Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

PC mi odesílá spamové maily z obou adres

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Uživatelský avatar
CamillaNails
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 13 led 2017 20:41

PC mi odesílá spamové maily z obou adres

#1 Příspěvek od CamillaNails »

už jsem tu dlouho nebyla, tak jsem se na vás přišla juknout ;) děkuji předem za kontrolu logu.

info.txt logfile of random's system information tool 1.14 2017-01-13 20:37:26

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A5D38F2C700008020210007DF130C000800000020030000DF140C07FEFFFF002803000008E80D00FEFFFF27FEFFFF0030EB0D00100E000000000000000000000000000000000055AA

======Uninstall list======

64 Bit HP CIO Components Installer [20160922]-->MsiExec.exe /I{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}
Adobe Acrobat Reader DC - Czech [20170113]-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Adobe Flash Player 24 NPAPI [2017/01/05 19:55:15]-->C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_Plugin.exe -maintain plugin
Adobe Flash Player 24 PPAPI [2016/12/24 16:04:57]-->C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe -maintain pepperplugin
Adobe Refresh Manager [20170113]-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824211354}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) [2016/09/22 02:55:21]-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) [2016/09/22 02:55:21]-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) [2016/09/22 02:55:21]-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
Atheros Bluetooth Suite (64) [20150527]-->MsiExec.exe /X{230D1595-57DA-4933-8C4E-375797EBB7E1}
ATK Package [20150203]-->MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}
Avast Free Antivirus [2017/01/13 08:43:38]-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
AVCWare Ringtone Maker [2016/09/22 02:55:21]-->C:\Program Files (x86)\AVCWare\Ringtone Maker\Uninstall.exe
Avidemux 2.6 (32-bit) [2016/09/22 02:55:21]-->C:\Program Files (x86)\Avidemux 2.6\uninstall.exe
Balíček ovladače systému Windows - ASUS (ATP) Mouse (11/11/2015 1.0.0.262) [2016/09/22 02:55:10]-->C:\PROGRA~1\DIFX\00492D~1\dpinst.exe /u C:\WINDOWS\System32\DriverStore\FileRepository\asustp.inf_amd64_36f3ebba989df59b\asustp.inf
CCleaner [2016/09/22 02:55:10]-->"C:\Program Files\CCleaner\uninst.exe"
D3DX10 [20150527]-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Fotogalerie [20150527]-->MsiExec.exe /X{F37D360D-9308-4BB1-8515-DC6B637B9486}
GOM Audio [2016/09/22 02:55:21]-->"C:\Program Files (x86)\GRETECH\GomAudio\uninstall.exe"
GOM Player [2017/01/06 08:15:37]-->"C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe"
HP Color LaserJet CM1312 MFP Series 5.1 [2016/09/22 02:55:10]-->C:\Program Files (x86)\HP\Digital Imaging\{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}\setup\hpzscr40.exe -datfile hppscr11.dat -onestop -forcereboot
HP Customer Participation Program 10.0 [2016/09/22 02:55:10]-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 10.0 [2016/09/22 02:55:10]-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
Inpaint 6.2 [20160106]-->"C:\Program Files\Inpaint\unins000.exe"
Intel(R) Processor Graphics [2016/09/22 02:55:22]-->"C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -uninstall
Intel(R) USB 3.0 eXtensible Host Controller Driver [2016/09/22 02:55:21]-->C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall
IrfanView (remove only) [2016/09/22 02:55:21]-->"C:\Program Files (x86)\IrfanView\iv_uninstall.exe"
Java 8 Update 111 [20161028]-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180111F0}
Junk Mail filter update [20150527]-->MsiExec.exe /I{0BE9E708-5DC0-4963-9CFD-0AA519090E79}
LibreOffice 4.4 Help Pack (Czech) [20150203]-->MsiExec.exe /I{287D0D9F-A64D-455C-88A8-93B8FC1D9A8A}
LibreOffice 4.4.0.3 [20150203]-->MsiExec.exe /I{8BEE1CDD-F95D-4759-952D-6B38DF99D1F0}
Malwarebytes Anti-Malware verze 2.2.1.1043 [20160420]-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
MediaCoder 0.8.32.5660 [2016/09/22 02:55:21]-->C:\Program Files (x86)\MediaCoder\uninst.exe
Microsoft .NET Framework 4.5.2 (CSY) [20150203]-->MsiExec.exe /X{C48AF3CF-C632-3C19-838E-7DAB7283D46A}
Microsoft .NET Framework 4.5.2 [20151113]-->MsiExec.exe /X{26784146-6E05-3FF9-9335-786C7C0FB5BE}
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) [20160202]-->MsiExec.exe /I{25E80DAA-FD87-DCE5-202C-CC02F6673002}
Microsoft Office 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}
Microsoft Office 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-002A-0405-1000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3) [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office Access MUI (Czech) 2007 [20150203]-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 [2016/09/22 02:55:21]-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 [20161214]-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007 [20150203]-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office File Validation Add-In [20160614]-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007 [20150203]-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007 [20150203]-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007 [20150813]-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007 [20150203]-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook Connector [20150527]-->MsiExec.exe /X{95140000-007A-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007 [20150203]-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007 [20150203]-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007 [20150203]-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 [20150203]-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 [20150203]-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007 [20150203]-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007 [20150203]-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {0B7A4B67-2A38-42B1-9857-662FAB361E08}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) [2016/09/22 02:55:21]-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {FDF9A959-241A-4662-A8DE-7DED9C22D160}
Microsoft Office Publisher MUI (Czech) 2007 [20150203]-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007 [20150203]-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007 [20160810]-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007 [20150203]-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Security Client [20150514]-->MsiExec.exe /X{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}
Microsoft Silverlight [20161012]-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] [20150527]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [20160201]-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 [20150414]-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [20150415]-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 [20160122]-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 [20150203]-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 [2016/09/22 02:55:22]-->"C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 [20160114]-->MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 [20160114]-->MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
Movie Maker [20150527]-->MsiExec.exe /X{3D2CF65C-B544-4308-B996-700D3E5F6C4C}
Movie Maker [20150527]-->MsiExec.exe /X{DD67BE4B-7E62-4215-AFA3-F123A800A389}
MozBackup 1.5.1 [2016/09/22 02:55:21]-->C:\Program Files (x86)\MozBackup\Uninstall.exe
Mozilla Maintenance Service [2016/09/22 02:55:21]-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Mozilla Thunderbird 45.6.0 (x86 cs) [2017/01/09 14:05:21]-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT [20150527]-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSVCRT_amd64 [20150527]-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT110 [20150527]-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
MSVCRT110_amd64 [20150527]-->MsiExec.exe /I{E9FA781F-3E80-4399-825A-AD3E11C28C77}
OpenOffice 4.1.2 [20160201]-->MsiExec.exe /I{69D27D4C-36CE-4CB2-A290-C38B0A990955}
Photo Common [20150527]-->MsiExec.exe /X{15BFD731-A10E-43E9-9D18-0F682BC0480F}
Photo Gallery [20150527]-->MsiExec.exe /X{07AAB66E-4718-422D-9218-4AFB3C922A71}
Rajče průvodce verze 1.59.54.269 [20150204]-->"C:\Program Files (x86)\rajce\unins000.exe"
Realtek High Definition Audio Driver [2016/09/23 06:09:24]-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Realtek PCIE Card Reader [20150203]-->"C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly
Recuva [2016/09/22 02:55:10]-->"C:\Program Files\Recuva\uninst.exe"
SafeZone Stable 1.51.2220.62 [2017/01/13 08:43:38]-->"C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" /uninstall
Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DF2F5DAC-93D7-434B-96B1-EAF4D891AD24}
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B7727B4D-5EA3-4C11-9D30-15E47616DCAF}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition [2016/09/22 02:55:21]-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {BF11577A-6876-45AA-86C9-2BA4CFB8B019}
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BF11577A-6876-45AA-86C9-2BA4CFB8B019}
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6B4A3804-666A-4DD8-84A7-B97701416784}
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {36842896-D83B-4C92-8261-6312B7DEB562}
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4C1BE82B-9AC0-4AB9-B76D-5467131955E1}
Security Update for Microsoft Office 2007 suites (KB2881067) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {08F2015D-61E9-4252-9355-AB8D15C73C96}
Security Update for Microsoft Office 2007 suites (KB2883033) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {393B910B-BEEA-432E-922A-296CB651EAF6}
Security Update for Microsoft Office 2007 suites (KB2956110) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {488CDF0A-098C-4CF5-8552-DA5F2F7B7829}
Security Update for Microsoft Office 2007 suites (KB2984938) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E359D786-B101-4545-B8AB-8652323CF3CA}
Security Update for Microsoft Office 2007 suites (KB2984943) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {800D1A82-D1B0-4ED4-89B4-C666B570ABA5}
Security Update for Microsoft Office 2007 suites (KB2986253) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1EBDB402-7B61-4224-994D-6882DC69F493}
Security Update for Microsoft Office 2007 suites (KB3085549) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8D2CDFAB-0079-43CC-A289-2F7A67F0A4DE}
Security Update for Microsoft Office 2007 suites (KB3114442) 32-Bit Edition [2016/09/22 02:55:21]-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {69E0CBF6-BBD9-43F8-86DD-13B247CC26BE}
Security Update for Microsoft Office 2007 suites (KB3118301) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F4139440-5426-4C6F-909B-F71CEB1071B1}
Security Update for Microsoft Office 2007 suites (KB3128020) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E5F47CD-6BB8-4ABA-B585-E248FC183D96}
Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F774C8A-B1CE-486C-A64E-EA96AE48B813}
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3128022) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0E801B27-2D35-4A12-92B9-ABB39728C285}
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3128024) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DFD61A88-EA38-455F-920E-2175FCA35BC6}
Security Update for Microsoft Office Excel 2007 (KB3128019) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {04AE77D3-DE8D-44B5-902C-6CD8D137E645}
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
Security Update for Microsoft Office InfoPath 2007 (KB3114426) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {26C5C75F-E1FD-4F95-AA29-CA221C3AFEEE}
Security Update for Microsoft Office OneNote 2007 (KB3114456) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E0F25378-0690-4F53-998A-F5D63412BBD7}
Security Update for Microsoft Office Outlook 2007 (KB3118303) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A46489A-5B4C-4674-A90D-F6282EB179C3}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office PowerPoint 2007 (KB3114744) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D414541A-BC49-43A8-966B-C5AF19738562}
Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {724051CF-E09E-4F84-9946-F5014AB7389B}
Security Update for Microsoft Office Visio Viewer 2007 (KB2596915) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7FE99CC2-FBE5-422F-A6FB-49E0D8AFE919}
Security Update for Microsoft Office Word 2007 (KB3128025) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B6B23EA6-17E3-4F51-B9D7-B00A18EE2C61}
Shark007 Advanced Codecs [20150203]-->cmd /c start /D"C:\Program Files (x86)\Shark007\Advanced\Tools" Settings32.exe uninstall
Total Commander 64-bit (Remove or Repair) [2016/09/22 02:55:10]-->c:\totalcmd\tcunin64.exe
Update for 2007 Microsoft Office System (KB967642) [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3}
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition [2016/09/22 02:55:21]-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}
Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7C3337E5-1294-4270-A64F-DCEF812159E5}
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition [2016/09/22 02:55:21]-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {A030537D-0034-46AD-A730-B1119786F607}
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3115461) 32-Bit Edition [2016/12/14 07:37:34]-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8C829BE5-F60C-417A-89E3-9A1B427320F2}
VC80CRTRedist - 8.0.50727.6195 [20151121]-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
Vivaldi [20160904]-->"C:\Users\Kamila\AppData\Local\Vivaldi\Application\1.6.689.40\Installer\setup.exe" --uninstall --vivaldi
VLC media player [2016/11/13 16:21:21]-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live Communications Platform [20150527]-->MsiExec.exe /I{41C61308-6CFD-4D54-AB6A-7136ED08A18E}
Windows Live Essentials [20150527]-->MsiExec.exe /I{9A470EA9-FF86-4C0E-992C-572BF2B9D6FF}
Windows Live Essentials [2016/09/22 02:55:21]-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Family Safety [20150527]-->MsiExec.exe /I{2BC9C2FF-E0B7-40F9-B1A5-6F80663C301B}
Windows Live Family Safety [20150527]-->MsiExec.exe /X{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}
Windows Live ID Sign-in Assistant [20150527]-->MsiExec.exe /I{CE52672C-A0E9-4450-8875-88A221D5CD50}
Windows Live Installer [20150527]-->MsiExec.exe /I{659CB81C-B54E-4DF1-B618-F35777393A54}
Windows Live Mail [20150527]-->MsiExec.exe /I{3EE8FA69-F2A5-4BDB-9E23-3ABB2421B4FA}
Windows Live Mail [20150527]-->MsiExec.exe /I{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}
Windows Live Messenger [20150527]-->MsiExec.exe /X{88B9357F-0845-465F-96B9-50976FB9C6C2}
Windows Live Messenger [20150527]-->MsiExec.exe /X{E703613B-BDAB-433E-A66A-DE0263E3D35D}
Windows Live MIME IFilter [20150527]-->MsiExec.exe /I{25058321-C33E-496B-8915-6FD64D362CAF}
Windows Live Photo Common [20150527]-->MsiExec.exe /X{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}
Windows Live PIMT Platform [20150527]-->MsiExec.exe /I{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}
Windows Live SOXE [20150527]-->MsiExec.exe /I{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}
Windows Live SOXE Definitions [20150527]-->MsiExec.exe /I{D1893000-EA77-493C-8DDD-E262436E959B}
Windows Live UX Platform [20150527]-->MsiExec.exe /I{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}
Windows Live UX Platform Language Pack [20150527]-->MsiExec.exe /I{E100E2B5-F2EF-4955-AB7A-C3F2125A3BCD}
Windows Live Writer [20150527]-->MsiExec.exe /X{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}
Windows Live Writer [20150527]-->MsiExec.exe /X{124A05DC-3C47-4EEF-85CE-56D6C1CAE62B}
Windows Live Writer [20150527]-->MsiExec.exe /X{714E162E-CD4F-4F1B-8302-7F5179409C25}
Windows Live Writer Resources [20150527]-->MsiExec.exe /X{E5807449-CA84-42F6-9CE3-A0E2BDA9E24B}
WinRAR 5.01 (64-bit) [2016/09/22 02:55:10]-->C:\Program Files\WinRAR\uninstall.exe
x64 Components v5.0.5 [20150203]-->cmd /c start /D"C:\Program Files\Shark007\Tools" Settings64.exe uninstall

======System event log"======

Computer Name: CamillaNails
Event Code: 27
Message: Typ spuštění byl 0x0.
Record Number: 5
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20160922014903.005531-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: CamillaNails
Event Code: 153
Message: Zabezpečení založené na virtualizaci (zásady: 0) je zakázáno se stavem STATUS_SUCCESS.
Record Number: 4
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20160922014903.005253-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: CamillaNails
Event Code: 6005
Message: Služba Event Log byla spuštěna.
Record Number: 3
Source Name: EventLog
Time Written: 20160922014941.924539-000
Event Type: Informace
User:

Computer Name: CamillaNails
Event Code: 6009
Message: Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free.
Record Number: 2
Source Name: EventLog
Time Written: 20160922014941.924539-000
Event Type: Informace
User:

Computer Name: CamillaNails
Event Code: 12
Message: Operační systém se spustil v systémovém čase ‎2016‎-‎09‎-‎22T01:49:02.485606400Z.
Record Number: 1
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20160922014903.005137-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log"=====

Computer Name: CamillaNails
Event Code: 11707
Message: Product: 64 Bit HP CIO Components Installer -- Installation completed successfully.
Record Number: 5
Source Name: MsiInstaller
Time Written: 20160922015019.368706-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: CamillaNails
Event Code: 1040
Message: Probíhá zahajování transakce Instalační služby systému Windows: C:\WINDOWS\system32\spool\DRIVERS\x64\3\CIOUM64.MSI. ID procesu klienta: 2864
Record Number: 4
Source Name: MsiInstaller
Time Written: 20160922015018.805678-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: CamillaNails
Event Code: 5615
Message: Služba WMI (Windows Management Instrumentation) byla úspěšně spuštěna.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20160922014942.491604-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: CamillaNails
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20160922014941.977360-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: CAMILLANAILS
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20160922014941.971415-000
Event Type: Informace
User:

=====Security event log"=====

Computer Name: CamillaNails
Event Code: 4907
Message: Nastavení auditu objektu se změnila.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: CAMILLANAILS$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: \Device\HarddiskVolume1\Boot\ja-JP\memtest.exe.mui
ID popisovače: 0x314

Informace o procesu:
ID procesu: 0x644
Název procesu: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe

Nastavení auditu:
Původní popisovač zabezpečení: S:AINO_ACCESS_CONTROL
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 34515
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161209231144.474236-000
Event Type: Úspěšný audit
User:

Computer Name: CamillaNails
Event Code: 4907
Message: Nastavení auditu objektu se změnila.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: CAMILLANAILS$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: \Device\HarddiskVolume1\Boot\ja-JP\bootmgr.exe.mui
ID popisovače: 0x314

Informace o procesu:
ID procesu: 0x644
Název procesu: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe

Nastavení auditu:
Původní popisovač zabezpečení: S:AINO_ACCESS_CONTROL
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 34514
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161209231144.471602-000
Event Type: Úspěšný audit
User:

Computer Name: CamillaNails
Event Code: 4907
Message: Nastavení auditu objektu se změnila.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: CAMILLANAILS$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: \Device\HarddiskVolume1\Boot\it-IT\memtest.exe.mui
ID popisovače: 0x314

Informace o procesu:
ID procesu: 0x644
Název procesu: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe

Nastavení auditu:
Původní popisovač zabezpečení: S:AINO_ACCESS_CONTROL
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 34513
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161209231144.467541-000
Event Type: Úspěšný audit
User:

Computer Name: CamillaNails
Event Code: 4907
Message: Nastavení auditu objektu se změnila.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: CAMILLANAILS$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: \Device\HarddiskVolume1\Boot\it-IT\bootmgr.exe.mui
ID popisovače: 0x314

Informace o procesu:
ID procesu: 0x644
Název procesu: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe

Nastavení auditu:
Původní popisovač zabezpečení: S:AINO_ACCESS_CONTROL
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 34512
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161209231144.465014-000
Event Type: Úspěšný audit
User:

Computer Name: CamillaNails
Event Code: 4907
Message: Nastavení auditu objektu se změnila.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: CAMILLANAILS$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: \Device\HarddiskVolume1\Boot\hu-HU\memtest.exe.mui
ID popisovače: 0x314

Informace o procesu:
ID procesu: 0x644
Název procesu: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe

Nastavení auditu:
Původní popisovač zabezpečení: S:AINO_ACCESS_CONTROL
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 34511
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161209231144.461480-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=3a09
"FP_NO_HOST_CHECK"=NO
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13400
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: PC mi odesílá spamové maily z obou adres

#2 Příspěvek od Roli »

Zdravím, bylo by možné mi sem dát ještě log.txt z Rsit ?
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:

Uživatelský avatar
CamillaNails
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 13 led 2017 20:41

Re: PC mi odesílá spamové maily z obou adres

#3 Příspěvek od CamillaNails »

jaj, jsem sem hodila info.. omlovám se...
Logfile of random's system information tool 1.14 (written by random/random)
Run by Kamila at 2017-01-13 20:37:19
Microsoft Windows 10 Home
System drive C: has 71 GB (62%) free of 114 GB
Total RAM: 6030 MB (63% free)
X64


======Enumerating Processes======

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\dashost.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-272acc3c-8823-4835-bc00-ebf012089877 -SystemEventPortName:HostProcess-e8e52003-9938-4ef4-939b-55656adbf6bf -IoCancelEventPortName:HostProcess-1bf0300e-70a9-4480-b8c2-b94c8ae35c7c -NonStateChangingEventPortName:HostProcess-e8fafc51-7c23-469d-bffb-86f843f7c8d6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2dee7ee6-17ae-4d0d-afdc-c71ad19eabe3 -DeviceGroupId:WpdFsGroup
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\SysWoW64\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
C:\WINDOWS\System32\dwm.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxTray.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /AECBYLISTENTOSTATUS
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\WINDOWS\System32\fontdrvhost.exe
C:\Windows\System32\InstallAgent.exe -Embedding
C:\Windows\System32\InstallAgentUserBroker.exe -Embedding
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca
"C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
C:\WINDOWS\system32\AUDIODG.EXE 0x3e4
c:\windows\system32\inetsrv\w3wp.exe -ap "DefaultAppPool" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipm8ad3a002-3a29-4885-9211-b2b904c08fc5 -h "C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config" -w "" -m 0 -t 20 -ta 0
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
"C:\Users\Kamila\AppData\Local\Vivaldi\Application\vivaldi.exe"
C:\Users\Kamila\AppData\Local\Vivaldi\Application\vivaldi.exe --type=crashpad-handler /prefetch:7 "--database=C:\Users\Kamila\AppData\Local\Chromium\User Data\Crashpad" "--metrics-dir=C:\Users\Kamila\AppData\Local\Chromium\User Data" --annotation=channel= --annotation=plat=Win32 --annotation=prod=Vivaldi --annotation=ver=1.6.689.40 --handshake-handle=0x1a8
"C:\Users\Kamila\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=gpu-process --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --supports-dual-gpus=false --gpu-driver-bug-workarounds=6,17,21,37,54,65 --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.4358 --gpu-driver-date=12-21-2015 --service-request-channel-token=4FC5F3864DD39C426152FA37BEE99C7F --mojo-platform-channel-handle=1300 --ignored=" --type=renderer " /prefetch:2
"C:\Users\Kamila\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=208D8920DE9BF7919710245D7ED40BB9 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\WINDOWS\SysWoW64\Macromed\Flash\pepflashplayer32_24_0_0_186.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=208D8920DE9BF7919710245D7ED40BB9 --running-vivaldi --mojo-platform-channel-handle=2392 /prefetch:1
"C:\Users\Kamila\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=9C70F0240B187D8D538F9D11F5EB06D4 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\WINDOWS\SysWoW64\Macromed\Flash\pepflashplayer32_24_0_0_186.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=9C70F0240B187D8D538F9D11F5EB06D4 --running-vivaldi --mojo-platform-channel-handle=3616 /prefetch:1
"C:\Users\Kamila\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=5BE20D2A59D6DAF63421813C5023B035 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\WINDOWS\SysWoW64\Macromed\Flash\pepflashplayer32_24_0_0_186.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=5BE20D2A59D6DAF63421813C5023B035 --running-vivaldi --mojo-platform-channel-handle=2588 /prefetch:1
"C:\Users\Kamila\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=902B8924D96F12D2EC46731A86AC7F1E --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\WINDOWS\SysWoW64\Macromed\Flash\pepflashplayer32_24_0_0_186.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=902B8924D96F12D2EC46731A86AC7F1E --running-vivaldi --mojo-platform-channel-handle=6180 /prefetch:1
C:\WINDOWS\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
"C:\Program Files\trend micro\Kamila_RSITx64.exe" /silentautolog
"C:\Users\Kamila\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe -check pepperplugin
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe -check pepperplugin
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\ATKOSD2 - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task - C:\Users\Kamila\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\RtHDVBg - "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
C:\WINDOWS\system32\tasks\RtHDVBg_ListenToDevice - "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /AECBYLISTENTOSTATUS
C:\WINDOWS\system32\tasks\RTKCPL - "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\WINDOWS\system32\tasks\SafeZone scheduled Autoupdate 1461153356 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{73E85111-E035-4212-A804-341B7B13DD5A} - C:\WINDOWS\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\WPD\SqmUpload_S-1-5-21-2218426051-1343921682-1280377330-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Google Chrome=========

C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.8
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.7
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 6.3
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.7
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.20
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.0
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.6
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google+ Hangouts 1.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Peněženka Google 0.0.6.1
Extension pafkbggdmjlpgkdkcbjmhmfcdpncadgh 1 Google Now 1.2.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 7
Homepage: http://www.seznam.cz/
default_search_provider.search_url:
C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-28 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-11-29 52352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-28 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [2012-11-29 801920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Kamila\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-09-22 633024]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-03-11 8686296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #0"=C:\Users\Kamila\AppData\Local\Vivaldi\Application\vivaldi.exe [2016-12-19 860792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22 587288]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2015-02-03 291280]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2013-09-09 406328]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2013-05-30 205624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
""= []
"HPUsageTracking"=C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [2009-05-11 24576]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2017-01-03 9080768]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22 587288]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=%SystemRoot%\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.x264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-13 20:34:29 ----D---- C:\rsit
2017-01-13 20:34:29 ----D---- C:\Program Files\trend micro
2017-01-11 11:20:11 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 11:20:11 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 11:20:10 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 11:20:09 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2017-01-11 11:20:09 ----A---- C:\WINDOWS\SYSWOW64\StoreAgent.dll
2017-01-11 11:20:09 ----A---- C:\WINDOWS\SYSWOW64\InstallAgentUserBroker.exe
2017-01-11 11:20:09 ----A---- C:\WINDOWS\SYSWOW64\InstallAgent.exe
2017-01-11 11:20:09 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 11:20:09 ----A---- C:\WINDOWS\system32\mfcore.dll
2017-01-11 11:20:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 11:20:08 ----A---- C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 11:20:08 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 11:20:08 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 11:20:08 ----A---- C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 11:20:08 ----A---- C:\WINDOWS\system32\d2d1.dll
2017-01-11 11:20:08 ----A---- C:\WINDOWS\system32\aeinv.dll
2017-01-11 11:20:07 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.CredDialogController.dll
2017-01-11 11:20:07 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2017-01-11 11:20:07 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 11:20:07 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BioFeedback.dll
2017-01-11 11:20:07 ----A---- C:\WINDOWS\system32\rdpencom.dll
2017-01-11 11:20:07 ----A---- C:\WINDOWS\system32\rdpcore.dll
2017-01-11 11:20:07 ----A---- C:\WINDOWS\system32\mstscax.dll
2017-01-11 11:20:07 ----A---- C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 11:20:07 ----A---- C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 11:20:07 ----A---- C:\WINDOWS\system32\D3D12.dll
2017-01-11 11:20:06 ----A---- C:\WINDOWS\SYSWOW64\offlinesam.dll
2017-01-11 11:20:06 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2017-01-11 11:20:06 ----A---- C:\WINDOWS\system32\wuuhext.dll
2017-01-11 11:20:06 ----A---- C:\WINDOWS\system32\wuaueng.dll
2017-01-11 11:20:06 ----A---- C:\WINDOWS\system32\winlogon.exe
2017-01-11 11:20:06 ----A---- C:\WINDOWS\system32\sppobjs.dll
2017-01-11 11:20:06 ----A---- C:\WINDOWS\system32\samsrv.dll
2017-01-11 11:20:06 ----A---- C:\WINDOWS\system32\offlinesam.dll
2017-01-11 11:20:06 ----A---- C:\WINDOWS\system32\lsasrv.dll
2017-01-11 11:20:05 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2017-01-11 11:20:05 ----A---- C:\WINDOWS\SYSWOW64\aclui.dll
2017-01-11 11:20:05 ----A---- C:\WINDOWS\system32\shell32.dll
2017-01-11 11:20:04 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2017-01-11 11:20:03 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\SYSWOW64\cryptui.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\system32\wuapi.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\system32\wow64.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\system32\WinSCard.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\system32\msv1_0.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\system32\kerberos.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\system32\cryptui.dll
2017-01-11 11:20:03 ----A---- C:\WINDOWS\system32\certprop.dll
2017-01-11 11:20:02 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 11:20:02 ----A---- C:\WINDOWS\SYSWOW64\indexeddbserver.dll
2017-01-11 11:20:02 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2017-01-11 11:20:02 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2017-01-11 11:20:01 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2017-01-11 11:20:01 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2017-01-11 11:20:00 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2017-01-11 11:19:59 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2017-01-11 11:19:59 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2017-01-11 11:19:59 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 11:19:58 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2017-01-11 11:19:58 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 11:19:57 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2017-01-11 11:19:57 ----A---- C:\WINDOWS\system32\win32kbase.sys
2017-01-11 11:19:57 ----A---- C:\WINDOWS\system32\Chakra.dll
2017-01-11 11:19:56 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2017-01-11 11:19:56 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 11:19:56 ----A---- C:\WINDOWS\system32\mspaint.exe
2017-01-11 11:19:55 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2017-01-11 11:19:55 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 11:19:55 ----A---- C:\WINDOWS\system32\mshtml.dll
2017-01-11 11:19:55 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 11:19:54 ----A---- C:\WINDOWS\system32\winmde.dll
2017-01-11 11:19:54 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 11:19:54 ----A---- C:\WINDOWS\system32\twinui.dll
2017-01-11 11:19:54 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 11:19:53 ----A---- C:\WINDOWS\system32\edgehtml.dll
2017-01-11 11:19:52 ----A---- C:\WINDOWS\system32\aadtb.dll
2017-01-11 11:19:49 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 11:19:48 ----A---- C:\WINDOWS\system32\usocore.dll
2017-01-11 11:19:48 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 11:19:47 ----A---- C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 11:19:47 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 11:19:47 ----A---- C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 11:19:46 ----A---- C:\WINDOWS\SYSWOW64\remoteaudioendpoint.dll
2017-01-11 11:19:46 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2017-01-11 11:19:46 ----A---- C:\WINDOWS\SYSWOW64\LaunchWinApp.exe
2017-01-11 11:19:46 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 11:19:45 ----A---- C:\WINDOWS\system32\rdpudd.dll
2017-01-11 11:19:44 ----A---- C:\WINDOWS\SYSWOW64\SyncSettings.dll
2017-01-11 11:19:44 ----A---- C:\WINDOWS\SYSWOW64\rdpencom.dll
2017-01-11 11:19:44 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2017-01-11 11:19:44 ----A---- C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 11:19:44 ----A---- C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 11:19:43 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2017-01-11 11:19:43 ----A---- C:\WINDOWS\SYSWOW64\CloudBackupSettings.dll
2017-01-11 11:19:43 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 11:19:43 ----A---- C:\WINDOWS\system32\win32k.sys
2017-01-11 11:19:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2017-01-11 11:19:42 ----A---- C:\WINDOWS\SYSWOW64\LogonController.dll
2017-01-11 11:19:42 ----A---- C:\WINDOWS\system32\win32kfull.sys
2017-01-11 11:19:41 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2017-01-11 11:19:41 ----A---- C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 11:19:41 ----A---- C:\WINDOWS\system32\SRH.dll
2017-01-11 11:19:40 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2017-01-11 11:19:40 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 11:19:39 ----A---- C:\WINDOWS\system32\dosvc.dll
2017-01-11 11:19:39 ----A---- C:\WINDOWS\system32\domgmt.dll
2017-01-11 11:19:39 ----A---- C:\WINDOWS\system32\audiosrv.dll
2017-01-11 11:19:39 ----A---- C:\WINDOWS\system32\AudioSes.dll
2017-01-11 11:19:39 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 11:19:39 ----A---- C:\WINDOWS\system32\AudioEng.dll
2017-01-11 11:19:39 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 11:19:39 ----A---- C:\WINDOWS\system32\aclui.dll
2017-01-11 11:19:38 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 11:19:38 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 11:19:38 ----A---- C:\WINDOWS\system32\ClipUp.exe
2017-01-11 11:19:37 ----A---- C:\WINDOWS\SYSWOW64\mfnetsrc.dll
2017-01-11 11:19:37 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 11:19:37 ----A---- C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 11:19:37 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 11:19:36 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2017-01-11 11:19:36 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 11:19:36 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 11:19:35 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2017-01-11 11:19:35 ----A---- C:\WINDOWS\SYSWOW64\mqmigplugin.dll
2017-01-11 11:19:35 ----A---- C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 11:19:35 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 11:19:35 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2017-01-11 11:19:34 ----A---- C:\WINDOWS\SYSWOW64\mfnetcore.dll
2017-01-11 11:19:34 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll
2017-01-11 11:19:34 ----A---- C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 11:19:34 ----A---- C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-11 11:19:34 ----A---- C:\WINDOWS\system32\cloudAP.dll
2017-01-11 11:19:33 ----A---- C:\WINDOWS\SYSWOW64\MCRecvSrc.dll
2017-01-11 11:19:33 ----A---- C:\WINDOWS\system32\winsrv.dll
2017-01-11 11:19:33 ----A---- C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 11:19:33 ----A---- C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 11:19:33 ----A---- C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 11:19:33 ----A---- C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 11:19:32 ----A---- C:\WINDOWS\system32\securekernel.exe
2017-01-11 11:19:32 ----A---- C:\WINDOWS\system32\fhcfg.dll
2017-01-11 11:19:32 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2017-01-11 11:19:31 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 11:19:24 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 11:19:23 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 11:19:22 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2017-01-11 11:19:21 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2017-01-11 11:19:21 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2017-01-11 11:19:21 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2017-01-11 11:19:21 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2017-01-11 11:19:21 ----A---- C:\WINDOWS\system32\LogonController.dll
2017-01-11 11:19:19 ----A---- C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 11:19:19 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 11:19:18 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2017-01-11 11:19:18 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2017-01-11 11:19:18 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_47.dll
2017-01-11 11:19:18 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 11:19:17 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 11:19:17 ----A---- C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 11:19:17 ----A---- C:\WINDOWS\system32\provengine.dll
2017-01-11 11:19:17 ----A---- C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 11:19:17 ----A---- C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 11:19:16 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2017-01-09 07:58:09 ----A---- C:\WINDOWS\system32\aswBoot.exe
2017-01-03 07:50:50 ----A---- C:\WINDOWS\avastSS.scr
2016-12-14 07:33:06 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 07:33:05 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2016-12-14 07:33:05 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2016-12-14 07:33:05 ----A---- C:\WINDOWS\system32\ole32.dll
2016-12-14 07:33:05 ----A---- C:\WINDOWS\system32\msdtctm.dll
2016-12-14 07:33:04 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2016-12-14 07:33:04 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2016-12-14 07:33:04 ----A---- C:\WINDOWS\system32\msi.dll
2016-12-14 07:33:04 ----A---- C:\WINDOWS\system32\hvix64.exe
2016-12-14 07:33:04 ----A---- C:\WINDOWS\system32\hvax64.exe
2016-12-14 07:33:04 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 07:33:03 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 07:33:03 ----A---- C:\WINDOWS\SYSWOW64\TextInputFramework.dll
2016-12-14 07:33:03 ----A---- C:\WINDOWS\system32\hvloader.exe
2016-12-14 07:33:02 ----A---- C:\WINDOWS\SYSWOW64\WordBreakers.dll
2016-12-14 07:33:02 ----A---- C:\WINDOWS\SYSWOW64\InputLocaleManager.dll
2016-12-14 07:33:02 ----A---- C:\WINDOWS\SYSWOW64\EditBufferTestHook.dll
2016-12-14 07:33:02 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 07:33:02 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 07:33:01 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 07:33:01 ----A---- C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 07:33:01 ----A---- C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 07:33:01 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 07:32:58 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2016-12-14 07:32:58 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2016-12-14 07:32:57 ----A---- C:\WINDOWS\SYSWOW64\sspicli.dll
2016-12-14 07:32:57 ----A---- C:\WINDOWS\system32\InputService.dll
2016-12-14 07:32:56 ----A---- C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 07:32:56 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 07:32:56 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 07:32:56 ----A---- C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 07:32:56 ----A---- C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 07:32:55 ----A---- C:\WINDOWS\system32\ShareHost.dll
2016-12-14 07:32:54 ----A---- C:\WINDOWS\system32\user32.dll
2016-12-14 07:32:53 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-12-14 07:32:53 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-12-14 07:32:52 ----A---- C:\WINDOWS\system32\cdp.dll
2016-12-14 07:32:50 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2016-12-14 07:32:49 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2016-12-14 07:32:49 ----A---- C:\WINDOWS\system32\gdi32full.dll
2016-12-14 07:32:49 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 07:32:48 ----A---- C:\WINDOWS\system32\winresume.exe
2016-12-14 07:32:47 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 07:32:47 ----A---- C:\WINDOWS\system32\winload.exe
2016-12-14 07:32:46 ----A---- C:\WINDOWS\SYSWOW64\WinTypes.dll
2016-12-14 07:32:46 ----A---- C:\WINDOWS\SYSWOW64\LicenseManager.dll
2016-12-14 07:32:46 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2016-12-14 07:32:46 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2016-12-14 07:32:46 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2016-12-14 07:32:46 ----A---- C:\WINDOWS\system32\WinTypes.dll
2016-12-14 07:32:46 ----A---- C:\WINDOWS\system32\combase.dll
2016-12-14 07:32:45 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 07:32:45 ----A---- C:\WINDOWS\SYSWOW64\wincorlib.dll
2016-12-14 07:32:45 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2016-12-14 07:32:45 ----A---- C:\WINDOWS\system32\wincorlib.dll
2016-12-14 07:32:45 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 07:32:45 ----A---- C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 07:32:45 ----A---- C:\WINDOWS\system32\appraiser.dll
2016-12-14 07:32:45 ----A---- C:\WINDOWS\system32\acmigration.dll
2016-12-14 07:32:44 ----A---- C:\WINDOWS\SYSWOW64\mdmregistration.dll
2016-12-14 07:32:44 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2016-12-14 07:32:44 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-12-14 07:32:44 ----A---- C:\WINDOWS\SYSWOW64\bcrypt.dll
2016-12-14 07:32:44 ----A---- C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 07:32:44 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2016-12-14 07:32:44 ----A---- C:\WINDOWS\system32\bcrypt.dll
2016-12-14 07:32:43 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-12-14 07:32:43 ----A---- C:\WINDOWS\system32\fveapibase.dll
2016-12-14 07:32:42 ----A---- C:\WINDOWS\system32\fveapi.dll
2016-12-14 07:32:42 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2016-12-14 07:32:41 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 07:32:41 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2016-12-14 07:32:41 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2016-12-14 07:32:41 ----A---- C:\WINDOWS\system32\cdd.dll
2016-12-14 07:32:40 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2016-12-14 07:32:38 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2016-12-14 07:32:37 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 07:32:36 ----A---- C:\WINDOWS\system32\sspicli.dll
2016-12-14 07:32:36 ----A---- C:\WINDOWS\system32\CryptoWinRT.dll

======List of files/folders modified in the last 1 month======

2017-01-13 20:34:29 ----RD---- C:\Program Files
2017-01-13 20:29:30 ----D---- C:\WINDOWS\Temp
2017-01-13 20:26:26 ----D---- C:\WINDOWS\system32\sru
2017-01-13 20:25:12 ----D---- C:\WINDOWS\system32\drivers
2017-01-13 20:23:26 ----D---- C:\WINDOWS\system32\SleepStudy
2017-01-13 08:44:06 ----RD---- C:\WINDOWS\Microsoft.NET
2017-01-13 07:59:36 ----SHDC---- C:\WINDOWS\Installer
2017-01-13 07:59:36 ----HD---- C:\Config.Msi
2017-01-13 07:59:33 ----D---- C:\WINDOWS\Prefetch
2017-01-13 07:59:21 ----D---- C:\WINDOWS\SysWOW64
2017-01-13 07:58:19 ----D---- C:\WINDOWS\system32\Tasks
2017-01-13 07:49:06 ----D---- C:\WINDOWS\AppReadiness
2017-01-12 13:00:47 ----D---- C:\WINDOWS\system32\config
2017-01-12 12:14:59 ----D---- C:\WINDOWS\WinSxS
2017-01-12 12:14:11 ----D---- C:\WINDOWS\system32\catroot2
2017-01-12 07:51:21 ----D---- C:\WINDOWS\System32
2017-01-12 07:51:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-12 07:50:33 ----D---- C:\WINDOWS\INF
2017-01-12 07:46:43 ----D---- C:\WINDOWS\system32\DriverStore
2017-01-11 22:49:59 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2017-01-11 22:49:59 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 22:49:59 ----D---- C:\WINDOWS\system32\wbem
2017-01-11 22:49:59 ----D---- C:\WINDOWS\system32\oobe
2017-01-11 22:49:59 ----D---- C:\WINDOWS\ShellExperiences
2017-01-11 22:49:59 ----D---- C:\WINDOWS\Provisioning
2017-01-11 22:49:59 ----D---- C:\Program Files\Internet Explorer
2017-01-11 22:49:59 ----D---- C:\Program Files (x86)\Internet Explorer
2017-01-11 19:59:21 ----D---- C:\WINDOWS\CbsTemp
2017-01-11 19:56:17 ----D---- C:\WINDOWS\system32\MRT
2017-01-11 19:54:43 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-01-11 09:00:00 ----D---- C:\WINDOWS\LiveKernelReports
2017-01-09 20:54:54 ----HD---- C:\ProgramData
2017-01-09 07:58:05 ----D---- C:\Windows
2017-01-09 07:57:30 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-09 07:57:30 ----AD---- C:\Program Files (x86)\Mozilla Thunderbird
2017-01-05 19:55:11 ----D---- C:\WINDOWS\system32\Macromed
2017-01-05 19:55:10 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2016-12-23 00:13:26 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2016-12-18 14:48:20 ----D---- C:\WINDOWS\rescache
2016-12-17 11:49:53 ----RD---- C:\WINDOWS\assembly
2016-12-16 13:14:36 ----D---- C:\WINDOWS\system32\NDF
2016-12-16 07:04:01 ----D---- C:\WINDOWS\SYSWOW64\en-US
2016-12-16 07:04:01 ----D---- C:\WINDOWS\system32\en-US
2016-12-16 07:04:00 ----D---- C:\WINDOWS\system32\Boot
2016-12-16 07:04:00 ----D---- C:\WINDOWS\AppPatch
2016-12-14 07:37:34 ----D---- C:\ProgramData\Microsoft Help
2016-12-14 07:34:20 ----D---- C:\WINDOWS\debug

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2017-01-03 74544]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2017-01-03 293352]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2017-01-03 37144]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2017-01-03 103064]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2017-01-03 969184]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2017-01-03 513632]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2013-07-02 19768]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2017-01-03 108816]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2017-01-03 163416]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R3 athr;@athw8x.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\System32\drivers\athw8x.sys [2016-07-16 4233728]
R3 ATP;@oem31.inf,%PS2.DeviceDesc%;ASUS Input Device; C:\WINDOWS\System32\drivers\AsusTP.sys [2015-12-14 101368]
R3 BTATH_BUS;@oem9.inf,%BTATH_BUS.SVCDESC%;Atheros Bluetooth Bus; C:\WINDOWS\System32\drivers\btath_bus.sys [2012-11-29 30848]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2015-06-29 609992]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2016-09-22 114176]
R3 BthLEEnum;@BthLEEnum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-09-15 249856]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2016-10-05 128512]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-09-22 84992]
R3 HIDSwitch;@oem10.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2015-08-20 27872]
R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfx64bulk.sys [2007-07-16 20504]
R3 iwdbus;@oem36.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-01 38896]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2017-01-13 192216]
R3 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2016-09-22 175616]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2016-07-16 183808]
R3 RSBASTOR;@oem1.inf,%Rts5208%;Realtek PCIE CardReader Driver - BA; C:\WINDOWS\system32\DRIVERS\RtsBaStor.sys [2015-06-03 321792]
R3 rt640x64;@oem11.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-07 895256]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2017-01-03 37656]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2016-11-11 967168]
S3 dg_ssudbus;@oem0.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
S3 fssfltr;fssfltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2014-03-31 58056]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-09-22 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 intaud_WaveExtensible;@oem17.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-12-01 50160]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 RTL8169;Realtek 8169 NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlh64.sys [2011-09-08 508520]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 ssudmdm;@oem6.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-09-05 165504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; %windir%\system32\svchost.exe -k apphost;"ServiceDll"=%windir%\system32\inetsrv\apphostsvc.dll
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2013-09-09 111416]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-21 96896]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-01-03 197128]
R2 CDPUserSvc_1411dad;CDPUserSvc_1411dad; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\syswow64\svchost.exe [2016-07-16 38792]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2016-05-03 337888]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2016-09-22 26112]
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
R2 OneSyncSvc_1411dad;Hostitel synchronizace_1411dad; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\syswow64\svchost.exe [2016-07-16 38792]
R3 PimIndexMaintenanceSvc_1411dad;Data kontaktů_1411dad; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\TimeBrokerServer.dll
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=%SystemRoot%\System32\CDPUserSvc.dll
S2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\System32\HPZinw12.dll
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
S2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\System32\HPZipm12.dll
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll"=%SystemRoot%\system32\FrameServer.dll
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-03-31 1512640]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\hvhostsvc.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\irmon.dll
S3 MessagingService_1411dad;Služba zasílání zpráv_1411dad; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-08-25 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\RMapi.dll
S4 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-07-16 52920]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=%systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------

Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13400
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: PC mi odesílá spamové maily z obou adres

#4 Příspěvek od Roli »

CamillaNails píše:jaj, jsem sem hodila info.. omlovám se...
Klídek princezno :)


Mbam který tam máš našel něco ?


Stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.


Spusť skener Cure It podle TOHOTO návodu

po skončení skenu mi sem nakopíruj výsledky - stačí konec logu se souhrnem.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:

Uživatelský avatar
CamillaNails
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 13 led 2017 20:41

Re: PC mi odesílá spamové maily z obou adres

#5 Příspěvek od CamillaNails »

:oops: princezno mi už dlouho nikdo neřekl :-D naposledy tak před 30 lety :-D jinak můj Mbam nic nenašel
tady report..

# AdwCleaner v6.042 - Log vytvořen 13/01/2017 v 21:36:29
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-11.1 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Kamila - CAMILLANAILS
# Spuštěno z : C:\Users\Kamila\Downloads\adwcleaner_6.042.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Users\Kamila\AppData\Roaming\RHEng


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akcniceny.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\forum.slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ostatni-stavebnice.heureka.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pestryjidelnicek.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\srovnanicen.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\stavebnice-megabloks.heureka.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\stavebnice4u.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.akcniceny.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akcniceny.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\forum.slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ostatni-stavebnice.heureka.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pestryjidelnicek.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srovnanicen.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\stavebnice-megabloks.heureka.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\stavebnice4u.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\forum.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ostatni-stavebnice.heureka.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pestryjidelnicek.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\srovnanicen.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\stavebnice-megabloks.heureka.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\stavebnice4u.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\forum.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ostatni-stavebnice.heureka.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pestryjidelnicek.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srovnanicen.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\stavebnice-megabloks.heureka.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\stavebnice4u.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.akcniceny.cz


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9905 Bajty] - [13/01/2017 21:36:29]
C:\AdwCleaner\AdwCleaner[R0].txt - [8335 Bajty] - [07/08/2015 14:07:48]
C:\AdwCleaner\AdwCleaner[R1].txt - [8393 Bajty] - [07/08/2015 14:10:03]
C:\AdwCleaner\AdwCleaner[R2].txt - [969 Bajty] - [07/08/2015 14:17:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [6259 Bajty] - [07/08/2015 14:11:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [10211 Bajty] - [13/01/2017 21:35:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10343 Bajty] ##########
Naposledy upravil(a) CamillaNails dne 13 led 2017 21:57, celkem upraveno 1 x.

Uživatelský avatar
CamillaNails
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 13 led 2017 20:41

Re: PC mi odesílá spamové maily z obou adres

#6 Příspěvek od CamillaNails »

Spusť skener Cure It podle TOHOTO návodu

po skončení skenu mi sem nakopíruj výsledky - stačí konec logu se souhrnem.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)
nemám oprávnění

Uživatelský avatar
CamillaNails
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 13 led 2017 20:41

Re: PC mi odesílá spamové maily z obou adres

#7 Příspěvek od CamillaNails »

tak jsem si poradila

Start curing
-----------------------------------------------------------------------------

C:\WINDOWS\TEMP\avast_ash2\GOM Media Player\GOMPLAYERGLOBALSETUP-2.3.9.5265.EXE - quarantined

Total 8362350802 bytes in 32261 files scanned (38199 objects)
Total 32233 files (38163 objects) are clean
Total 1 file are infected
Total 1 file are neutralized
Total 34 files are raised error condition
Scan time is 00:07:37.085

Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13400
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: PC mi odesílá spamové maily z obou adres

#8 Příspěvek od Roli »

CamillaNails píše:tak jsem si poradila
Šikulka :)

No a jak se PC po úklidu chová, repektive co ten email ?
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:

Uživatelský avatar
CamillaNails
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 13 led 2017 20:41

Re: PC mi odesílá spamové maily z obou adres

#9 Příspěvek od CamillaNails »

zatím je v pohodě.. díky

Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13400
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: PC mi odesílá spamové maily z obou adres

#10 Příspěvek od Roli »

CamillaNails píše:zatím je v pohodě.. díky
Tak jej ještě nějaký den pozoruj a pak dej vědět než to tu zamknu.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:

Uživatelský avatar
CamillaNails
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 13 led 2017 20:41

Re: PC mi odesílá spamové maily z obou adres

#11 Příspěvek od CamillaNails »

:thumbsup:

Uživatelský avatar
CamillaNails
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 13 led 2017 20:41

Re: PC mi odesílá spamové maily z obou adres

#12 Příspěvek od CamillaNails »

asi OUKEJ, díky moc
:closed:

Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13400
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: PC mi odesílá spamové maily z obou adres

#13 Příspěvek od Roli »

CamillaNails píše:asi OUKEJ, díky moc
:closed:
Není zač princezno a :closed:
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:

Zamčeno