Dobrý den potřebuji pomoci s havětí v emailu.(jako prohlížeč používám M.Outlook)
Systém načítá ca v 50 exemplářích denně, nejspíš zavirované obchodní sdělení přestože jsem ho nikdy v odkazu neotevřel , zkoušel odvirovat, pořád padá do pošty jako SPAM, nelze se ho nijak zbavit. Všechny soubory jsou stejné s datem a hodinou a jejich předmět , název zprávy vypadá takto:
Od Předmět Přijato Velikost Kategorie
ObchodnĂ sdÄ›lenĂ Klus Recyklus(uje), Kato rapuje a ty můžeš vyhrát! 13.12.2016 17:02 60 kB
Log RSIT po vyčistění cleanerem je zde.
info.txt logfile of random's system information tool 1.14 2017-01-02 09:30:03
======MBR======
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A6BD60D0000008001010007FEFFFF3F000000C14BA11200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
32 Bit HP CIO Components Installer [20120210]-->MsiExec.exe /I{6553F4A8-B67F-49BA-A882-FF499C83CF4B}
7-Zip 9.17 beta [2016/05/01 18:58:06]-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 24 NPAPI [2016/12/13 19:11:22]-->C:\Windows\system32\Macromed\Flash\FlashUtil32_24_0_0_186_Plugin.exe -maintain plugin
Adobe Photoshop Elements [2016/05/01 18:58:06]-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Adobe Reader XI (11.0.18) [20161012]-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}
Adobe Refresh Manager [20161109]-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824205020}
Adobe SVG Viewer [2016/05/01 18:58:06]-->C:\Windows\IsUninst.exe -f"C:\Windows\System32\Adobe\SVG Viewer\Uninst.isu"
Apowersoft Phone Manager verze 2.8.0 [20161211]-->"C:\Program Files\Apowersoft\Apowersoft Phone Manager\unins000.exe"
Avira [2016/05/01 18:58:06]-->"C:\ProgramData\Package Cache\{0696cc37-db90-4000-be99-4a173ca7c8af}\Avira.OE.Setup.Bundle.exe" /uninstall
Avira [2016/05/01 18:58:06]-->"C:\ProgramData\Package Cache\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}\Avira.OE.Setup.Bundle.exe" /uninstall
Avira [2016/05/01 18:58:06]-->"C:\ProgramData\Package Cache\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}\Avira.OE.Setup.Bundle.exe" /uninstall
Avira [2016/05/01 18:58:06]-->"C:\ProgramData\Package Cache\{bd538030-07d4-4999-a525-7fafa2483f56}\Avira.OE.Setup.Bundle.exe" /uninstall
Avira Antivirus [2016/12/13 23:33:21]-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Avira Connect [2016/12/09 19:03:34]-->"C:\ProgramData\Package Cache\{707e8edf-9482-4417-ae39-c9b5fe605e87}\Avira.OE.Setup.Bundle.exe" /uninstall
Avira Connect [20161209]-->MsiExec.exe /X{827F31DC-A307-4A62-B640-840D1A5D2698}
Avira Free Antivirus [2016/05/01 18:58:06]-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Avira Launcher [2016/05/01 18:58:06]-->"C:\ProgramData\Package Cache\{59c4462d-a177-4d44-a95b-deda1be79844}\Avira.OE.Setup.Bundle.exe" /uninstall
Avira Launcher [2016/05/01 18:58:06]-->"C:\ProgramData\Package Cache\{d0e166af-1634-4c0b-ae96-2180e61f9d38}\Avira.OE.Setup.Bundle.exe" /uninstall
Avira Launcher [2016/05/01 18:58:06]-->"C:\ProgramData\Package Cache\{d6a7cfcc-1f1c-4638-8f9e-0f184696fcdb}\Avira.OE.Setup.Bundle.exe" /uninstall
Balíček ovladače systému Windows - Broadcom Corporation (bcbtums) Bluetooth (03/16/2012 6.5.1.2600) [2016/05/01 18:58:06]-->C:\PROGRA~1\DIFX\25C232B9F73C1237\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-devx86-brcm.inf_x86_neutral_1a2a954f126f5792\bcbtums-devx86-brcm.inf
Balíček ovladače systému Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) [2016/05/01 18:58:06]-->C:\PROGRA~1\DIFX\25C232B9F73C1237\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtumsld.inf_x86_neutral_a998ee8c9d8b4d00\bcbtumsld.inf
Balíček ovladače systému Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) [2016/05/01 18:58:06]-->C:\PROGRA~1\DIFX\25C232B9F73C1237\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-vistax86-brcm.inf_x86_neutral_058917c98704e215\bcbtums-vistax86-brcm.inf
Balíček ovladače systému Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) [2016/05/01 18:58:06]-->C:\PROGRA~1\DIFX\25C232B9F73C1237\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-win7x86-brcm.inf_x86_neutral_57a1b8f7a25b0a68\bcbtums-win7x86-brcm.inf
Balíček ovladače systému Windows - Broadcom HIDClass (09/11/2009 6.3.0.1500) [2016/05/01 18:58:06]-->C:\PROGRA~1\DIFX\25C232B9F73C1237\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbthid32.inf_x86_neutral_fa545699547bd972\bcbthid32.inf
CCleaner [2016/05/01 18:58:06]-->"C:\Program Files\CCleaner\uninst.exe"
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{6BDEB2BD-7C8B-4734-9E2F-E9EDC9D6C844}" "1029" "0"
Free DWG Viewer 16.0 [20160811]-->MsiExec.exe /X{C476A40F-782A-4D6B-8E27-64AAC06A7076}
Google Chrome [20150227]-->"C:\Program Files\Google\Chrome\Application\55.0.2883.87\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper [20161217]-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
HP Commercial Scanjet 5590 TWAIN Driver [2016/05/01 18:58:06]-->C:\Windows\IsUninst.exe -fC:\Windows\PIXTRAN\HP559TW.isu
hp deskjet 990c series (Pouze odstranit) [2016/05/01 18:58:06]-->C:\Program Files\hp deskjet 990c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=990c -huninstall
HPScanjet5590Corporate11 [20120326]-->MsiExec.exe /I{4E985169-A6AF-4FAE-83F4-ACC9C21A3BFC}
Java 7 Update 45 [20130529]-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217021FF}
Microsoft .NET Framework 4.6.1 (CSY) [20160715]-->MsiExec.exe /X{F4C709E1-76EC-3A6B-A015-38AEB35CAED0}
Microsoft .NET Framework 4.6.1 (čeština) [2016/07/15 20:57:23]-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.6.01055\CSY\\Setup.exe /repair /x86 /lcid 1029
Microsoft .NET Framework 4.6.1 [2016/07/14 20:31:27]-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.6.01055\\Setup.exe /repair /x86
Microsoft .NET Framework 4.6.1 [20161214]-->MsiExec.exe /X{30500C7C-2206-3DC6-9792-96E95A04669D}
Microsoft Antimalware Service CS-CZ Language Pack [20120103]-->MsiExec.exe /X{17CA32D1-73BD-4990-B8F6-369D8D34B05D}
Microsoft Office Access MUI (Czech) 2010 [20141023]-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010 [20150415]-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010 [20141023]-->MsiExec.exe /X{90140000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010 [20141023]-->MsiExec.exe /X{90140000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010 [20150211]-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook Connector [20140109]-->MsiExec.exe /X{95140000-0081-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010 [20160210]-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010 [20150415]-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010 [20141025]-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010 [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Proof (Czech) 2010 [20141025]-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010 [20150910]-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010 [20141113]-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010 [20141023]-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010 [20141023]-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010 [20141023]-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010 [20160810]-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Single Image 2010 [20140410]-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010 [20151112]-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft Security Client CS-CZ Language Pack [20120103]-->MsiExec.exe /I{50779A29-834E-4E36-BBEB-B7CABC67A825}
Microsoft Silverlight [20161012]-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [20140118]-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [20140119]-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [20150212]-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 [2016/08/11 05:55:07]-->"C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [20160811]-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [20160811]-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) [20150212]-->MsiExec.exe /X{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) [2016/05/01 18:58:06]-->C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.exe
Security Update for Microsoft .NET Framework 4.6.1 (KB3122661) [2016/07/15 20:51:09]-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.6.01055\setup.exe /uninstallpatch {51754CAF-1734-39B0-B10B-4AB66BCC02C0}
Security Update for Microsoft .NET Framework 4.6.1 (KB3127233) [2016/07/15 20:37:45]-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.6.01055\setup.exe /uninstallpatch {B8FFB62D-5BBC-35AD-BF69-3D7B52450FA4}
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000v2) [2016/07/15 21:01:09]-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.6.01055\setup.exe /uninstallpatch {2B321B91-0E99-3F89-9664-3278A790984D}
Security Update for Microsoft .NET Framework 4.6.1 (KB3142037) [2016/07/15 20:40:12]-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.6.01055\setup.exe /uninstallpatch {59E81921-739B-3DE1-8329-E2FAD1F691A4}
Security Update for Microsoft .NET Framework 4.6.1 (KB3143693) [2016/07/15 20:45:33]-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.6.01055\setup.exe /uninstallpatch {CC6C62FF-0741-3062-8D70-09A13AD6C9C2}
Security Update for Microsoft .NET Framework 4.6.1 (KB3164025) [2016/07/15 20:59:09]-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.6.01055\setup.exe /uninstallpatch {456E28A3-8C83-3B42-B77D-BA87FDFDB138}
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{DC8EDDCF-2031-4C8D-916C-64058A3ACA95}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{EC2CA755-17D8-4392-A91E-FD4D2DD31072}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{0241FB40-015F-42AC-A711-1AE59E346B51}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{7AC3F78E-ECA0-45F4-A9CC-3E885DA23662}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-0000-0000000FF1CE}" "{A5B39813-17B0-4481-B19E-9C57C0BF1EE0}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition [2016/08/10 21:30:07]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-0000-0000000FF1CE}" "{8EF6E859-B8AB-45AB-ACF9-7807B4DACE39}" "1029" "0"
Security Update for Microsoft Office 2010 (KB3114400) 32-Bit Edition [2016/08/10 21:30:07]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-0000-0000000FF1CE}" "{93EC6E8B-5958-4FD4-8A75-8E6DD8728E6C}" "1029" "0"
Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-0000-0000000FF1CE}" "{D3062327-37A1-44C8-803D-39BB86F41946}" "1029" "0"
Security Update for Microsoft Word 2010 (KB2965313) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-0000-0000000FF1CE}" "{25B309EB-E3E5-4659-A286-A4C82DB40089}" "1029" "0"
Security Update for Microsoft Word 2010 (KB2965313) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0405-0000-0000000FF1CE}" "{25B309EB-E3E5-4659-A286-A4C82DB40089}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-0000-0000000FF1CE}" "{A71E3AD4-5545-4D59-9F11-75F363563C6A}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{8925227F-C7B5-4C95-AB58-4FCF2433DAEE}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{09A9DF49-DA06-4093-A2FD-F339211E39EA}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-041B-0000-0000000FF1CE}" "{0C337AF5-E6A7-4B6B-8F8E-08F9C6F956B4}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0405-0000-0000000FF1CE}" "{EA82267F-4AAB-46BA-AD6A-9EBB544D0EF7}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition [2016/08/10 21:30:07]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-0000-0000000FF1CE}" "{2C911571-C8B6-400B-B323-417C1806E866}" "1029" "0"
Seznam Software [2013/09/29 11:04:13]-->"C:\Users\milan\AppData\Roaming\Seznam.cz\szninstall.exe" -X
Skype Click to Call [20130529]-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 7.0 [20150415]-->MsiExec.exe /X{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
The KMPlayer (remove only) [2016/05/01 18:58:06]-->"C:\Program Files\The KMPlayer\uninstall.exe"
Total Commander (Remove or Repair) [2016/05/01 18:58:06]-->c:\totalcmd\tcuninst.exe
Update for Microsoft .NET Framework 4.6.1 (KB3210136) [2016/12/14 21:52:49]-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.6.01055\setup.exe /uninstallpatch {C2296E9A-3806-30BD-A5AB-BE94CC699C18}
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}" "1029" "0"
Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0405-0000-0000000FF1CE}" "{4CF299B5-70FA-43A0-A3E7-A5B1062E70D8}" "1029" "0"
Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-0000-0000000FF1CE}" "{4CF299B5-70FA-43A0-A3E7-A5B1062E70D8}" "1029" "0"
Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0405-0000-0000000FF1CE}" "{4CF299B5-70FA-43A0-A3E7-A5B1062E70D8}" "1029" "0"
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{39767ECA-1731-45DB-AB5B-6BF40E151D66}" "1029" "0"
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}" "1029" "0"
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}" "1029" "0"
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{287A1E92-9E41-4BC1-8920-B3D0E9220800}" "1029" "0"
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{9D69691D-823D-4C3E-9B12-563A3F520366}" "1029" "0"
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}" "1029" "0"
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{5AA578BB-759C-40FD-9661-A737C0884541}" "1029" "0"
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{BA610006-2C39-4419-9834-CF61AB24810A}" "1029" "0"
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{60C9499F-B532-4206-AB19-F88C3A7684D5}" "1029" "0"
Update for Microsoft Office 2010 (KB3055042) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{548F42CA-61CC-4A49-9963-50124AC7B81D}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{51CCA922-A0CC-47C4-8910-6936D97CAC2E}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0405-0000-0000000FF1CE}" "{C212FFAD-1911-4EC9-A4E9-664449800574}" "1029" "0"
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{2AB483F1-C86E-427A-83B4-23889B03512D}" "1029" "0"
Update for Microsoft Outlook 2010 (KB3114756) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-0000-0000000FF1CE}" "{5109C4DF-0CA0-44C1-85BF-CCA01771B7C7}" "1029" "0"
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}" "1029" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition [2016/05/01 18:58:06]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{F9F5A080-AF38-4966-9A6B-C43DCA465035}" "1029" "0"
WinRAR 4.20 (32-bit) [2016/05/01 18:58:06]-->C:\Program Files\WinRAR\uninstall.exe
Hosts File Missing
======System event log"======
Computer Name: milan-PC
Event Code: 7036
Message: Stav služby Defragmentace disku byl změněn na: Zastaveno
Record Number: 634027
Source Name: Service Control Manager
Time Written: 20160915174942.150390-000
Event Type: Informace
User:
Computer Name: milan-PC
Event Code: 1
Message: Systém byl obnoven z režimu spánku.
Doba režimu spánku: 2016-09-15T17:48:44.148437500Z
Čas probuzení: 2016-09-15T17:49:16.659179700Z
Prostředek probuzení: Zařízení -Kořenový rozbočovač USB
Record Number: 634026
Source Name: Microsoft-Windows-Power-Troubleshooter
Time Written: 20160915174933.321289-000
Event Type: Informace
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: milan-PC
Event Code: 7036
Message: Stav služby Načítání obrázků (WIA) byl změněn na: Spuštěno
Record Number: 634025
Source Name: Service Control Manager
Time Written: 20160915174931.561523-000
Event Type: Informace
User:
Computer Name: milan-PC
Event Code: 1012
Message: Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Record Number: 634024
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20160915174929.577148-000
Event Type: Chyba
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: milan-PC
Event Code: 7036
Message: Stav služby Podpora rozhraní NetBIOS nad protokolem TCP/IP byl změněn na: Spuštěno
Record Number: 634023
Source Name: Service Control Manager
Time Written: 20160915174928.169921-000
Event Type: Informace
User:
=====Application event log"=====
Computer Name: milan-PC
Event Code: 0
Message: PowerEvent handled successfully by the service.
Record Number: 139252
Source Name: Avira Service Host
Time Written: 20160517114153.000000-000
Event Type: Informace
User:
Computer Name: milan-PC
Event Code: 903
Message: Služba Ochrana softwaru byla ukončena.
Record Number: 139251
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20160517111610.000000-000
Event Type: Informace
User:
Computer Name: milan-PC
Event Code: 902
Message: Služba Ochrana softwaru byla spuštěna.
6.1.7601.17514
Record Number: 139250
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20160517111105.000000-000
Event Type: Informace
User:
Computer Name: milan-PC
Event Code: 1003
Message: Služba Ochrana softwaru dokončila kontrolu stavu licencování.
ID aplikace=55c92734-d682-4d71-983e-d6ec3f16059f
Stav licencování=
1: 01f5fc37-a99e-45c5-b65e-d762f3518ead, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 2e7d060d-4714-40f2-9896-1e4f15b612ad, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
3: 3b965dfc-31d9-4903-886f-873a0382776c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: 586bc076-c93d-429a-afe5-a69fbc644e88, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: 5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 5e35dc43-389b-47c5-b889-2088b06738cb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
7: 6a7d5d8a-92af-4e6a-af4b-8fddaec800e5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
8: 9ab82e0c-ffc9-4107-baa1-c65a8bd3ccc3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
9: 9f83d90f-a151-4665-ae69-30b3f63ec659, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
10: a63275f4-530c-48a7-b0d3-4f00d688d151, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
11: b8a4bb91-69b1-460d-93f8-40e0670af04a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
12: d2c04e90-c3dd-4260-b0f3-f845f5d27d64, 1, 1 [(0 [0x00000000, 1, 0], [(?)(?)( 1 0x00000000 0 0 msft:rm/algorithm/bios/4.0 0x00000000 0)(?)(?)(?)])(1 )(2 )]
13: e68b141f-4dfa-4387-b3b7-e65c4889216e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
14: ee4e1629-bcdc-4b42-a68f-b92e135f78d7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
15: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
16: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
Record Number: 139249
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20160517111105.000000-000
Event Type: Informace
User:
Computer Name: milan-PC
Event Code: 1066
Message: Inicializační stav pro objekty služby
C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000
Record Number: 139248
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20160517111105.000000-000
Event Type: Informace
User:
=====Security event log"=====
Computer Name: milan-PC
Event Code: 5061
Message: Kryptografická operace.
Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5
Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: RSA
Název klíče: 8d1d7be2-f72a-48d9-906f-7a2281523381
Typ klíče: Klíč počítače
Kryptografická operace:
Operace: Otevřít klíč
Návratový kód: 0x0
Record Number: 597096
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160517121239.766601-000
Event Type: Úspěšný audit
User:
Computer Name: milan-PC
Event Code: 5058
Message: Operace se souborem klíče.
Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5
Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: Není k dispozici.
Název klíče: 8d1d7be2-f72a-48d9-906f-7a2281523381
Typ klíče: Klíč počítače
Informace o operaci se souborem klíče:
Cesta k souboru: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\170a8d0e6552d87e4b186cf78451ced4_2b19cde3-7d30-4727-ba8c-8518ef5b0f49
Operace: Čtení trvalého klíče ze souboru
Návratový kód: 0x0
Record Number: 597095
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160517121239.766601-000
Event Type: Úspěšný audit
User:
Computer Name: milan-PC
Event Code: 5061
Message: Kryptografická operace.
Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5
Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: RSA
Název klíče: 8d1d7be2-f72a-48d9-906f-7a2281523381
Typ klíče: Klíč počítače
Kryptografická operace:
Operace: Otevřít klíč
Návratový kód: 0x0
Record Number: 597094
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160517121233.922851-000
Event Type: Úspěšný audit
User:
Computer Name: milan-PC
Event Code: 5058
Message: Operace se souborem klíče.
Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5
Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: Není k dispozici.
Název klíče: 8d1d7be2-f72a-48d9-906f-7a2281523381
Typ klíče: Klíč počítače
Informace o operaci se souborem klíče:
Cesta k souboru: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\170a8d0e6552d87e4b186cf78451ced4_2b19cde3-7d30-4727-ba8c-8518ef5b0f49
Operace: Čtení trvalého klíče ze souboru
Návratový kód: 0x0
Record Number: 597093
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160517121233.922851-000
Event Type: Úspěšný audit
User:
Computer Name: milan-PC
Event Code: 5061
Message: Kryptografická operace.
Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5
Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: RSA
Název klíče: 8d1d7be2-f72a-48d9-906f-7a2281523381
Typ klíče: Klíč počítače
Kryptografická operace:
Operace: Otevřít klíč
Návratový kód: 0x0
Record Number: 597092
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160517114242.887695-000
Event Type: Úspěšný audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Samsung\Samsung PC Studio 3
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=1
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zavirované obchodní sdělení
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118302
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirované obchodní sdělení
Zdravím!
Toto je info.txt. Potřebuji vidět obsah souboru log.txt.
Toto je info.txt. Potřebuji vidět obsah souboru log.txt.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirované obchodní sdělení
Omlouvám se
logfile of random's system information tool 1.14 (written by random/random)
Run by milan at 2017-01-02 09:27:04
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 18 GB (12%) free of 153 GB
Total RAM: 2303 MB (56% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:29:42, on 2.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnpmi03.exe
C:\Program Files\Android-Sync\AndroidSync.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Android-Sync\bin\adb.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\milan\Downloads\RSIT (1).exe
C:\Program Files\trend micro\milan_RSIT (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPMI03] C:\Windows\vsnpmi03.exe
O4 - HKLM\..\Run: [AndroidSync] C:\Program Files\Android-Sync\AndroidSync.exe -m
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [DLLSuite2016] C:\Program Files\DLL Suite\DLLSuite.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: ECTUKUHGCAEC - Unknown owner - C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe (file missing)
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: JMLVQPVMACCI - Unknown owner - C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe (file missing)
O23 - Service: RBAAE - Unknown owner - C:\Users\milan\AppData\Local\Temp\RBAAE.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 6416 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe online aktualizační program - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\AutoKMS - C:\Windows\AutoKMS.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\Google Updater and Installer - C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\klcp_update - "C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\Windows\system32\tasks\{4897B830-B093-42FF-86DA-19A193F425B6} - C:\Windows\system32\pcalua.exe -a "C:\Users\milan\Documents\Universální ovladač HP\Install.exe" -d "C:\Users\milan\Documents\Universální ovladač HP"
C:\Windows\system32\tasks\{6F435692-3137-40F5-A3B6-C2F369BC71B6} - C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\
C:\Windows\system32\tasks\{A8BDAC5B-2BDC-4E6A-9C32-9F79437DED9A} - C:\Windows\system32\pcalua.exe -a C:\Users\milan\Desktop\kamera\cnr-wcam_345_drv_xpwv3264w73264_111103.exe -d C:\Users\milan\Desktop\kamera
C:\Windows\system32\tasks\{AF383947-9332-4994-B769-CFA722C8E1E7} - C:\Program Files\Služební dokumenty\Dokumenty.exe
C:\Windows\system32\tasks\{D159E7B9-CBE8-4198-9F76-E61B99C9CC13} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\hp deskjet 990c series\hpfiui.exe" -c -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=990c -huninstall
C:\Windows\system32\tasks\{FAFE20C6-672E-49FE-8A0C-A9DEEFC5FE10} - C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2709638672-2288162957-48926482-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Google Chrome=========
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension flliilndjeohchalpbbcdekjklbdgfkk 2 Avira Browser Safety 1.7.4
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage:
default_search_provider.search_url:
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}]
"URL"=http://www.google.com/search?q={searchT ... utEncoding?}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-10-09 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-10-09 7741440]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-10-09 81920]
"SNPMI03"=C:\Windows\vsnpmi03.exe [2003-08-08 32768]
"AndroidSync"=C:\Program Files\Android-Sync\AndroidSync.exe [2014-06-09 6252976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2016-12-13 917576]
"Avira SystrayStartTrigger"=C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-11-15 60136]
"DLLSuite2016"=C:\Program Files\DLL Suite\DLLSuite.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2014-12-12 5489944]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2017-01-02 09:27:04 ----D---- C:\rsit
2016-12-14 06:20:35 ----A---- C:\Windows\system32\mshtml.dll
2016-12-14 06:20:32 ----A---- C:\Windows\system32\ieframe.dll
2016-12-14 06:20:31 ----A---- C:\Windows\system32\jscript9.dll
2016-12-14 06:20:30 ----A---- C:\Windows\system32\wininet.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\winload.exe
2016-12-14 06:20:29 ----A---- C:\Windows\system32\win32k.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\msi.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\drivers\cng.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\crypt32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\urlmon.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\iedkcs32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\consent.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\clfs.sys
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcrypt.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcdedit.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntdll.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\wintrust.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\usp10.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\user32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\nlsbres.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\hlink.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\gdi32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-12-14 06:20:25 ----A---- C:\Windows\system32\vbscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\jscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\iertutil.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msiexec.exe
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msfeeds.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\ieapfltr.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\webcheck.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\msihnd.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\ieui.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\authui.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\srcore.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\smss.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\rpcrt4.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\occache.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msv1_0.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msrating.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\mshtmled.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\lsasrv.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\kerberos.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jsproxy.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jscript9diag.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieUnatt.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ie4uinit.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtrans.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtmsft.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\advapi32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\wdigest.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\TSpkg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspisrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspicli.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\srclient.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\schannel.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\secur32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rstrui.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rpchttp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ncrypt.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\msimsg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\lsass.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\inseng.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iesetup.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iernonce.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\appid.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\csrsrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptnet.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptbase.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\credssp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\auditpol.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appinfo.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidapi.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\apisetschema.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\tzres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msobjs.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msaudite.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\adtschema.dll
2016-12-11 13:14:34 ----D---- C:\Users\milan\AppData\Roaming\Apowersoft
2016-12-11 13:04:17 ----D---- C:\Program Files\Apowersoft
======List of files/folders modified in the last 1 month======
2017-01-02 09:27:21 ----D---- C:\Windows\Prefetch
2017-01-02 09:27:13 ----D---- C:\Windows\Temp
2017-01-02 09:27:13 ----D---- C:\Program Files\trend micro
2017-01-02 09:14:58 ----D---- C:\Windows
2017-01-02 08:56:43 ----D---- C:\Windows\system32\config
2017-01-01 19:01:06 ----SHD---- C:\System Volume Information
2016-12-17 03:37:55 ----SHD---- C:\Windows\Installer
2016-12-17 03:37:55 ----D---- C:\Config.Msi
2016-12-17 03:32:55 ----RD---- C:\Program Files
2016-12-17 03:32:49 ----D---- C:\Windows\Tasks
2016-12-16 07:35:18 ----D---- C:\Windows\inf
2016-12-16 07:34:45 ----D---- C:\Windows\debug
2016-12-15 20:54:47 ----D---- C:\Windows\rescache
2016-12-15 09:29:46 ----D---- C:\Windows\Microsoft.NET
2016-12-15 09:21:15 ----RSD---- C:\Windows\assembly
2016-12-15 06:23:46 ----D---- C:\Windows\System32
2016-12-15 06:23:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-12-15 06:19:17 ----D---- C:\Windows\winsxs
2016-12-15 06:13:00 ----D---- C:\Program Files\Internet Explorer
2016-12-15 06:12:59 ----D---- C:\Windows\system32\drivers
2016-12-15 06:12:59 ----D---- C:\Windows\system32\cs-CZ
2016-12-15 06:12:57 ----D---- C:\Windows\system32\en-US
2016-12-15 06:12:47 ----D---- C:\Windows\system32\Boot
2016-12-14 22:07:33 ----D---- C:\Windows\system32\MRT
2016-12-14 22:07:07 ----AC---- C:\Windows\system32\MRT.exe
2016-12-14 06:11:36 ----D---- C:\Windows\system32\catroot2
2016-12-13 19:11:21 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 19:11:15 ----D---- C:\Windows\system32\Macromed
2016-12-09 19:03:33 ----D---- C:\ProgramData\Package Cache
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2016-12-13 140840]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-05-05 37896]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-03-17 19584]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2016-12-13 119208]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2016-05-12 60088]
R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-13 159232]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2014-04-30 37344]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 CFcatchme;CFcatchme; \??\C:\Users\milan\AppData\Local\Temp\CFcatchme.sys []
S3 cpuz134;cpuz134; \??\C:\Users\milan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2015-12-08 101040]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 snpmi03;VideoCAM NB 300; C:\Windows\system32\DRIVERS\snpmi03.sys [2004-01-12 186112]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2015-12-08 192944]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2016-12-13 476736]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2016-12-13 476736]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [2016-11-24 350528]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2014-04-30 233472]
R2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZinw12.dll
R2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZipm12.dll
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [2016-12-13 1089592]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [2016-12-13 1490296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S2 HPSLPSVC;HP Network Devices Support; %SystemRoot%\system32\svchost.exe -k HPService;"ServiceDll"=C:\Users\milan\AppData\Local\Temp\7zS18C6\hpslpsvc32.dll
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13 270936]
S3 ECTUKUHGCAEC;ECTUKUHGCAEC; C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 102912]
S3 JMLVQPVMACCI;JMLVQPVMACCI; C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe []
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 RBAAE;RBAAE; C:\Users\milan\AppData\Local\Temp\RBAAE.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
-----------------EOF-----------------
logfile of random's system information tool 1.14 (written by random/random)
Run by milan at 2017-01-02 09:27:04
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 18 GB (12%) free of 153 GB
Total RAM: 2303 MB (56% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:29:42, on 2.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnpmi03.exe
C:\Program Files\Android-Sync\AndroidSync.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Android-Sync\bin\adb.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\milan\Downloads\RSIT (1).exe
C:\Program Files\trend micro\milan_RSIT (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPMI03] C:\Windows\vsnpmi03.exe
O4 - HKLM\..\Run: [AndroidSync] C:\Program Files\Android-Sync\AndroidSync.exe -m
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [DLLSuite2016] C:\Program Files\DLL Suite\DLLSuite.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: ECTUKUHGCAEC - Unknown owner - C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe (file missing)
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: JMLVQPVMACCI - Unknown owner - C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe (file missing)
O23 - Service: RBAAE - Unknown owner - C:\Users\milan\AppData\Local\Temp\RBAAE.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 6416 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe online aktualizační program - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\AutoKMS - C:\Windows\AutoKMS.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\Google Updater and Installer - C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\klcp_update - "C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\Windows\system32\tasks\{4897B830-B093-42FF-86DA-19A193F425B6} - C:\Windows\system32\pcalua.exe -a "C:\Users\milan\Documents\Universální ovladač HP\Install.exe" -d "C:\Users\milan\Documents\Universální ovladač HP"
C:\Windows\system32\tasks\{6F435692-3137-40F5-A3B6-C2F369BC71B6} - C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\
C:\Windows\system32\tasks\{A8BDAC5B-2BDC-4E6A-9C32-9F79437DED9A} - C:\Windows\system32\pcalua.exe -a C:\Users\milan\Desktop\kamera\cnr-wcam_345_drv_xpwv3264w73264_111103.exe -d C:\Users\milan\Desktop\kamera
C:\Windows\system32\tasks\{AF383947-9332-4994-B769-CFA722C8E1E7} - C:\Program Files\Služební dokumenty\Dokumenty.exe
C:\Windows\system32\tasks\{D159E7B9-CBE8-4198-9F76-E61B99C9CC13} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\hp deskjet 990c series\hpfiui.exe" -c -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=990c -huninstall
C:\Windows\system32\tasks\{FAFE20C6-672E-49FE-8A0C-A9DEEFC5FE10} - C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2709638672-2288162957-48926482-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Google Chrome=========
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension flliilndjeohchalpbbcdekjklbdgfkk 2 Avira Browser Safety 1.7.4
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage:
default_search_provider.search_url:
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}]
"URL"=http://www.google.com/search?q={searchT ... utEncoding?}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-10-09 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-10-09 7741440]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-10-09 81920]
"SNPMI03"=C:\Windows\vsnpmi03.exe [2003-08-08 32768]
"AndroidSync"=C:\Program Files\Android-Sync\AndroidSync.exe [2014-06-09 6252976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2016-12-13 917576]
"Avira SystrayStartTrigger"=C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-11-15 60136]
"DLLSuite2016"=C:\Program Files\DLL Suite\DLLSuite.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2014-12-12 5489944]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2017-01-02 09:27:04 ----D---- C:\rsit
2016-12-14 06:20:35 ----A---- C:\Windows\system32\mshtml.dll
2016-12-14 06:20:32 ----A---- C:\Windows\system32\ieframe.dll
2016-12-14 06:20:31 ----A---- C:\Windows\system32\jscript9.dll
2016-12-14 06:20:30 ----A---- C:\Windows\system32\wininet.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\winload.exe
2016-12-14 06:20:29 ----A---- C:\Windows\system32\win32k.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\msi.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\drivers\cng.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\crypt32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\urlmon.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\iedkcs32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\consent.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\clfs.sys
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcrypt.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcdedit.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntdll.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\wintrust.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\usp10.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\user32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\nlsbres.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\hlink.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\gdi32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-12-14 06:20:25 ----A---- C:\Windows\system32\vbscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\jscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\iertutil.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msiexec.exe
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msfeeds.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\ieapfltr.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\webcheck.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\msihnd.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\ieui.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\authui.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\srcore.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\smss.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\rpcrt4.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\occache.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msv1_0.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msrating.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\mshtmled.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\lsasrv.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\kerberos.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jsproxy.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jscript9diag.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieUnatt.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ie4uinit.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtrans.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtmsft.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\advapi32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\wdigest.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\TSpkg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspisrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspicli.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\srclient.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\schannel.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\secur32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rstrui.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rpchttp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ncrypt.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\msimsg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\lsass.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\inseng.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iesetup.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iernonce.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\appid.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\csrsrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptnet.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptbase.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\credssp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\auditpol.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appinfo.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidapi.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\apisetschema.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\tzres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msobjs.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msaudite.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\adtschema.dll
2016-12-11 13:14:34 ----D---- C:\Users\milan\AppData\Roaming\Apowersoft
2016-12-11 13:04:17 ----D---- C:\Program Files\Apowersoft
======List of files/folders modified in the last 1 month======
2017-01-02 09:27:21 ----D---- C:\Windows\Prefetch
2017-01-02 09:27:13 ----D---- C:\Windows\Temp
2017-01-02 09:27:13 ----D---- C:\Program Files\trend micro
2017-01-02 09:14:58 ----D---- C:\Windows
2017-01-02 08:56:43 ----D---- C:\Windows\system32\config
2017-01-01 19:01:06 ----SHD---- C:\System Volume Information
2016-12-17 03:37:55 ----SHD---- C:\Windows\Installer
2016-12-17 03:37:55 ----D---- C:\Config.Msi
2016-12-17 03:32:55 ----RD---- C:\Program Files
2016-12-17 03:32:49 ----D---- C:\Windows\Tasks
2016-12-16 07:35:18 ----D---- C:\Windows\inf
2016-12-16 07:34:45 ----D---- C:\Windows\debug
2016-12-15 20:54:47 ----D---- C:\Windows\rescache
2016-12-15 09:29:46 ----D---- C:\Windows\Microsoft.NET
2016-12-15 09:21:15 ----RSD---- C:\Windows\assembly
2016-12-15 06:23:46 ----D---- C:\Windows\System32
2016-12-15 06:23:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-12-15 06:19:17 ----D---- C:\Windows\winsxs
2016-12-15 06:13:00 ----D---- C:\Program Files\Internet Explorer
2016-12-15 06:12:59 ----D---- C:\Windows\system32\drivers
2016-12-15 06:12:59 ----D---- C:\Windows\system32\cs-CZ
2016-12-15 06:12:57 ----D---- C:\Windows\system32\en-US
2016-12-15 06:12:47 ----D---- C:\Windows\system32\Boot
2016-12-14 22:07:33 ----D---- C:\Windows\system32\MRT
2016-12-14 22:07:07 ----AC---- C:\Windows\system32\MRT.exe
2016-12-14 06:11:36 ----D---- C:\Windows\system32\catroot2
2016-12-13 19:11:21 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 19:11:15 ----D---- C:\Windows\system32\Macromed
2016-12-09 19:03:33 ----D---- C:\ProgramData\Package Cache
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2016-12-13 140840]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-05-05 37896]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-03-17 19584]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2016-12-13 119208]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2016-05-12 60088]
R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-13 159232]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2014-04-30 37344]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 CFcatchme;CFcatchme; \??\C:\Users\milan\AppData\Local\Temp\CFcatchme.sys []
S3 cpuz134;cpuz134; \??\C:\Users\milan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2015-12-08 101040]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 snpmi03;VideoCAM NB 300; C:\Windows\system32\DRIVERS\snpmi03.sys [2004-01-12 186112]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2015-12-08 192944]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2016-12-13 476736]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2016-12-13 476736]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [2016-11-24 350528]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2014-04-30 233472]
R2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZinw12.dll
R2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZipm12.dll
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [2016-12-13 1089592]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [2016-12-13 1490296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S2 HPSLPSVC;HP Network Devices Support; %SystemRoot%\system32\svchost.exe -k HPService;"ServiceDll"=C:\Users\milan\AppData\Local\Temp\7zS18C6\hpslpsvc32.dll
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13 270936]
S3 ECTUKUHGCAEC;ECTUKUHGCAEC; C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 102912]
S3 JMLVQPVMACCI;JMLVQPVMACCI; C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe []
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 RBAAE;RBAAE; C:\Users\milan\AppData\Local\Temp\RBAAE.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 118302
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirované obchodní sdělení
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirované obchodní sdělení
Log z ADW cleaner:
# AdwCleaner v6.041 - Logfile created 02/01/2017 at 21:10:11
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-02.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X86)
# Username : milan - MILAN-PC
# Running from : C:\Users\milan\Desktop\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jlnfdbbladgcmhhamgkioifhbobjaoof
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Key deleted: HKU\S-1-5-21-2709638672-2288162957-48926482-1000\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar
[-] Key deleted: HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [3506 Bytes] - [10/04/2016 12:02:57]
C:\AdwCleaner\AdwCleaner[C2].txt - [2751 Bytes] - [02/01/2017 21:10:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [3800 Bytes] - [10/04/2016 11:54:19]
C:\AdwCleaner\AdwCleaner[S2].txt - [3029 Bytes] - [02/01/2017 21:09:16]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2970 Bytes] ##########
# AdwCleaner v6.041 - Logfile created 02/01/2017 at 21:10:11
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-02.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X86)
# Username : milan - MILAN-PC
# Running from : C:\Users\milan\Desktop\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jlnfdbbladgcmhhamgkioifhbobjaoof
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Key deleted: HKU\S-1-5-21-2709638672-2288162957-48926482-1000\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar
[-] Key deleted: HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [3506 Bytes] - [10/04/2016 12:02:57]
C:\AdwCleaner\AdwCleaner[C2].txt - [2751 Bytes] - [02/01/2017 21:10:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [3800 Bytes] - [10/04/2016 11:54:19]
C:\AdwCleaner\AdwCleaner[S2].txt - [3029 Bytes] - [02/01/2017 21:09:16]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2970 Bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 118302
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirované obchodní sdělení
Dejte nový log RSIT. Postačí obsah souboru log.txt.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirované obchodní sdělení
Logfile of random's system information tool 1.14 (written by random/random)
Run by milan at 2017-01-03 15:52:32
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 17 GB (11%) free of 153 GB
Total RAM: 2303 MB (59% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:54:34, on 3.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnpmi03.exe
C:\Program Files\Android-Sync\AndroidSync.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Android-Sync\bin\adb.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\milan\Downloads\RSIT (1).exe
C:\Program Files\trend micro\milan_RSIT (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPMI03] C:\Windows\vsnpmi03.exe
O4 - HKLM\..\Run: [AndroidSync] C:\Program Files\Android-Sync\AndroidSync.exe -m
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [DLLSuite2016] C:\Program Files\DLL Suite\DLLSuite.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: ECTUKUHGCAEC - Unknown owner - C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe (file missing)
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: JMLVQPVMACCI - Unknown owner - C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe (file missing)
O23 - Service: RBAAE - Unknown owner - C:\Users\milan\AppData\Local\Temp\RBAAE.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 6526 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe online aktualizační program - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\AutoKMS - C:\Windows\AutoKMS.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\Google Updater and Installer - C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\klcp_update - "C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\Windows\system32\tasks\{4897B830-B093-42FF-86DA-19A193F425B6} - C:\Windows\system32\pcalua.exe -a "C:\Users\milan\Documents\Universální ovladač HP\Install.exe" -d "C:\Users\milan\Documents\Universální ovladač HP"
C:\Windows\system32\tasks\{6F435692-3137-40F5-A3B6-C2F369BC71B6} - C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\
C:\Windows\system32\tasks\{A8BDAC5B-2BDC-4E6A-9C32-9F79437DED9A} - C:\Windows\system32\pcalua.exe -a C:\Users\milan\Desktop\kamera\cnr-wcam_345_drv_xpwv3264w73264_111103.exe -d C:\Users\milan\Desktop\kamera
C:\Windows\system32\tasks\{AF383947-9332-4994-B769-CFA722C8E1E7} - C:\Program Files\Služební dokumenty\Dokumenty.exe
C:\Windows\system32\tasks\{D159E7B9-CBE8-4198-9F76-E61B99C9CC13} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\hp deskjet 990c series\hpfiui.exe" -c -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=990c -huninstall
C:\Windows\system32\tasks\{FAFE20C6-672E-49FE-8A0C-A9DEEFC5FE10} - C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2709638672-2288162957-48926482-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Google Chrome=========
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension flliilndjeohchalpbbcdekjklbdgfkk 2 Avira Browser Safety 1.7.4
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage:
default_search_provider.search_url:
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}]
"URL"=http://www.google.com/search?q={searchT ... utEncoding?}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-10-09 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-10-09 7741440]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-10-09 81920]
"SNPMI03"=C:\Windows\vsnpmi03.exe [2003-08-08 32768]
"AndroidSync"=C:\Program Files\Android-Sync\AndroidSync.exe [2014-06-09 6252976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2016-12-13 917576]
"Avira SystrayStartTrigger"=C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-11-15 60136]
"DLLSuite2016"=C:\Program Files\DLL Suite\DLLSuite.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2014-12-12 5489944]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2017-01-02 09:27:04 ----D---- C:\rsit
2016-12-14 06:20:35 ----A---- C:\Windows\system32\mshtml.dll
2016-12-14 06:20:32 ----A---- C:\Windows\system32\ieframe.dll
2016-12-14 06:20:31 ----A---- C:\Windows\system32\jscript9.dll
2016-12-14 06:20:30 ----A---- C:\Windows\system32\wininet.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\winload.exe
2016-12-14 06:20:29 ----A---- C:\Windows\system32\win32k.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\msi.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\drivers\cng.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\crypt32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\urlmon.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\iedkcs32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\consent.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\clfs.sys
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcrypt.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcdedit.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntdll.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\wintrust.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\usp10.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\user32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\nlsbres.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\hlink.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\gdi32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-12-14 06:20:25 ----A---- C:\Windows\system32\vbscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\jscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\iertutil.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msiexec.exe
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msfeeds.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\ieapfltr.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\webcheck.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\msihnd.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\ieui.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\authui.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\srcore.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\smss.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\rpcrt4.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\occache.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msv1_0.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msrating.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\mshtmled.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\lsasrv.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\kerberos.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jsproxy.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jscript9diag.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieUnatt.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ie4uinit.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtrans.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtmsft.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\advapi32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\wdigest.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\TSpkg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspisrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspicli.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\srclient.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\schannel.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\secur32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rstrui.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rpchttp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ncrypt.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\msimsg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\lsass.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\inseng.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iesetup.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iernonce.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\appid.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\csrsrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptnet.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptbase.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\credssp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\auditpol.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appinfo.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidapi.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\apisetschema.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\tzres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msobjs.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msaudite.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\adtschema.dll
2016-12-11 13:14:34 ----D---- C:\Users\milan\AppData\Roaming\Apowersoft
2016-12-11 13:04:17 ----D---- C:\Program Files\Apowersoft
======List of files/folders modified in the last 1 month======
2017-01-03 15:54:19 ----D---- C:\Program Files\trend micro
2017-01-03 15:52:39 ----D---- C:\Windows\Temp
2017-01-03 14:35:10 ----D---- C:\Windows\Prefetch
2017-01-03 07:04:52 ----D---- C:\Windows\system32\config
2017-01-02 21:11:33 ----D---- C:\Windows
2017-01-02 21:10:11 ----D---- C:\AdwCleaner
2017-01-01 19:01:06 ----SHD---- C:\System Volume Information
2016-12-17 03:37:55 ----SHD---- C:\Windows\Installer
2016-12-17 03:37:55 ----D---- C:\Config.Msi
2016-12-17 03:32:55 ----RD---- C:\Program Files
2016-12-17 03:32:49 ----D---- C:\Windows\Tasks
2016-12-16 07:35:18 ----D---- C:\Windows\inf
2016-12-16 07:34:45 ----D---- C:\Windows\debug
2016-12-15 20:54:47 ----D---- C:\Windows\rescache
2016-12-15 09:29:46 ----D---- C:\Windows\Microsoft.NET
2016-12-15 09:21:15 ----RSD---- C:\Windows\assembly
2016-12-15 06:23:46 ----D---- C:\Windows\System32
2016-12-15 06:23:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-12-15 06:19:17 ----D---- C:\Windows\winsxs
2016-12-15 06:13:00 ----D---- C:\Program Files\Internet Explorer
2016-12-15 06:12:59 ----D---- C:\Windows\system32\drivers
2016-12-15 06:12:59 ----D---- C:\Windows\system32\cs-CZ
2016-12-15 06:12:57 ----D---- C:\Windows\system32\en-US
2016-12-15 06:12:47 ----D---- C:\Windows\system32\Boot
2016-12-14 22:07:33 ----D---- C:\Windows\system32\MRT
2016-12-14 22:07:07 ----AC---- C:\Windows\system32\MRT.exe
2016-12-14 06:11:36 ----D---- C:\Windows\system32\catroot2
2016-12-13 19:11:21 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 19:11:15 ----D---- C:\Windows\system32\Macromed
2016-12-09 19:03:33 ----D---- C:\ProgramData\Package Cache
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2016-12-13 140840]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-05-05 37896]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-03-17 19584]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2016-12-13 119208]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2016-05-12 60088]
R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-13 159232]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2014-04-30 37344]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 CFcatchme;CFcatchme; \??\C:\Users\milan\AppData\Local\Temp\CFcatchme.sys []
S3 cpuz134;cpuz134; \??\C:\Users\milan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2015-12-08 101040]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 snpmi03;VideoCAM NB 300; C:\Windows\system32\DRIVERS\snpmi03.sys [2004-01-12 186112]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2015-12-08 192944]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2016-12-13 476736]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2016-12-13 476736]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [2016-11-24 350528]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2014-04-30 233472]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [2016-12-13 1089592]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [2016-12-13 1490296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S2 HPSLPSVC;HP Network Devices Support; %SystemRoot%\system32\svchost.exe -k HPService;"ServiceDll"=C:\Users\milan\AppData\Local\Temp\7zS18C6\hpslpsvc32.dll
S2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZinw12.dll
S2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZipm12.dll
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13 270936]
S3 ECTUKUHGCAEC;ECTUKUHGCAEC; C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 102912]
S3 JMLVQPVMACCI;JMLVQPVMACCI; C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe []
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 RBAAE;RBAAE; C:\Users\milan\AppData\Local\Temp\RBAAE.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
-----------------EOF-----------------
Run by milan at 2017-01-03 15:52:32
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 17 GB (11%) free of 153 GB
Total RAM: 2303 MB (59% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:54:34, on 3.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnpmi03.exe
C:\Program Files\Android-Sync\AndroidSync.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Android-Sync\bin\adb.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\milan\Downloads\RSIT (1).exe
C:\Program Files\trend micro\milan_RSIT (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPMI03] C:\Windows\vsnpmi03.exe
O4 - HKLM\..\Run: [AndroidSync] C:\Program Files\Android-Sync\AndroidSync.exe -m
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [DLLSuite2016] C:\Program Files\DLL Suite\DLLSuite.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: ECTUKUHGCAEC - Unknown owner - C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe (file missing)
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: JMLVQPVMACCI - Unknown owner - C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe (file missing)
O23 - Service: RBAAE - Unknown owner - C:\Users\milan\AppData\Local\Temp\RBAAE.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 6526 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe online aktualizační program - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\AutoKMS - C:\Windows\AutoKMS.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\Google Updater and Installer - C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\klcp_update - "C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\Windows\system32\tasks\{4897B830-B093-42FF-86DA-19A193F425B6} - C:\Windows\system32\pcalua.exe -a "C:\Users\milan\Documents\Universální ovladač HP\Install.exe" -d "C:\Users\milan\Documents\Universální ovladač HP"
C:\Windows\system32\tasks\{6F435692-3137-40F5-A3B6-C2F369BC71B6} - C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\
C:\Windows\system32\tasks\{A8BDAC5B-2BDC-4E6A-9C32-9F79437DED9A} - C:\Windows\system32\pcalua.exe -a C:\Users\milan\Desktop\kamera\cnr-wcam_345_drv_xpwv3264w73264_111103.exe -d C:\Users\milan\Desktop\kamera
C:\Windows\system32\tasks\{AF383947-9332-4994-B769-CFA722C8E1E7} - C:\Program Files\Služební dokumenty\Dokumenty.exe
C:\Windows\system32\tasks\{D159E7B9-CBE8-4198-9F76-E61B99C9CC13} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\hp deskjet 990c series\hpfiui.exe" -c -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=990c -huninstall
C:\Windows\system32\tasks\{FAFE20C6-672E-49FE-8A0C-A9DEEFC5FE10} - C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2709638672-2288162957-48926482-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Google Chrome=========
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension flliilndjeohchalpbbcdekjklbdgfkk 2 Avira Browser Safety 1.7.4
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage:
default_search_provider.search_url:
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}]
"URL"=http://www.google.com/search?q={searchT ... utEncoding?}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-10-09 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-10-09 7741440]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-10-09 81920]
"SNPMI03"=C:\Windows\vsnpmi03.exe [2003-08-08 32768]
"AndroidSync"=C:\Program Files\Android-Sync\AndroidSync.exe [2014-06-09 6252976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2016-12-13 917576]
"Avira SystrayStartTrigger"=C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-11-15 60136]
"DLLSuite2016"=C:\Program Files\DLL Suite\DLLSuite.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2014-12-12 5489944]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2017-01-02 09:27:04 ----D---- C:\rsit
2016-12-14 06:20:35 ----A---- C:\Windows\system32\mshtml.dll
2016-12-14 06:20:32 ----A---- C:\Windows\system32\ieframe.dll
2016-12-14 06:20:31 ----A---- C:\Windows\system32\jscript9.dll
2016-12-14 06:20:30 ----A---- C:\Windows\system32\wininet.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\winload.exe
2016-12-14 06:20:29 ----A---- C:\Windows\system32\win32k.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\msi.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\drivers\cng.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\crypt32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\urlmon.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\iedkcs32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\consent.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\clfs.sys
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcrypt.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcdedit.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntdll.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\wintrust.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\usp10.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\user32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\nlsbres.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\hlink.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\gdi32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-12-14 06:20:25 ----A---- C:\Windows\system32\vbscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\jscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\iertutil.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msiexec.exe
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msfeeds.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\ieapfltr.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\webcheck.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\msihnd.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\ieui.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\authui.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\srcore.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\smss.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\rpcrt4.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\occache.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msv1_0.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msrating.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\mshtmled.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\lsasrv.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\kerberos.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jsproxy.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jscript9diag.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieUnatt.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ie4uinit.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtrans.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtmsft.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\advapi32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\wdigest.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\TSpkg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspisrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspicli.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\srclient.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\schannel.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\secur32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rstrui.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rpchttp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ncrypt.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\msimsg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\lsass.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\inseng.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iesetup.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iernonce.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\appid.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\csrsrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptnet.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptbase.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\credssp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\auditpol.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appinfo.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidapi.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\apisetschema.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\tzres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msobjs.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msaudite.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\adtschema.dll
2016-12-11 13:14:34 ----D---- C:\Users\milan\AppData\Roaming\Apowersoft
2016-12-11 13:04:17 ----D---- C:\Program Files\Apowersoft
======List of files/folders modified in the last 1 month======
2017-01-03 15:54:19 ----D---- C:\Program Files\trend micro
2017-01-03 15:52:39 ----D---- C:\Windows\Temp
2017-01-03 14:35:10 ----D---- C:\Windows\Prefetch
2017-01-03 07:04:52 ----D---- C:\Windows\system32\config
2017-01-02 21:11:33 ----D---- C:\Windows
2017-01-02 21:10:11 ----D---- C:\AdwCleaner
2017-01-01 19:01:06 ----SHD---- C:\System Volume Information
2016-12-17 03:37:55 ----SHD---- C:\Windows\Installer
2016-12-17 03:37:55 ----D---- C:\Config.Msi
2016-12-17 03:32:55 ----RD---- C:\Program Files
2016-12-17 03:32:49 ----D---- C:\Windows\Tasks
2016-12-16 07:35:18 ----D---- C:\Windows\inf
2016-12-16 07:34:45 ----D---- C:\Windows\debug
2016-12-15 20:54:47 ----D---- C:\Windows\rescache
2016-12-15 09:29:46 ----D---- C:\Windows\Microsoft.NET
2016-12-15 09:21:15 ----RSD---- C:\Windows\assembly
2016-12-15 06:23:46 ----D---- C:\Windows\System32
2016-12-15 06:23:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-12-15 06:19:17 ----D---- C:\Windows\winsxs
2016-12-15 06:13:00 ----D---- C:\Program Files\Internet Explorer
2016-12-15 06:12:59 ----D---- C:\Windows\system32\drivers
2016-12-15 06:12:59 ----D---- C:\Windows\system32\cs-CZ
2016-12-15 06:12:57 ----D---- C:\Windows\system32\en-US
2016-12-15 06:12:47 ----D---- C:\Windows\system32\Boot
2016-12-14 22:07:33 ----D---- C:\Windows\system32\MRT
2016-12-14 22:07:07 ----AC---- C:\Windows\system32\MRT.exe
2016-12-14 06:11:36 ----D---- C:\Windows\system32\catroot2
2016-12-13 19:11:21 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 19:11:15 ----D---- C:\Windows\system32\Macromed
2016-12-09 19:03:33 ----D---- C:\ProgramData\Package Cache
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2016-12-13 140840]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-05-05 37896]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-03-17 19584]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2016-12-13 119208]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2016-05-12 60088]
R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-13 159232]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2014-04-30 37344]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 CFcatchme;CFcatchme; \??\C:\Users\milan\AppData\Local\Temp\CFcatchme.sys []
S3 cpuz134;cpuz134; \??\C:\Users\milan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2015-12-08 101040]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 snpmi03;VideoCAM NB 300; C:\Windows\system32\DRIVERS\snpmi03.sys [2004-01-12 186112]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2015-12-08 192944]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2016-12-13 476736]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2016-12-13 476736]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [2016-11-24 350528]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2014-04-30 233472]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [2016-12-13 1089592]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [2016-12-13 1490296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S2 HPSLPSVC;HP Network Devices Support; %SystemRoot%\system32\svchost.exe -k HPService;"ServiceDll"=C:\Users\milan\AppData\Local\Temp\7zS18C6\hpslpsvc32.dll
S2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZinw12.dll
S2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZipm12.dll
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13 270936]
S3 ECTUKUHGCAEC;ECTUKUHGCAEC; C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 102912]
S3 JMLVQPVMACCI;JMLVQPVMACCI; C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe []
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 RBAAE;RBAAE; C:\Users\milan\AppData\Local\Temp\RBAAE.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 118302
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirované obchodní sdělení
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.:files
C:\Windows\system32\tasks\AutoKMS
C:\Windows\AutoKMS.exe
C:\Windows\system32\tasks\{4897B830-B093-42FF-86DA-19A193F425B6}
C:\Windows\system32\tasks\{6F435692-3137-40F5-A3B6-C2F369BC71B6}
C:\Windows\system32\tasks\{D159E7B9-CBE8-4198-9F76-E61B99C9CC13}
C:\Windows\system32\tasks\{FAFE20C6-672E-49FE-8A0C-A9DEEFC5FE10}
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirované obchodní sdělení
Dobrý den zkoušel jsem dvakrát jednou přes noc vygenerovat Log z programu OTM a bohužel ji nemohu dokončit V pravém okně result krátce po spuštění jde program jen po řádek %systemroot%/system32/config/systemprofile/APPData/log
a dál jen dlouze čte a nic. Nevím jestli je to tím, že to mimo jiné čte obsáhlý externí disk a potřebovalo by to mnoho dní ne jeden večer. Na tomto disku mám datové soubory outlook ,takže teď nevím.
Prosím Rudy co s tím ?
a dál jen dlouze čte a nic. Nevím jestli je to tím, že to mimo jiné čte obsáhlý externí disk a potřebovalo by to mnoho dní ne jeden večer. Na tomto disku mám datové soubory outlook ,takže teď nevím.
Prosím Rudy co s tím ?
-
Rudy
- Site Admin
- Příspěvky: 118302
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirované obchodní sdělení
Dejte nový log RSIT. Podle něj poznám, zda bylo vše smazáno.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirované obchodní sdělení
díky snad to bude lepší.
Logfile of random's system information tool 1.14 (written by random/random)
Run by milan at 2017-01-05 19:10:06
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 18 GB (12%) free of 153 GB
Total RAM: 2303 MB (73% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:12:16, on 5.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\vsnpmi03.exe
C:\Program Files\Android-Sync\AndroidSync.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Android-Sync\bin\adb.exe
C:\Users\milan\Desktop\RSIT (1).exe
C:\Program Files\trend micro\milan_RSIT (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPMI03] C:\Windows\vsnpmi03.exe
O4 - HKLM\..\Run: [AndroidSync] C:\Program Files\Android-Sync\AndroidSync.exe -m
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [DLLSuite2016] C:\Program Files\DLL Suite\DLLSuite.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: ECTUKUHGCAEC - Unknown owner - C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe (file missing)
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: JMLVQPVMACCI - Unknown owner - C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe (file missing)
O23 - Service: RBAAE - Unknown owner - C:\Users\milan\AppData\Local\Temp\RBAAE.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 6084 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe online aktualizační program - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\Google Updater and Installer - C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\klcp_update - "C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\Windows\system32\tasks\{A8BDAC5B-2BDC-4E6A-9C32-9F79437DED9A} - C:\Windows\system32\pcalua.exe -a C:\Users\milan\Desktop\kamera\cnr-wcam_345_drv_xpwv3264w73264_111103.exe -d C:\Users\milan\Desktop\kamera
C:\Windows\system32\tasks\{AF383947-9332-4994-B769-CFA722C8E1E7} - C:\Program Files\Služební dokumenty\Dokumenty.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2709638672-2288162957-48926482-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Google Chrome=========
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension flliilndjeohchalpbbcdekjklbdgfkk 2 Avira Browser Safety 1.7.4
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage:
default_search_provider.search_url:
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}]
"URL"=http://www.google.com/search?q={searchT ... utEncoding?}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-10-09 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-10-09 7741440]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-10-09 81920]
"SNPMI03"=C:\Windows\vsnpmi03.exe [2003-08-08 32768]
"AndroidSync"=C:\Program Files\Android-Sync\AndroidSync.exe [2014-06-09 6252976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2016-12-13 917576]
"Avira SystrayStartTrigger"=C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-11-15 60136]
"DLLSuite2016"=C:\Program Files\DLL Suite\DLLSuite.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2014-12-12 5489944]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2017-01-03 18:36:05 ----D---- C:\_OTM
2017-01-02 09:27:04 ----D---- C:\rsit
2016-12-14 06:20:35 ----A---- C:\Windows\system32\mshtml.dll
2016-12-14 06:20:32 ----A---- C:\Windows\system32\ieframe.dll
2016-12-14 06:20:31 ----A---- C:\Windows\system32\jscript9.dll
2016-12-14 06:20:30 ----A---- C:\Windows\system32\wininet.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\winload.exe
2016-12-14 06:20:29 ----A---- C:\Windows\system32\win32k.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\msi.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\drivers\cng.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\crypt32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\urlmon.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\iedkcs32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\consent.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\clfs.sys
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcrypt.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcdedit.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntdll.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\wintrust.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\usp10.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\user32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\nlsbres.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\hlink.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\gdi32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-12-14 06:20:25 ----A---- C:\Windows\system32\vbscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\jscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\iertutil.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msiexec.exe
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msfeeds.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\ieapfltr.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\webcheck.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\msihnd.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\ieui.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\authui.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\srcore.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\smss.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\rpcrt4.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\occache.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msv1_0.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msrating.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\mshtmled.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\lsasrv.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\kerberos.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jsproxy.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jscript9diag.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieUnatt.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ie4uinit.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtrans.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtmsft.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\advapi32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\wdigest.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\TSpkg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspisrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspicli.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\srclient.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\schannel.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\secur32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rstrui.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rpchttp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ncrypt.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\msimsg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\lsass.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\inseng.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iesetup.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iernonce.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\appid.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\csrsrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptnet.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptbase.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\credssp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\auditpol.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appinfo.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidapi.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\apisetschema.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\tzres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msobjs.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msaudite.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\adtschema.dll
2016-12-11 13:14:34 ----D---- C:\Users\milan\AppData\Roaming\Apowersoft
2016-12-11 13:04:17 ----D---- C:\Program Files\Apowersoft
======List of files/folders modified in the last 1 month======
2017-01-05 19:10:13 ----D---- C:\Windows\Temp
2017-01-05 19:10:13 ----D---- C:\Windows\Prefetch
2017-01-05 19:10:13 ----D---- C:\Program Files\trend micro
2017-01-05 08:36:21 ----SHD---- C:\System Volume Information
2017-01-05 07:37:38 ----D---- C:\Windows\system32\config
2017-01-03 18:36:09 ----D---- C:\Windows\system32\Tasks
2017-01-02 21:11:33 ----D---- C:\Windows
2017-01-02 21:10:11 ----D---- C:\AdwCleaner
2016-12-17 03:37:55 ----SHD---- C:\Windows\Installer
2016-12-17 03:37:55 ----D---- C:\Config.Msi
2016-12-17 03:32:55 ----RD---- C:\Program Files
2016-12-17 03:32:49 ----D---- C:\Windows\Tasks
2016-12-16 07:35:18 ----D---- C:\Windows\inf
2016-12-16 07:34:45 ----D---- C:\Windows\debug
2016-12-15 20:54:47 ----D---- C:\Windows\rescache
2016-12-15 09:29:46 ----D---- C:\Windows\Microsoft.NET
2016-12-15 09:21:15 ----RSD---- C:\Windows\assembly
2016-12-15 06:23:46 ----D---- C:\Windows\System32
2016-12-15 06:23:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-12-15 06:19:17 ----D---- C:\Windows\winsxs
2016-12-15 06:13:00 ----D---- C:\Program Files\Internet Explorer
2016-12-15 06:12:59 ----D---- C:\Windows\system32\drivers
2016-12-15 06:12:59 ----D---- C:\Windows\system32\cs-CZ
2016-12-15 06:12:57 ----D---- C:\Windows\system32\en-US
2016-12-15 06:12:47 ----D---- C:\Windows\system32\Boot
2016-12-14 22:07:33 ----D---- C:\Windows\system32\MRT
2016-12-14 22:07:07 ----AC---- C:\Windows\system32\MRT.exe
2016-12-14 06:11:36 ----D---- C:\Windows\system32\catroot2
2016-12-13 19:11:21 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 19:11:15 ----D---- C:\Windows\system32\Macromed
2016-12-09 19:03:33 ----D---- C:\ProgramData\Package Cache
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2016-12-13 140840]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-05-05 37896]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-03-17 19584]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2016-12-13 119208]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2016-05-12 60088]
R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-13 159232]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2014-04-30 37344]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 CFcatchme;CFcatchme; \??\C:\Users\milan\AppData\Local\Temp\CFcatchme.sys []
S3 cpuz134;cpuz134; \??\C:\Users\milan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2015-12-08 101040]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 snpmi03;VideoCAM NB 300; C:\Windows\system32\DRIVERS\snpmi03.sys [2004-01-12 186112]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2015-12-08 192944]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2016-12-13 476736]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2016-12-13 476736]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [2016-11-24 350528]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2014-04-30 233472]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [2016-12-13 1089592]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [2016-12-13 1490296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S2 HPSLPSVC;HP Network Devices Support; %SystemRoot%\system32\svchost.exe -k HPService;"ServiceDll"=C:\Users\milan\AppData\Local\Temp\7zS18C6\hpslpsvc32.dll
S2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZinw12.dll
S2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZipm12.dll
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13 270936]
S3 ECTUKUHGCAEC;ECTUKUHGCAEC; C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 102912]
S3 JMLVQPVMACCI;JMLVQPVMACCI; C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe []
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 RBAAE;RBAAE; C:\Users\milan\AppData\Local\Temp\RBAAE.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
-----------------EOF-----------------
Logfile of random's system information tool 1.14 (written by random/random)
Run by milan at 2017-01-05 19:10:06
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 18 GB (12%) free of 153 GB
Total RAM: 2303 MB (73% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:12:16, on 5.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\vsnpmi03.exe
C:\Program Files\Android-Sync\AndroidSync.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Android-Sync\bin\adb.exe
C:\Users\milan\Desktop\RSIT (1).exe
C:\Program Files\trend micro\milan_RSIT (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPMI03] C:\Windows\vsnpmi03.exe
O4 - HKLM\..\Run: [AndroidSync] C:\Program Files\Android-Sync\AndroidSync.exe -m
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [DLLSuite2016] C:\Program Files\DLL Suite\DLLSuite.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: ECTUKUHGCAEC - Unknown owner - C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe (file missing)
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: JMLVQPVMACCI - Unknown owner - C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe (file missing)
O23 - Service: RBAAE - Unknown owner - C:\Users\milan\AppData\Local\Temp\RBAAE.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 6084 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe online aktualizační program - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\Google Updater and Installer - C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\klcp_update - "C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\Windows\system32\tasks\{A8BDAC5B-2BDC-4E6A-9C32-9F79437DED9A} - C:\Windows\system32\pcalua.exe -a C:\Users\milan\Desktop\kamera\cnr-wcam_345_drv_xpwv3264w73264_111103.exe -d C:\Users\milan\Desktop\kamera
C:\Windows\system32\tasks\{AF383947-9332-4994-B769-CFA722C8E1E7} - C:\Program Files\Služební dokumenty\Dokumenty.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2709638672-2288162957-48926482-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Google Chrome=========
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension flliilndjeohchalpbbcdekjklbdgfkk 2 Avira Browser Safety 1.7.4
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage:
default_search_provider.search_url:
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}]
"URL"=http://www.google.com/search?q={searchT ... utEncoding?}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-10-09 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-10-09 7741440]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-10-09 81920]
"SNPMI03"=C:\Windows\vsnpmi03.exe [2003-08-08 32768]
"AndroidSync"=C:\Program Files\Android-Sync\AndroidSync.exe [2014-06-09 6252976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2016-12-13 917576]
"Avira SystrayStartTrigger"=C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-11-15 60136]
"DLLSuite2016"=C:\Program Files\DLL Suite\DLLSuite.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2014-12-12 5489944]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2017-01-03 18:36:05 ----D---- C:\_OTM
2017-01-02 09:27:04 ----D---- C:\rsit
2016-12-14 06:20:35 ----A---- C:\Windows\system32\mshtml.dll
2016-12-14 06:20:32 ----A---- C:\Windows\system32\ieframe.dll
2016-12-14 06:20:31 ----A---- C:\Windows\system32\jscript9.dll
2016-12-14 06:20:30 ----A---- C:\Windows\system32\wininet.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\winload.exe
2016-12-14 06:20:29 ----A---- C:\Windows\system32\win32k.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\msi.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\drivers\cng.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\crypt32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\urlmon.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\iedkcs32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\consent.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\clfs.sys
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcrypt.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcdedit.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntdll.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\wintrust.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\usp10.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\user32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\nlsbres.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\hlink.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\gdi32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-12-14 06:20:25 ----A---- C:\Windows\system32\vbscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\jscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\iertutil.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msiexec.exe
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msfeeds.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\ieapfltr.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\webcheck.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\msihnd.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\ieui.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\authui.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\srcore.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\smss.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\rpcrt4.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\occache.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msv1_0.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msrating.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\mshtmled.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\lsasrv.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\kerberos.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jsproxy.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jscript9diag.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieUnatt.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ie4uinit.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtrans.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtmsft.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\advapi32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\wdigest.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\TSpkg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspisrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspicli.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\srclient.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\schannel.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\secur32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rstrui.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rpchttp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ncrypt.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\msimsg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\lsass.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\inseng.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iesetup.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iernonce.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\appid.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\csrsrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptnet.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptbase.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\credssp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\auditpol.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appinfo.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidapi.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\apisetschema.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\tzres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msobjs.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msaudite.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\adtschema.dll
2016-12-11 13:14:34 ----D---- C:\Users\milan\AppData\Roaming\Apowersoft
2016-12-11 13:04:17 ----D---- C:\Program Files\Apowersoft
======List of files/folders modified in the last 1 month======
2017-01-05 19:10:13 ----D---- C:\Windows\Temp
2017-01-05 19:10:13 ----D---- C:\Windows\Prefetch
2017-01-05 19:10:13 ----D---- C:\Program Files\trend micro
2017-01-05 08:36:21 ----SHD---- C:\System Volume Information
2017-01-05 07:37:38 ----D---- C:\Windows\system32\config
2017-01-03 18:36:09 ----D---- C:\Windows\system32\Tasks
2017-01-02 21:11:33 ----D---- C:\Windows
2017-01-02 21:10:11 ----D---- C:\AdwCleaner
2016-12-17 03:37:55 ----SHD---- C:\Windows\Installer
2016-12-17 03:37:55 ----D---- C:\Config.Msi
2016-12-17 03:32:55 ----RD---- C:\Program Files
2016-12-17 03:32:49 ----D---- C:\Windows\Tasks
2016-12-16 07:35:18 ----D---- C:\Windows\inf
2016-12-16 07:34:45 ----D---- C:\Windows\debug
2016-12-15 20:54:47 ----D---- C:\Windows\rescache
2016-12-15 09:29:46 ----D---- C:\Windows\Microsoft.NET
2016-12-15 09:21:15 ----RSD---- C:\Windows\assembly
2016-12-15 06:23:46 ----D---- C:\Windows\System32
2016-12-15 06:23:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-12-15 06:19:17 ----D---- C:\Windows\winsxs
2016-12-15 06:13:00 ----D---- C:\Program Files\Internet Explorer
2016-12-15 06:12:59 ----D---- C:\Windows\system32\drivers
2016-12-15 06:12:59 ----D---- C:\Windows\system32\cs-CZ
2016-12-15 06:12:57 ----D---- C:\Windows\system32\en-US
2016-12-15 06:12:47 ----D---- C:\Windows\system32\Boot
2016-12-14 22:07:33 ----D---- C:\Windows\system32\MRT
2016-12-14 22:07:07 ----AC---- C:\Windows\system32\MRT.exe
2016-12-14 06:11:36 ----D---- C:\Windows\system32\catroot2
2016-12-13 19:11:21 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 19:11:15 ----D---- C:\Windows\system32\Macromed
2016-12-09 19:03:33 ----D---- C:\ProgramData\Package Cache
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2016-12-13 140840]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-05-05 37896]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-03-17 19584]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2016-12-13 119208]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2016-05-12 60088]
R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-13 159232]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2014-04-30 37344]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 CFcatchme;CFcatchme; \??\C:\Users\milan\AppData\Local\Temp\CFcatchme.sys []
S3 cpuz134;cpuz134; \??\C:\Users\milan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2015-12-08 101040]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 snpmi03;VideoCAM NB 300; C:\Windows\system32\DRIVERS\snpmi03.sys [2004-01-12 186112]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2015-12-08 192944]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2016-12-13 476736]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2016-12-13 476736]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [2016-11-24 350528]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2014-04-30 233472]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [2016-12-13 1089592]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [2016-12-13 1490296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S2 HPSLPSVC;HP Network Devices Support; %SystemRoot%\system32\svchost.exe -k HPService;"ServiceDll"=C:\Users\milan\AppData\Local\Temp\7zS18C6\hpslpsvc32.dll
S2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZinw12.dll
S2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZipm12.dll
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13 270936]
S3 ECTUKUHGCAEC;ECTUKUHGCAEC; C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 102912]
S3 JMLVQPVMACCI;JMLVQPVMACCI; C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe []
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 RBAAE;RBAAE; C:\Users\milan\AppData\Local\Temp\RBAAE.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 118302
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirované obchodní sdělení
Ještě to trochu učešeme. Dvouklikem na soubor C:\Program Files\trend micro\milan_RSIT (1).exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirované obchodní sdělení
Zatím moc děkuji . Nechme to otevřené .Uvídíme ráno jestli se v poště problém objeví či nikoliv a napíši případně vložím log z RSIT.
zdraví Milan
zdraví Milan
-
Rudy
- Site Admin
- Příspěvky: 118302
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirované obchodní sdělení
OK. Ozvěte se. 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirované obchodní sdělení
Tak bohužel ty zavirované sdělení jsou tam pořád. Jenom je jich míň než před tím.
Log RSIT vypadá takto
Logfile of random's system information tool 1.14 (written by random/random)
Run by milan at 2017-01-06 11:25:18
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 18 GB (12%) free of 153 GB
Total RAM: 2303 MB (68% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:27:25, on 6.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnpmi03.exe
C:\Program Files\Android-Sync\AndroidSync.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Android-Sync\bin\adb.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\milan\Desktop\RSIT (1).exe
C:\Program Files\trend micro\milan_RSIT (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPMI03] C:\Windows\vsnpmi03.exe
O4 - HKLM\..\Run: [AndroidSync] C:\Program Files\Android-Sync\AndroidSync.exe -m
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [DLLSuite2016] C:\Program Files\DLL Suite\DLLSuite.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: ECTUKUHGCAEC - Unknown owner - C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe (file missing)
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: JMLVQPVMACCI - Unknown owner - C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe (file missing)
O23 - Service: RBAAE - Unknown owner - C:\Users\milan\AppData\Local\Temp\RBAAE.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 6359 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe online aktualizační program - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\Google Updater and Installer - C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\klcp_update - "C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\Windows\system32\tasks\{A8BDAC5B-2BDC-4E6A-9C32-9F79437DED9A} - C:\Windows\system32\pcalua.exe -a C:\Users\milan\Desktop\kamera\cnr-wcam_345_drv_xpwv3264w73264_111103.exe -d C:\Users\milan\Desktop\kamera
C:\Windows\system32\tasks\{AF383947-9332-4994-B769-CFA722C8E1E7} - C:\Program Files\Služební dokumenty\Dokumenty.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2709638672-2288162957-48926482-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Google Chrome=========
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension flliilndjeohchalpbbcdekjklbdgfkk 2 Avira Browser Safety 1.7.4
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage:
default_search_provider.search_url:
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}]
"URL"=http://www.google.com/search?q={searchT ... utEncoding?}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-10-09 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-10-09 7741440]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-10-09 81920]
"SNPMI03"=C:\Windows\vsnpmi03.exe [2003-08-08 32768]
"AndroidSync"=C:\Program Files\Android-Sync\AndroidSync.exe [2014-06-09 6252976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2016-12-13 917576]
"Avira SystrayStartTrigger"=C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-11-15 60136]
"DLLSuite2016"=C:\Program Files\DLL Suite\DLLSuite.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2014-12-12 5489944]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2017-01-06 11:25:18 ----D---- C:\rsit
2016-12-14 06:20:35 ----A---- C:\Windows\system32\mshtml.dll
2016-12-14 06:20:32 ----A---- C:\Windows\system32\ieframe.dll
2016-12-14 06:20:31 ----A---- C:\Windows\system32\jscript9.dll
2016-12-14 06:20:30 ----A---- C:\Windows\system32\wininet.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\winload.exe
2016-12-14 06:20:29 ----A---- C:\Windows\system32\win32k.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\msi.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\drivers\cng.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\crypt32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\urlmon.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\iedkcs32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\consent.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\clfs.sys
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcrypt.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcdedit.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntdll.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\wintrust.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\usp10.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\user32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\nlsbres.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\hlink.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\gdi32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-12-14 06:20:25 ----A---- C:\Windows\system32\vbscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\jscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\iertutil.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msiexec.exe
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msfeeds.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\ieapfltr.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\webcheck.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\msihnd.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\ieui.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\authui.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\srcore.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\smss.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\rpcrt4.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\occache.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msv1_0.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msrating.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\mshtmled.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\lsasrv.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\kerberos.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jsproxy.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jscript9diag.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieUnatt.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ie4uinit.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtrans.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtmsft.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\advapi32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\wdigest.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\TSpkg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspisrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspicli.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\srclient.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\schannel.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\secur32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rstrui.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rpchttp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ncrypt.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\msimsg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\lsass.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\inseng.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iesetup.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iernonce.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\appid.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\csrsrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptnet.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptbase.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\credssp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\auditpol.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appinfo.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidapi.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\apisetschema.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\tzres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msobjs.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msaudite.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\adtschema.dll
2016-12-11 13:14:34 ----D---- C:\Users\milan\AppData\Roaming\Apowersoft
2016-12-11 13:04:17 ----D---- C:\Program Files\Apowersoft
======List of files/folders modified in the last 1 month======
2017-01-06 11:27:11 ----D---- C:\Program Files\trend micro
2017-01-06 11:25:23 ----D---- C:\Windows\Temp
2017-01-06 08:28:36 ----D---- C:\Windows\system32\config
2017-01-06 06:54:33 ----D---- C:\Windows\Prefetch
2017-01-06 06:54:12 ----SHD---- C:\System Volume Information
2017-01-03 18:36:09 ----D---- C:\Windows\system32\Tasks
2017-01-02 21:11:33 ----D---- C:\Windows
2017-01-02 21:10:11 ----D---- C:\AdwCleaner
2016-12-17 03:37:55 ----SHD---- C:\Windows\Installer
2016-12-17 03:37:55 ----D---- C:\Config.Msi
2016-12-17 03:32:55 ----RD---- C:\Program Files
2016-12-17 03:32:49 ----D---- C:\Windows\Tasks
2016-12-16 07:35:18 ----D---- C:\Windows\inf
2016-12-16 07:34:45 ----D---- C:\Windows\debug
2016-12-15 20:54:47 ----D---- C:\Windows\rescache
2016-12-15 09:29:46 ----D---- C:\Windows\Microsoft.NET
2016-12-15 09:21:15 ----RSD---- C:\Windows\assembly
2016-12-15 06:23:46 ----D---- C:\Windows\System32
2016-12-15 06:23:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-12-15 06:19:17 ----D---- C:\Windows\winsxs
2016-12-15 06:13:00 ----D---- C:\Program Files\Internet Explorer
2016-12-15 06:12:59 ----D---- C:\Windows\system32\drivers
2016-12-15 06:12:59 ----D---- C:\Windows\system32\cs-CZ
2016-12-15 06:12:57 ----D---- C:\Windows\system32\en-US
2016-12-15 06:12:47 ----D---- C:\Windows\system32\Boot
2016-12-14 22:07:33 ----D---- C:\Windows\system32\MRT
2016-12-14 22:07:07 ----AC---- C:\Windows\system32\MRT.exe
2016-12-14 06:11:36 ----D---- C:\Windows\system32\catroot2
2016-12-13 19:11:21 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 19:11:15 ----D---- C:\Windows\system32\Macromed
2016-12-09 19:03:33 ----D---- C:\ProgramData\Package Cache
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2016-12-13 140840]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-05-05 37896]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-03-17 19584]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2016-12-13 119208]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2016-05-12 60088]
R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-13 159232]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2014-04-30 37344]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 CFcatchme;CFcatchme; \??\C:\Users\milan\AppData\Local\Temp\CFcatchme.sys []
S3 cpuz134;cpuz134; \??\C:\Users\milan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2015-12-08 101040]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 snpmi03;VideoCAM NB 300; C:\Windows\system32\DRIVERS\snpmi03.sys [2004-01-12 186112]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2015-12-08 192944]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2016-12-13 476736]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2016-12-13 476736]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [2016-11-24 350528]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2014-04-30 233472]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [2016-12-13 1089592]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [2016-12-13 1490296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S2 HPSLPSVC;HP Network Devices Support; %SystemRoot%\system32\svchost.exe -k HPService;"ServiceDll"=C:\Users\milan\AppData\Local\Temp\7zS18C6\hpslpsvc32.dll
S2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZinw12.dll
S2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZipm12.dll
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13 270936]
S3 ECTUKUHGCAEC;ECTUKUHGCAEC; C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 102912]
S3 JMLVQPVMACCI;JMLVQPVMACCI; C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe []
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 RBAAE;RBAAE; C:\Users\milan\AppData\Local\Temp\RBAAE.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
-----------------EOF-----------------
Log RSIT vypadá takto
Logfile of random's system information tool 1.14 (written by random/random)
Run by milan at 2017-01-06 11:25:18
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 18 GB (12%) free of 153 GB
Total RAM: 2303 MB (68% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:27:25, on 6.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnpmi03.exe
C:\Program Files\Android-Sync\AndroidSync.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Android-Sync\bin\adb.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\milan\Desktop\RSIT (1).exe
C:\Program Files\trend micro\milan_RSIT (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPMI03] C:\Windows\vsnpmi03.exe
O4 - HKLM\..\Run: [AndroidSync] C:\Program Files\Android-Sync\AndroidSync.exe -m
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [DLLSuite2016] C:\Program Files\DLL Suite\DLLSuite.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: ECTUKUHGCAEC - Unknown owner - C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe (file missing)
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: JMLVQPVMACCI - Unknown owner - C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe (file missing)
O23 - Service: RBAAE - Unknown owner - C:\Users\milan\AppData\Local\Temp\RBAAE.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 6359 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe online aktualizační program - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\Google Updater and Installer - C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\klcp_update - "C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\Windows\system32\tasks\{A8BDAC5B-2BDC-4E6A-9C32-9F79437DED9A} - C:\Windows\system32\pcalua.exe -a C:\Users\milan\Desktop\kamera\cnr-wcam_345_drv_xpwv3264w73264_111103.exe -d C:\Users\milan\Desktop\kamera
C:\Windows\system32\tasks\{AF383947-9332-4994-B769-CFA722C8E1E7} - C:\Program Files\Služební dokumenty\Dokumenty.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2709638672-2288162957-48926482-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Google Chrome=========
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension flliilndjeohchalpbbcdekjklbdgfkk 2 Avira Browser Safety 1.7.4
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage:
default_search_provider.search_url:
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}]
"URL"=http://www.google.com/search?q={searchT ... utEncoding?}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-10-09 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-10-09 7741440]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-10-09 81920]
"SNPMI03"=C:\Windows\vsnpmi03.exe [2003-08-08 32768]
"AndroidSync"=C:\Program Files\Android-Sync\AndroidSync.exe [2014-06-09 6252976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2016-12-13 917576]
"Avira SystrayStartTrigger"=C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-11-15 60136]
"DLLSuite2016"=C:\Program Files\DLL Suite\DLLSuite.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2014-12-12 5489944]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2017-01-06 11:25:18 ----D---- C:\rsit
2016-12-14 06:20:35 ----A---- C:\Windows\system32\mshtml.dll
2016-12-14 06:20:32 ----A---- C:\Windows\system32\ieframe.dll
2016-12-14 06:20:31 ----A---- C:\Windows\system32\jscript9.dll
2016-12-14 06:20:30 ----A---- C:\Windows\system32\wininet.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\winload.exe
2016-12-14 06:20:29 ----A---- C:\Windows\system32\win32k.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\msi.dll
2016-12-14 06:20:29 ----A---- C:\Windows\system32\drivers\cng.sys
2016-12-14 06:20:29 ----A---- C:\Windows\system32\crypt32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\urlmon.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\iedkcs32.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\consent.exe
2016-12-14 06:20:28 ----A---- C:\Windows\system32\clfs.sys
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcrypt.dll
2016-12-14 06:20:28 ----A---- C:\Windows\system32\bcdedit.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-12-14 06:20:27 ----A---- C:\Windows\system32\ntdll.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\wintrust.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\usp10.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\user32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\nlsbres.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\hlink.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\gdi32.dll
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-12-14 06:20:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-12-14 06:20:25 ----A---- C:\Windows\system32\vbscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\jscript.dll
2016-12-14 06:20:25 ----A---- C:\Windows\system32\iertutil.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msiexec.exe
2016-12-14 06:20:24 ----A---- C:\Windows\system32\msfeeds.dll
2016-12-14 06:20:24 ----A---- C:\Windows\system32\ieapfltr.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\webcheck.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\msihnd.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\ieui.dll
2016-12-14 06:20:23 ----A---- C:\Windows\system32\authui.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\srcore.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\smss.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\rpcrt4.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\occache.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msv1_0.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\msrating.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\mshtmled.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\lsasrv.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\kerberos.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jsproxy.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\jscript9diag.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieUnatt.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\ie4uinit.exe
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtrans.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\dxtmsft.dll
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-12-14 06:20:22 ----A---- C:\Windows\system32\advapi32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\wdigest.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\TSpkg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspisrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\sspicli.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\srclient.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\schannel.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\secur32.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rstrui.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\rpchttp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ncrypt.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\msimsg.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\lsass.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\inseng.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iesetup.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\iernonce.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\drivers\appid.sys
2016-12-14 06:20:21 ----A---- C:\Windows\system32\csrsrv.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptnet.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\cryptbase.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\credssp.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\auditpol.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appinfo.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidsvc.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 06:20:21 ----A---- C:\Windows\system32\appidapi.dll
2016-12-14 06:20:21 ----A---- C:\Windows\system32\apisetschema.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\tzres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msobjs.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\msaudite.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 06:20:20 ----A---- C:\Windows\system32\adtschema.dll
2016-12-11 13:14:34 ----D---- C:\Users\milan\AppData\Roaming\Apowersoft
2016-12-11 13:04:17 ----D---- C:\Program Files\Apowersoft
======List of files/folders modified in the last 1 month======
2017-01-06 11:27:11 ----D---- C:\Program Files\trend micro
2017-01-06 11:25:23 ----D---- C:\Windows\Temp
2017-01-06 08:28:36 ----D---- C:\Windows\system32\config
2017-01-06 06:54:33 ----D---- C:\Windows\Prefetch
2017-01-06 06:54:12 ----SHD---- C:\System Volume Information
2017-01-03 18:36:09 ----D---- C:\Windows\system32\Tasks
2017-01-02 21:11:33 ----D---- C:\Windows
2017-01-02 21:10:11 ----D---- C:\AdwCleaner
2016-12-17 03:37:55 ----SHD---- C:\Windows\Installer
2016-12-17 03:37:55 ----D---- C:\Config.Msi
2016-12-17 03:32:55 ----RD---- C:\Program Files
2016-12-17 03:32:49 ----D---- C:\Windows\Tasks
2016-12-16 07:35:18 ----D---- C:\Windows\inf
2016-12-16 07:34:45 ----D---- C:\Windows\debug
2016-12-15 20:54:47 ----D---- C:\Windows\rescache
2016-12-15 09:29:46 ----D---- C:\Windows\Microsoft.NET
2016-12-15 09:21:15 ----RSD---- C:\Windows\assembly
2016-12-15 06:23:46 ----D---- C:\Windows\System32
2016-12-15 06:23:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-12-15 06:19:17 ----D---- C:\Windows\winsxs
2016-12-15 06:13:00 ----D---- C:\Program Files\Internet Explorer
2016-12-15 06:12:59 ----D---- C:\Windows\system32\drivers
2016-12-15 06:12:59 ----D---- C:\Windows\system32\cs-CZ
2016-12-15 06:12:57 ----D---- C:\Windows\system32\en-US
2016-12-15 06:12:47 ----D---- C:\Windows\system32\Boot
2016-12-14 22:07:33 ----D---- C:\Windows\system32\MRT
2016-12-14 22:07:07 ----AC---- C:\Windows\system32\MRT.exe
2016-12-14 06:11:36 ----D---- C:\Windows\system32\catroot2
2016-12-13 19:11:21 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 19:11:15 ----D---- C:\Windows\system32\Macromed
2016-12-09 19:03:33 ----D---- C:\ProgramData\Package Cache
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2016-12-13 140840]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-05-05 37896]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-03-17 19584]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2016-12-13 119208]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2016-05-12 60088]
R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-13 159232]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2014-04-30 37344]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 CFcatchme;CFcatchme; \??\C:\Users\milan\AppData\Local\Temp\CFcatchme.sys []
S3 cpuz134;cpuz134; \??\C:\Users\milan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2015-12-08 101040]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 snpmi03;VideoCAM NB 300; C:\Windows\system32\DRIVERS\snpmi03.sys [2004-01-12 186112]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2015-12-08 192944]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2016-12-13 476736]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2016-12-13 476736]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [2016-11-24 350528]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2014-04-30 233472]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [2016-12-13 1089592]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [2016-12-13 1490296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S2 HPSLPSVC;HP Network Devices Support; %SystemRoot%\system32\svchost.exe -k HPService;"ServiceDll"=C:\Users\milan\AppData\Local\Temp\7zS18C6\hpslpsvc32.dll
S2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZinw12.dll
S2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZipm12.dll
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13 270936]
S3 ECTUKUHGCAEC;ECTUKUHGCAEC; C:\Users\milan\AppData\Local\Temp\ECTUKUHGCAEC.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 102912]
S3 JMLVQPVMACCI;JMLVQPVMACCI; C:\Users\milan\AppData\Local\Temp\JMLVQPVMACCI.exe []
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 RBAAE;RBAAE; C:\Users\milan\AppData\Local\Temp\RBAAE.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
-----------------EOF-----------------
Přispějete na provoz fóra?