C:\Windows\System32\Tasks\WarThunder3" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WarThunder3" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40800322-3B1C-441D-91B1-2A9188C2F0AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40800322-3B1C-441D-91B1-2A9188C2F0AB}" => removed successfully
C:\Windows\System32\Tasks\{7DA5579A-B480-4872-94AF-AFC0CCA2E092} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DA5579A-B480-4872-94AF-AFC0CCA2E092}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4270D2FF-3FB7-4CF1-9C23-5D4E3B069787}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4270D2FF-3FB7-4CF1-9C23-5D4E3B069787}" => removed successfully
C:\Windows\System32\Tasks\Norton WSC Integration => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{554FE7D5-26C0-410C-B830-51F089A5D06A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{554FE7D5-26C0-410C-B830-51F089A5D06A}" => removed successfully
C:\Windows\System32\Tasks\{CE14BFDF-BB8E-485B-8D2B-0EFC704BE0E5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CE14BFDF-BB8E-485B-8D2B-0EFC704BE0E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6121A695-DE65-443D-949F-B03FB1B8AC0D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6121A695-DE65-443D-949F-B03FB1B8AC0D}" => removed successfully
C:\Windows\System32\Tasks\SmartDefrag_Startup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B364E687-A2FD-4F33-9F86-E12B7B822F5C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B364E687-A2FD-4F33-9F86-E12B7B822F5C}" => removed successfully
C:\Windows\System32\Tasks\WinDef Update Service => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinDef Update Service" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCF27A25-5BCF-477B-ADDF-17792518B9C3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCF27A25-5BCF-477B-ADDF-17792518B9C3}" => removed successfully
C:\Windows\System32\Tasks\Norton Security\Norton Error Analyzer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security\Norton Error Analyzer" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44029070 B
Java, Flash, Steam htmlcache => 129511875 B
Windows/system/drivers => 5034041 B
Edge => 0 B
Chrome => 679672757 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 66660 B
LocalService => 66228 B
NetworkService => 0 B
Paulie => 80595832 B

RecycleBin => 305020796 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:31:26 ====

Re: prosím o kontrolu logu , mám v PC havěť

Napsal: 21 lis 2018 15:30
od Conder
:arrow: Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy?

:arrow: Plocha ma cca 15 GB. Presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz