Zde Log...díky
Logfile of random's system information tool 1.15 (written by random/random)
Run by Mara at 2017-02-21 18:52:41
Microsoft Windows 7 Professional
System drive C: has 10 GB (25%) free of 40 GB
Total RAM: 3070 MB (62% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:52:51, on 21.2.2017
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\Mara\samsung\NPSAgent.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Mara\Downloads\RSIT.exe
C:\Program Files\trend micro\Mara_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp- ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp- ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://no-blocked.org/wpad.dat?b8375e48 ... 9524530446
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Users\Mara\samsung\NPSAgent.exe
O4 - HKCU\..\Run: [JetVoice] "C:\Users\Mara\Downloads\JETVOICE.EXE" AUTORUN
O4 - HKCU\..\Run: [mailruhomesearch] "C:\Users\Mara\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-385729116-3703201098-1527315605-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-385729116-3703201098-1527315605-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Dropbox, Inc. - C:\Windows\system32\DbxSvc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: VNC Server (vncserver) - RealVNC Ltd - C:\Program Files\RealVNC\VNC Server\vncserver.exe
--
End of file - 5123 bytes
======Scheduled tasks folder======
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\system32\tasks\DropboxUpdateTaskMachineCore - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\system32\tasks\DropboxUpdateTaskMachineUA - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\httpnewsfor24smocomhotsmartsm - "C:\Program Files\Mozilla Firefox\firefox.exe" http://newsfor24smo.com/hotsmartsm
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1484719905 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\{0232FCC1-64F1-46AB-BDA4-3A5D889534D3} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{09DB7FAD-3292-456E-97D5-0F90571BF38C} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{2C8F72EB-CAD7-4035-9AEC-7A9DF47722A7} - C:\Users\Mara\Downloads\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{3FC65EF9-9158-4A54-91BF-7C9DE9B8618F} - C:\Windows\system32\pcalua.exe -a C:\Users\Mara\Downloads\OneClickRoot.exe -d C:\Users\Mara\Downloads
C:\Windows\system32\tasks\{468656AF-1AB3-4A7F-AAF1-E957532D2087} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{998BDDB4-CA03-46F3-8A9B-7B2471F72343} - C:\Users\Mara\Downloads\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{9A8AD84C-F9BF-4ED4-8385-38935EC601D7} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{AF7226B9-BD67-4B64-BD9C-F8C76C6385DD} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{BB9D3ED9-7B80-4B5E-8736-BB7F43F74B5E} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\MP3 Normalizer\Mp3Norm.exe"
C:\Windows\system32\tasks\{CD19FF79-4F0A-4815-AB49-CD8C3FA930E4} - C:\Install\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{DF22DB1B-A41E-4CE6-A724-22063D874B6D} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-385729116-3703201098-1527315605-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\EOSNotify - %windir%\system32\EOSNotify.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Mozilla firefox=========
ProfilePath - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default
prefs.js - "browser.startup.homepage" - "https://www.google.com/?bcutc=sp-006"
prefs.js - "keyword.URL" - "https://www.google.com/search?bcutc=sp-006"
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\searchplugins\
google-avast.xml
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\addons.json
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\extensions.json
Avast SafePrice - extension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF
Avast Online Security - extension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Diagnostics - extension - diagnostics@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\diagnostics@mozilla.org.xpi
Send HSTS Priming Requests - extension - hsts-priming@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\hsts-priming@mozilla.org.xpi
SHA-1 deprecation staged rollout - extension - disableSHA1rollout@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\disableSHA1rollout@mozilla.org.xpi
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\pluginreg.dat
Plugin - Google Update - 1.3.32.7 - C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - Shockwave Flash - 24.0.0.194 - C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll
=========Google Chrome=========
C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension anocpddjbajddlcoalliccfpfdolabbg 1 Screen Addict 29.7
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension ccfifbojenkenpkmnbnndeadpfdiffof 1 Домашняя страница Mail.Ru 11.0.26
Extension dhdgffkkebhmkfjojejmpbldmpobfkfo 1 Tampermonkey 4.1.10
Extension eeacflekfjhnnbfbiagihgmfalpaojmd 1 MySearch DS-2 28.4
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension eofcbnmajmjmplflapaojjnihcjkigck 0 Avast SafePrice 12.0.155
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.163
Extension hfpaelefmfpfdmjiecdccpmekghdjcap 1 About You 13.6456.188
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lmjegmlicamnimmfhcmpkclmigmmcbeh 2 Application Launcher for Drive (by Google) 3.2
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension oelpkepjlgmehajehfeicfbjdiobdkfj 1 Визуальные Закладки Mail.Ru 7.1.30
Extension ojlcebdkbpjdpiligkdbbkdkfjmchbfd 1 Поиск Mail.Ru 12.0.11
Extension pbajmnmdihmaioejnefkmhnnaojlhmno 1 GoGameGo 28.8
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: http://mail.ru/cnt/10445?gp=811040
default_search_provider.search_url:
C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}]
"URL"=https://www.google.com/search?bcutc=sp- ... earchTerms}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-18 664848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2017-01-18 9080768]
"Dropbox"=C:\Program Files\Dropbox\Client\Dropbox.exe [2017-02-07 26220296]
"NPSStartup"= []
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2016-11-11 5565960]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2016-11-30 23818360]
"AutoStartNPSAgent"=C:\Users\Mara\samsung\NPSAgent.exe [2010-07-04 95576]
"JetVoice"=C:\Users\Mara\Downloads\JETVOICE.EXE [2017-01-28 210944]
"mailruhomesearch"=C:\Users\Mara\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe --pr_deferred []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify-Installer]
C:\Users\Mara\AppData\Local\Temp\Connectify\runInstaller.bat [2017-01-19 191]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.VP80"=vp8vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-02-21 18:52:41 ----D---- C:\rsit
2017-02-21 18:52:41 ----D---- C:\Program Files\trend micro
2017-02-19 02:28:15 ----D---- C:\Program Files\Lelohase
2017-02-19 02:27:41 ----D---- C:\KMPlayer
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\lcpmncbtnuif.exe
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\dcgmncbtnuif.exe
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\acumncbtnuif.exe
2017-02-15 04:13:47 ----D---- C:\Windows\system32\bitstreams
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\zlib1.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\ssleay32.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\pthreadVC2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\pthreadGC2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libssh2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\librtmp.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libidn-11.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libeay32.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libcurl-4.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\cudart32_50_35.dll
2017-02-15 04:13:42 ----D---- C:\Program Files\UnlockRoot Pro 4.1.2
2017-02-15 02:57:52 ----D---- C:\ProgramData\SP_FT_Logs
2017-02-09 09:30:17 ----D---- C:\Windows\system32\EventProviders
2017-02-09 09:25:51 ----SHD---- C:\Config.Msi
2017-02-09 09:24:07 ----D---- C:\Program Files\MSXML 4.0
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2017-02-04 03:56:23 ----A---- C:\Windows\system32\WinUSBCoInstaller2.dll
2017-02-04 03:56:23 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2017-01-30 15:02:36 ----A---- C:\Windows\system32\DbxSvc.exe
2017-01-28 04:46:04 ----D---- C:\ProgramData\Mail.Ru
2017-01-28 03:02:53 ----A---- C:\Windows\system32\WinUSBCoInstaller.dll
2017-01-28 03:02:53 ----A---- C:\Windows\system32\WdfCoInstaller01007.dll
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudserd.sys
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudmdm.sys
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudbus.sys
2017-01-28 02:27:55 ----D---- C:\Program Files\Mozilla Firefox
2017-01-27 01:50:35 ----A---- C:\Windows\system32\n.exe
2017-01-27 01:48:32 ----D---- C:\Users\Mara\AppData\Roaming\WinRAR
2017-01-27 01:46:57 ----D---- C:\Program Files\NirSoft
======List of files/folders modified in the last 1 month======
2017-02-21 18:52:51 ----D---- C:\Windows\Prefetch
2017-02-21 18:52:41 ----RD---- C:\Program Files
2017-02-21 18:50:08 ----D---- C:\Windows\Temp
2017-02-21 18:49:27 ----D---- C:\Windows\system32\drivers
2017-02-21 18:41:45 ----D---- C:\Windows\system32\config
2017-02-20 17:35:55 ----SHD---- C:\System Volume Information
2017-02-19 14:01:21 ----HD---- C:\ProgramData
2017-02-19 02:14:07 ----SD---- C:\Users\Mara\AppData\Roaming\Microsoft
2017-02-15 11:21:04 ----D---- C:\Windows\System32
2017-02-15 11:21:04 ----D---- C:\Windows\inf
2017-02-15 03:54:40 ----D---- C:\Windows\system32\Tasks
2017-02-15 03:39:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-15 02:55:52 ----D---- C:\Install
2017-02-15 01:58:19 ----D---- C:\Windows\system32\catroot
2017-02-15 01:58:16 ----D---- C:\Windows\system32\DriverStore
2017-02-15 01:58:13 ----D---- C:\Windows\system32\catroot2
2017-02-15 01:29:43 ----D---- C:\Windows\system32\NDF
2017-02-12 05:38:42 ----D---- C:\Filmy
2017-02-10 16:33:57 ----RSD---- C:\Windows\assembly
2017-02-10 16:33:57 ----D---- C:\Windows\Microsoft.NET
2017-02-09 09:34:58 ----D---- C:\Windows\system32\wdi
2017-02-09 09:33:55 ----SHD---- C:\Windows\Installer
2017-02-09 09:24:19 ----D---- C:\Windows\winsxs
2017-02-09 09:24:18 ----D---- C:\Windows
2017-02-09 08:19:27 ----D---- C:\Program Files\Dropbox
2017-01-28 02:30:23 ----D---- C:\Program Files\Mozilla Maintenance Service
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is not digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2017-01-18 60424]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2017-01-18 224752]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 pwdrvio;pwdrvio; C:\Windows\system32\pwdrvio.sys [2015-03-05 17160]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-01-18 35096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-01-18 91232]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-01-18 735488]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-01-18 433768]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-01-18 92256]
R3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys [2014-05-23 1570304]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2016-11-11 27040]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2016-06-06 4608]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-01-18 118664]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2017-01-18 34008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2011-07-20 77624]
S3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2015-03-05 13064]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ssaemdfl;SAMSUNG Android Modem (Filter); C:\Windows\system32\DRIVERS\ssaemdfl.sys []
S3 ssaemdm;SAMSUNG Android Modem Drivers; C:\Windows\system32\DRIVERS\ssaemdm.sys []
S3 sssdmdfl;SAMSUNG Modem Filter; C:\Windows\system32\DRIVERS\sssdmdfl.sys []
S3 sssdmdm;SAMSUNG Modem Driver; C:\Windows\system32\DRIVERS\sssdmdm.sys []
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2011-07-20 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2011-07-20 181432]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-01-18 197128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2017-02-07 40256]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-07-04 238952]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2016-11-11 1962504]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [2016-11-11 405424]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 633672]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2015-02-18 1258312]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-01-20 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-18 153752]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-01-20 143144]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-18 153752]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-28 172488]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\system32\storsvc.dll
S3 vncserver;VNC Server; C:\Program Files\RealVNC\VNC Server\vncserver.exe [2016-06-06 3494992]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Firefox.třeba youtube,za nějakou dobu vždy nové okno-reklama
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Firefox.třeba youtube,za nějakou dobu vždy nové okno-rek
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
hoblik007
- Návštěvník
- Příspěvky: 66
- Registrován: 21 čer 2005 21:03
- Bydliště: Olomouc
- Kontaktovat uživatele:
Re: Firefox.třeba youtube,za nějakou dobu vždy nové okno-rek
Už skenuji,ale našel jsem v msconfig po spuštění soubor z příponou ru a jak jsem projížděl log tak jsem tam našel asi pět řádků včetně zápisů v registru příklad:2017-01-28 04:46:04 ----D---- C:\ProgramData\Mail.Ru
Tady je log z AdwCleaner: (Podle toho skenu je to asi ono...
# AdwCleaner v6.043 - Log vytvořen 21/02/2017 v 19:21:13
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-20.3 [Server]
# Operační systém : Windows 7 Professional (X86)
# Uživatelské jméno : Mara - MARA-PC
# Spuštěno z : C:\Users\Mara\Downloads\adwcleaner_6.043.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Nebyly nalezeny žádné škodlivé služby.
***** [ Složky ] *****
Složka nalezena: C:\Users\Mara\AppData\Local\Mail.Ru
Složka nalezena: C:\ProgramData\Mail.Ru
Složka nalezena: C:\ProgramData\Application Data\Mail.Ru
Složka nalezena: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
Složka nalezena: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
Složka nalezena: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof
Složka nalezena: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbajmnmdihmaioejnefkmhnnaojlhmno
Složka nalezena: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeacflekfjhnnbfbiagihgmfalpaojmd
Složka nalezena: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\anocpddjbajddlcoalliccfpfdolabbg
***** [ Soubory ] *****
Soubor nalezen: C:\Users\Mara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
Soubor nalezen: C:\Users\Mara\Favorites\Mail.Ru.url
Soubor nalezen: C:\Users\Mara\Favorites\Mail.Ru Агент - используй для общения!.url
Soubor nalezen: C:\Users\Mara\Desktop\Искать в Интернете.url
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oelpkepjlgmehajehfeicfbjdiobdkfj_0.localstorage
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oelpkepjlgmehajehfeicfbjdiobdkfj_0.localstorage-journal
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojlcebdkbpjdpiligkdbbkdkfjmchbfd_0.localstorage
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojlcebdkbpjdpiligkdbbkdkfjmchbfd_0.localstorage-journal
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfifbojenkenpkmnbnndeadpfdiffof_0.localstorage
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfifbojenkenpkmnbnndeadpfdiffof_0.localstorage-journal
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbajmnmdihmaioejnefkmhnnaojlhmno_0.localstorage
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbajmnmdihmaioejnefkmhnnaojlhmno_0.localstorage-journal
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeacflekfjhnnbfbiagihgmfalpaojmd_0.localstorage
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeacflekfjhnnbfbiagihgmfalpaojmd_0.localstorage-journal
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_anocpddjbajddlcoalliccfpfdolabbg_0.localstorage
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_anocpddjbajddlcoalliccfpfdolabbg_0.localstorage-journal
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Zástupce infikován: C:\Users\Mara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk ( url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035" )
***** [ Naplánované úlohy ] *****
Žádná nebezpečná úloha nenalezena.
***** [ Registry ] *****
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{98ED0D10-F1FC-4113-A095-9BD7F96040C9}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{B162A975-6C7C-4202-9167-306028913A3D}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{DEF4ED0D-E666-4631-A35A-A634332F0550}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Klíč nalezen: HKU\S-1-5-21-385729116-3703201098-1527315605-1000\Software\Mail.Ru
Klíč nalezen: HKU\S-1-5-21-385729116-3703201098-1527315605-1000\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: HKCU\Software\Mail.Ru
Klíč nalezen: HKCU\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: HKU\S-1-5-21-385729116-3703201098-1527315605-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof
***** [ Internetové prohlížeče ] *****
Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://mail.ru/cnt/10445?gp=811040
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - anocpddjbajddlcoalliccfpfdolabbg
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ccfifbojenkenpkmnbnndeadpfdiffof
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - eeacflekfjhnnbfbiagihgmfalpaojmd
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - oelpkepjlgmehajehfeicfbjdiobdkfj
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ojlcebdkbpjdpiligkdbbkdkfjmchbfd
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pbajmnmdihmaioejnefkmhnnaojlhmno
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://mail.ru/cnt/10445?gp=811040
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [9187 Bajty] - [21/02/2017 19:21:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9260 Bajty] ##########
Tady je log z AdwCleaner: (Podle toho skenu je to asi ono...
# AdwCleaner v6.043 - Log vytvořen 21/02/2017 v 19:21:13
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-20.3 [Server]
# Operační systém : Windows 7 Professional (X86)
# Uživatelské jméno : Mara - MARA-PC
# Spuštěno z : C:\Users\Mara\Downloads\adwcleaner_6.043.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Nebyly nalezeny žádné škodlivé služby.
***** [ Složky ] *****
Složka nalezena: C:\Users\Mara\AppData\Local\Mail.Ru
Složka nalezena: C:\ProgramData\Mail.Ru
Složka nalezena: C:\ProgramData\Application Data\Mail.Ru
Složka nalezena: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
Složka nalezena: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
Složka nalezena: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof
Složka nalezena: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbajmnmdihmaioejnefkmhnnaojlhmno
Složka nalezena: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeacflekfjhnnbfbiagihgmfalpaojmd
Složka nalezena: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\anocpddjbajddlcoalliccfpfdolabbg
***** [ Soubory ] *****
Soubor nalezen: C:\Users\Mara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
Soubor nalezen: C:\Users\Mara\Favorites\Mail.Ru.url
Soubor nalezen: C:\Users\Mara\Favorites\Mail.Ru Агент - используй для общения!.url
Soubor nalezen: C:\Users\Mara\Desktop\Искать в Интернете.url
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oelpkepjlgmehajehfeicfbjdiobdkfj_0.localstorage
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oelpkepjlgmehajehfeicfbjdiobdkfj_0.localstorage-journal
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojlcebdkbpjdpiligkdbbkdkfjmchbfd_0.localstorage
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojlcebdkbpjdpiligkdbbkdkfjmchbfd_0.localstorage-journal
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfifbojenkenpkmnbnndeadpfdiffof_0.localstorage
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfifbojenkenpkmnbnndeadpfdiffof_0.localstorage-journal
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbajmnmdihmaioejnefkmhnnaojlhmno_0.localstorage
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbajmnmdihmaioejnefkmhnnaojlhmno_0.localstorage-journal
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeacflekfjhnnbfbiagihgmfalpaojmd_0.localstorage
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeacflekfjhnnbfbiagihgmfalpaojmd_0.localstorage-journal
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_anocpddjbajddlcoalliccfpfdolabbg_0.localstorage
Soubor nalezen: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_anocpddjbajddlcoalliccfpfdolabbg_0.localstorage-journal
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Zástupce infikován: C:\Users\Mara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk ( url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035" )
***** [ Naplánované úlohy ] *****
Žádná nebezpečná úloha nenalezena.
***** [ Registry ] *****
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{98ED0D10-F1FC-4113-A095-9BD7F96040C9}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{B162A975-6C7C-4202-9167-306028913A3D}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{DEF4ED0D-E666-4631-A35A-A634332F0550}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Klíč nalezen: HKU\S-1-5-21-385729116-3703201098-1527315605-1000\Software\Mail.Ru
Klíč nalezen: HKU\S-1-5-21-385729116-3703201098-1527315605-1000\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: HKCU\Software\Mail.Ru
Klíč nalezen: HKCU\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: HKU\S-1-5-21-385729116-3703201098-1527315605-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof
***** [ Internetové prohlížeče ] *****
Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://mail.ru/cnt/10445?gp=811040
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - anocpddjbajddlcoalliccfpfdolabbg
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ccfifbojenkenpkmnbnndeadpfdiffof
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - eeacflekfjhnnbfbiagihgmfalpaojmd
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - oelpkepjlgmehajehfeicfbjdiobdkfj
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ojlcebdkbpjdpiligkdbbkdkfjmchbfd
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pbajmnmdihmaioejnefkmhnnaojlhmno
Chromium nastavení nalezeno: [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://mail.ru/cnt/10445?gp=811040
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [9187 Bajty] - [21/02/2017 19:21:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9260 Bajty] ##########
-
hoblik007
- Návštěvník
- Příspěvky: 66
- Registrován: 21 čer 2005 21:03
- Bydliště: Olomouc
- Kontaktovat uživatele:
Re: Firefox.třeba youtube,za nějakou dobu vždy nové okno-rek
No a když se nikdo neozýval tak jsem ten soft použil i na čištění. tady je log po té..:
# AdwCleaner v6.043 - Log vytvořen 21/02/2017 v 19:51:18
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-20.3 [Server]
# Operační systém : Windows 7 Professional (X86)
# Uživatelské jméno : Mara - MARA-PC
# Spuštěno z : C:\Users\Mara\Downloads\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Mara\AppData\Local\Mail.Ru
[-] Složka smazána: C:\ProgramData\Mail.Ru
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Mail.Ru
[-] Složka smazána: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
[-] Složka smazána: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] Složka smazána: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof
[-] Složka smazána: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbajmnmdihmaioejnefkmhnnaojlhmno
[-] Složka smazána: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeacflekfjhnnbfbiagihgmfalpaojmd
[-] Složka smazána: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\anocpddjbajddlcoalliccfpfdolabbg
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\Mara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
[-] Soubor smazán: C:\Users\Mara\Favorites\Mail.Ru.url
[-] Soubor smazán: C:\Users\Mara\Favorites\Mail.Ru Агент - используй для общения!.url
[-] Soubor smazán: C:\Users\Mara\Desktop\Искать в Интернете.url
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oelpkepjlgmehajehfeicfbjdiobdkfj_0.localstorage
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oelpkepjlgmehajehfeicfbjdiobdkfj_0.localstorage-journal
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojlcebdkbpjdpiligkdbbkdkfjmchbfd_0.localstorage
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojlcebdkbpjdpiligkdbbkdkfjmchbfd_0.localstorage-journal
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfifbojenkenpkmnbnndeadpfdiffof_0.localstorage
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfifbojenkenpkmnbnndeadpfdiffof_0.localstorage-journal
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbajmnmdihmaioejnefkmhnnaojlhmno_0.localstorage
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbajmnmdihmaioejnefkmhnnaojlhmno_0.localstorage-journal
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeacflekfjhnnbfbiagihgmfalpaojmd_0.localstorage
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeacflekfjhnnbfbiagihgmfalpaojmd_0.localstorage-journal
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_anocpddjbajddlcoalliccfpfdolabbg_0.localstorage
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_anocpddjbajddlcoalliccfpfdolabbg_0.localstorage-journal
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[!] Zástupce nelze smazat: C:\Users\Mara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{98ED0D10-F1FC-4113-A095-9BD7F96040C9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{B162A975-6C7C-4202-9167-306028913A3D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{DEF4ED0D-E666-4631-A35A-A634332F0550}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Klíč smazán: HKU\S-1-5-21-385729116-3703201098-1527315605-1000\Software\Mail.Ru
[-] Klíč smazán: HKU\S-1-5-21-385729116-3703201098-1527315605-1000\Software\AppDataLow\Software\Mail.Ru
[#] Klíč smazán po restartu: HKCU\Software\Mail.Ru
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Klíč smazán: HKU\S-1-5-21-385729116-3703201098-1527315605-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof
***** [ Prohlížeče ] *****
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Smazáno: hxxp://mail.ru/cnt/10445?gp=811040
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: anocpddjbajddlcoalliccfpfdolabbg
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: ccfifbojenkenpkmnbnndeadpfdiffof
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: eeacflekfjhnnbfbiagihgmfalpaojmd
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: oelpkepjlgmehajehfeicfbjdiobdkfj
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: pbajmnmdihmaioejnefkmhnnaojlhmno
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [homepage] Smazáno: hxxp://mail.ru/cnt/10445?gp=811040
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [9082 Bajty] - [21/02/2017 19:51:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [9339 Bajty] - [21/02/2017 19:21:13]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9228 Bajty] ##########
# AdwCleaner v6.043 - Log vytvořen 21/02/2017 v 19:51:18
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-20.3 [Server]
# Operační systém : Windows 7 Professional (X86)
# Uživatelské jméno : Mara - MARA-PC
# Spuštěno z : C:\Users\Mara\Downloads\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Mara\AppData\Local\Mail.Ru
[-] Složka smazána: C:\ProgramData\Mail.Ru
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Mail.Ru
[-] Složka smazána: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
[-] Složka smazána: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] Složka smazána: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof
[-] Složka smazána: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbajmnmdihmaioejnefkmhnnaojlhmno
[-] Složka smazána: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeacflekfjhnnbfbiagihgmfalpaojmd
[-] Složka smazána: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\anocpddjbajddlcoalliccfpfdolabbg
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\Mara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
[-] Soubor smazán: C:\Users\Mara\Favorites\Mail.Ru.url
[-] Soubor smazán: C:\Users\Mara\Favorites\Mail.Ru Агент - используй для общения!.url
[-] Soubor smazán: C:\Users\Mara\Desktop\Искать в Интернете.url
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oelpkepjlgmehajehfeicfbjdiobdkfj_0.localstorage
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oelpkepjlgmehajehfeicfbjdiobdkfj_0.localstorage-journal
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojlcebdkbpjdpiligkdbbkdkfjmchbfd_0.localstorage
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojlcebdkbpjdpiligkdbbkdkfjmchbfd_0.localstorage-journal
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfifbojenkenpkmnbnndeadpfdiffof_0.localstorage
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfifbojenkenpkmnbnndeadpfdiffof_0.localstorage-journal
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbajmnmdihmaioejnefkmhnnaojlhmno_0.localstorage
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbajmnmdihmaioejnefkmhnnaojlhmno_0.localstorage-journal
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeacflekfjhnnbfbiagihgmfalpaojmd_0.localstorage
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeacflekfjhnnbfbiagihgmfalpaojmd_0.localstorage-journal
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_anocpddjbajddlcoalliccfpfdolabbg_0.localstorage
[-] Soubor smazán: C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_anocpddjbajddlcoalliccfpfdolabbg_0.localstorage-journal
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[!] Zástupce nelze smazat: C:\Users\Mara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{98ED0D10-F1FC-4113-A095-9BD7F96040C9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{B162A975-6C7C-4202-9167-306028913A3D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{DEF4ED0D-E666-4631-A35A-A634332F0550}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Klíč smazán: HKU\S-1-5-21-385729116-3703201098-1527315605-1000\Software\Mail.Ru
[-] Klíč smazán: HKU\S-1-5-21-385729116-3703201098-1527315605-1000\Software\AppDataLow\Software\Mail.Ru
[#] Klíč smazán po restartu: HKCU\Software\Mail.Ru
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Klíč smazán: HKU\S-1-5-21-385729116-3703201098-1527315605-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof
***** [ Prohlížeče ] *****
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Smazáno: hxxp://mail.ru/cnt/10445?gp=811040
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: anocpddjbajddlcoalliccfpfdolabbg
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: ccfifbojenkenpkmnbnndeadpfdiffof
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: eeacflekfjhnnbfbiagihgmfalpaojmd
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: oelpkepjlgmehajehfeicfbjdiobdkfj
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: pbajmnmdihmaioejnefkmhnnaojlhmno
[-] [C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default] [homepage] Smazáno: hxxp://mail.ru/cnt/10445?gp=811040
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [9082 Bajty] - [21/02/2017 19:51:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [9339 Bajty] - [21/02/2017 19:21:13]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9228 Bajty] ##########
-
hoblik007
- Návštěvník
- Příspěvky: 66
- Registrován: 21 čer 2005 21:03
- Bydliště: Olomouc
- Kontaktovat uživatele:
Re: Firefox.třeba youtube,za nějakou dobu vždy nové okno-rek
Bude to v poho?
-
hoblik007
- Návštěvník
- Příspěvky: 66
- Registrován: 21 čer 2005 21:03
- Bydliště: Olomouc
- Kontaktovat uživatele:
Re: Firefox.třeba youtube,za nějakou dobu vždy nové okno-rek
Mám sem hodit i log z rsit? Prosím....
-
hoblik007
- Návštěvník
- Příspěvky: 66
- Registrován: 21 čer 2005 21:03
- Bydliště: Olomouc
- Kontaktovat uživatele:
Re: Firefox.třeba youtube,za nějakou dobu vždy nové okno-rek
Jedinné co tam zůstalo je:...
::
C:\Users\Mara\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe --pr_deferred []
Jinak nic. Ale fakt nevim jak dostat i tohle z pc. Každopádně díky moc. Mě by to taky bavylo pomáhat s tímhle...jenže těch zkušeností poslední dobou ubývali...
Jo..ten log:
Logfile of random's system information tool 1.15 (written by random/random)
Run by Mara at 2017-02-21 20:26:51
Microsoft Windows 7 Professional
System drive C: has 10 GB (26%) free of 40 GB
Total RAM: 3070 MB (57% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:26:59, on 21.2.2017
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\Mara\samsung\NPSAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
C:\Users\Mara\Downloads\RSIT.exe
C:\Program Files\trend micro\Mara_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp- ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp- ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://no-blocked.org/wpad.dat?b8375e48 ... 9524530446
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-385729116-3703201098-1527315605-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-385729116-3703201098-1527315605-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Dropbox, Inc. - C:\Windows\system32\DbxSvc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: VNC Server (vncserver) - RealVNC Ltd - C:\Program Files\RealVNC\VNC Server\vncserver.exe
--
End of file - 4712 bytes
======Scheduled tasks folder======
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\system32\tasks\DropboxUpdateTaskMachineCore - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\system32\tasks\DropboxUpdateTaskMachineUA - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\httpnewsfor24smocomhotsmartsm - "C:\Program Files\Mozilla Firefox\firefox.exe" http://newsfor24smo.com/hotsmartsm
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1484719905 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\{0232FCC1-64F1-46AB-BDA4-3A5D889534D3} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{09DB7FAD-3292-456E-97D5-0F90571BF38C} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{2C8F72EB-CAD7-4035-9AEC-7A9DF47722A7} - C:\Users\Mara\Downloads\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{3FC65EF9-9158-4A54-91BF-7C9DE9B8618F} - C:\Windows\system32\pcalua.exe -a C:\Users\Mara\Downloads\OneClickRoot.exe -d C:\Users\Mara\Downloads
C:\Windows\system32\tasks\{468656AF-1AB3-4A7F-AAF1-E957532D2087} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{998BDDB4-CA03-46F3-8A9B-7B2471F72343} - C:\Users\Mara\Downloads\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{9A8AD84C-F9BF-4ED4-8385-38935EC601D7} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{AF7226B9-BD67-4B64-BD9C-F8C76C6385DD} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{BB9D3ED9-7B80-4B5E-8736-BB7F43F74B5E} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\MP3 Normalizer\Mp3Norm.exe"
C:\Windows\system32\tasks\{CD19FF79-4F0A-4815-AB49-CD8C3FA930E4} - C:\Install\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{DF22DB1B-A41E-4CE6-A724-22063D874B6D} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-385729116-3703201098-1527315605-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\EOSNotify - %windir%\system32\EOSNotify.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Mozilla firefox=========
ProfilePath - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default
prefs.js - "browser.startup.homepage" - "https://www.google.com/?bcutc=sp-006"
prefs.js - "keyword.URL" - "https://www.google.com/search?bcutc=sp-006"
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\searchplugins\
google-avast.xml
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\addons.json
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\extensions.json
Avast SafePrice - extension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF
Avast Online Security - extension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Diagnostics - extension - diagnostics@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\diagnostics@mozilla.org.xpi
Send HSTS Priming Requests - extension - hsts-priming@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\hsts-priming@mozilla.org.xpi
SHA-1 deprecation staged rollout - extension - disableSHA1rollout@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\disableSHA1rollout@mozilla.org.xpi
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\pluginreg.dat
Plugin - Google Update - 1.3.32.7 - C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - Shockwave Flash - 24.0.0.194 - C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll
=========Google Chrome=========
C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension dhdgffkkebhmkfjojejmpbldmpobfkfo 1 Tampermonkey 4.1.10
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension eofcbnmajmjmplflapaojjnihcjkigck 0 Avast SafePrice 12.0.155
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.163
Extension hfpaelefmfpfdmjiecdccpmekghdjcap 1 About You 13.6456.188
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lmjegmlicamnimmfhcmpkclmigmmcbeh 2 Application Launcher for Drive (by Google) 3.2
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: https://www.google.com/
default_search_provider.search_url:
C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}]
"URL"=https://www.google.com/search?bcutc=sp- ... earchTerms}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-18 664848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2017-01-18 9080768]
"NPSStartup"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2016-11-30 23818360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Users\Mara\samsung\NPSAgent.exe [2010-07-04 95576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify-Installer]
C:\Users\Mara\AppData\Local\Temp\Connectify\runInstaller.bat [2017-01-19 191]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
C:\Program Files\Dropbox\Client\Dropbox.exe [2017-02-07 26220296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JetVoice]
C:\Users\Mara\Downloads\JETVOICE.EXE [2017-01-28 210944]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2016-11-11 5565960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mailruhomesearch]
C:\Users\Mara\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe --pr_deferred []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.VP80"=vp8vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-02-21 19:19:08 ----D---- C:\AdwCleaner
2017-02-21 18:52:41 ----D---- C:\rsit
2017-02-21 18:52:41 ----D---- C:\Program Files\trend micro
2017-02-19 02:28:15 ----D---- C:\Program Files\Lelohase
2017-02-19 02:27:41 ----D---- C:\KMPlayer
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\lcpmncbtnuif.exe
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\dcgmncbtnuif.exe
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\acumncbtnuif.exe
2017-02-15 04:13:47 ----D---- C:\Windows\system32\bitstreams
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\zlib1.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\ssleay32.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\pthreadVC2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\pthreadGC2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libssh2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\librtmp.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libidn-11.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libeay32.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libcurl-4.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\cudart32_50_35.dll
2017-02-15 04:13:42 ----D---- C:\Program Files\UnlockRoot Pro 4.1.2
2017-02-15 02:57:52 ----D---- C:\ProgramData\SP_FT_Logs
2017-02-09 09:30:17 ----D---- C:\Windows\system32\EventProviders
2017-02-09 09:25:51 ----SHD---- C:\Config.Msi
2017-02-09 09:24:07 ----D---- C:\Program Files\MSXML 4.0
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2017-02-04 03:56:23 ----A---- C:\Windows\system32\WinUSBCoInstaller2.dll
2017-02-04 03:56:23 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2017-01-30 15:02:36 ----A---- C:\Windows\system32\DbxSvc.exe
2017-01-28 03:02:53 ----A---- C:\Windows\system32\WinUSBCoInstaller.dll
2017-01-28 03:02:53 ----A---- C:\Windows\system32\WdfCoInstaller01007.dll
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudserd.sys
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudmdm.sys
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudbus.sys
2017-01-28 02:27:55 ----D---- C:\Program Files\Mozilla Firefox
2017-01-27 01:50:35 ----A---- C:\Windows\system32\n.exe
2017-01-27 01:48:32 ----D---- C:\Users\Mara\AppData\Roaming\WinRAR
2017-01-27 01:46:57 ----D---- C:\Program Files\NirSoft
======List of files/folders modified in the last 1 month======
2017-02-21 20:04:18 ----D---- C:\Windows\Temp
2017-02-21 19:56:21 ----D---- C:\Windows\system32\config
2017-02-21 19:50:35 ----HD---- C:\ProgramData
2017-02-21 18:52:51 ----D---- C:\Windows\Prefetch
2017-02-21 18:52:41 ----RD---- C:\Program Files
2017-02-21 18:49:27 ----D---- C:\Windows\system32\drivers
2017-02-20 17:35:55 ----SHD---- C:\System Volume Information
2017-02-19 02:14:07 ----SD---- C:\Users\Mara\AppData\Roaming\Microsoft
2017-02-15 11:21:04 ----D---- C:\Windows\System32
2017-02-15 11:21:04 ----D---- C:\Windows\inf
2017-02-15 03:54:40 ----D---- C:\Windows\system32\Tasks
2017-02-15 03:39:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-15 02:55:52 ----D---- C:\Install
2017-02-15 01:58:19 ----D---- C:\Windows\system32\catroot
2017-02-15 01:58:16 ----D---- C:\Windows\system32\DriverStore
2017-02-15 01:58:13 ----D---- C:\Windows\system32\catroot2
2017-02-15 01:29:43 ----D---- C:\Windows\system32\NDF
2017-02-12 05:38:42 ----D---- C:\Filmy
2017-02-10 16:33:57 ----RSD---- C:\Windows\assembly
2017-02-10 16:33:57 ----D---- C:\Windows\Microsoft.NET
2017-02-09 09:34:58 ----D---- C:\Windows\system32\wdi
2017-02-09 09:33:55 ----SHD---- C:\Windows\Installer
2017-02-09 09:24:19 ----D---- C:\Windows\winsxs
2017-02-09 09:24:18 ----D---- C:\Windows
2017-02-09 08:19:27 ----D---- C:\Program Files\Dropbox
2017-01-28 02:30:23 ----D---- C:\Program Files\Mozilla Maintenance Service
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is not digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2017-01-18 60424]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2017-01-18 224752]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 pwdrvio;pwdrvio; C:\Windows\system32\pwdrvio.sys [2015-03-05 17160]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-01-18 35096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-01-18 91232]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-01-18 735488]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-01-18 433768]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-01-18 92256]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-01-18 118664]
R3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys [2014-05-23 1570304]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2016-11-11 27040]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2016-06-06 4608]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2017-01-18 34008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2011-07-20 77624]
S3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2015-03-05 13064]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ssaemdfl;SAMSUNG Android Modem (Filter); C:\Windows\system32\DRIVERS\ssaemdfl.sys []
S3 ssaemdm;SAMSUNG Android Modem Drivers; C:\Windows\system32\DRIVERS\ssaemdm.sys []
S3 sssdmdfl;SAMSUNG Modem Filter; C:\Windows\system32\DRIVERS\sssdmdfl.sys []
S3 sssdmdm;SAMSUNG Modem Driver; C:\Windows\system32\DRIVERS\sssdmdm.sys []
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2011-07-20 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2011-07-20 181432]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-01-18 197128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2017-02-07 40256]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-07-04 238952]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2016-11-11 1962504]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [2016-11-11 405424]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 633672]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2015-02-18 1258312]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-01-20 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-18 153752]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-01-20 143144]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-18 153752]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-28 172488]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\system32\storsvc.dll
S3 vncserver;VNC Server; C:\Program Files\RealVNC\VNC Server\vncserver.exe [2016-06-06 3494992]
-----------------EOF-----------------
::
C:\Users\Mara\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe --pr_deferred []
Jinak nic. Ale fakt nevim jak dostat i tohle z pc. Každopádně díky moc. Mě by to taky bavylo pomáhat s tímhle...jenže těch zkušeností poslední dobou ubývali...
Jo..ten log:
Logfile of random's system information tool 1.15 (written by random/random)
Run by Mara at 2017-02-21 20:26:51
Microsoft Windows 7 Professional
System drive C: has 10 GB (26%) free of 40 GB
Total RAM: 3070 MB (57% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:26:59, on 21.2.2017
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\Mara\samsung\NPSAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
C:\Users\Mara\Downloads\RSIT.exe
C:\Program Files\trend micro\Mara_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp- ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp- ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://no-blocked.org/wpad.dat?b8375e48 ... 9524530446
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-385729116-3703201098-1527315605-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-385729116-3703201098-1527315605-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Dropbox, Inc. - C:\Windows\system32\DbxSvc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: VNC Server (vncserver) - RealVNC Ltd - C:\Program Files\RealVNC\VNC Server\vncserver.exe
--
End of file - 4712 bytes
======Scheduled tasks folder======
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\system32\tasks\DropboxUpdateTaskMachineCore - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\system32\tasks\DropboxUpdateTaskMachineUA - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\httpnewsfor24smocomhotsmartsm - "C:\Program Files\Mozilla Firefox\firefox.exe" http://newsfor24smo.com/hotsmartsm
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1484719905 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\{0232FCC1-64F1-46AB-BDA4-3A5D889534D3} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{09DB7FAD-3292-456E-97D5-0F90571BF38C} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{2C8F72EB-CAD7-4035-9AEC-7A9DF47722A7} - C:\Users\Mara\Downloads\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{3FC65EF9-9158-4A54-91BF-7C9DE9B8618F} - C:\Windows\system32\pcalua.exe -a C:\Users\Mara\Downloads\OneClickRoot.exe -d C:\Users\Mara\Downloads
C:\Windows\system32\tasks\{468656AF-1AB3-4A7F-AAF1-E957532D2087} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{998BDDB4-CA03-46F3-8A9B-7B2471F72343} - C:\Users\Mara\Downloads\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{9A8AD84C-F9BF-4ED4-8385-38935EC601D7} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{AF7226B9-BD67-4B64-BD9C-F8C76C6385DD} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{BB9D3ED9-7B80-4B5E-8736-BB7F43F74B5E} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\MP3 Normalizer\Mp3Norm.exe"
C:\Windows\system32\tasks\{CD19FF79-4F0A-4815-AB49-CD8C3FA930E4} - C:\Install\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{DF22DB1B-A41E-4CE6-A724-22063D874B6D} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-385729116-3703201098-1527315605-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\EOSNotify - %windir%\system32\EOSNotify.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Mozilla firefox=========
ProfilePath - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default
prefs.js - "browser.startup.homepage" - "https://www.google.com/?bcutc=sp-006"
prefs.js - "keyword.URL" - "https://www.google.com/search?bcutc=sp-006"
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\searchplugins\
google-avast.xml
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\addons.json
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\extensions.json
Avast SafePrice - extension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF
Avast Online Security - extension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Diagnostics - extension - diagnostics@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\diagnostics@mozilla.org.xpi
Send HSTS Priming Requests - extension - hsts-priming@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\hsts-priming@mozilla.org.xpi
SHA-1 deprecation staged rollout - extension - disableSHA1rollout@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\disableSHA1rollout@mozilla.org.xpi
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\pluginreg.dat
Plugin - Google Update - 1.3.32.7 - C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - Shockwave Flash - 24.0.0.194 - C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll
=========Google Chrome=========
C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension dhdgffkkebhmkfjojejmpbldmpobfkfo 1 Tampermonkey 4.1.10
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension eofcbnmajmjmplflapaojjnihcjkigck 0 Avast SafePrice 12.0.155
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.163
Extension hfpaelefmfpfdmjiecdccpmekghdjcap 1 About You 13.6456.188
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lmjegmlicamnimmfhcmpkclmigmmcbeh 2 Application Launcher for Drive (by Google) 3.2
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: https://www.google.com/
default_search_provider.search_url:
C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}]
"URL"=https://www.google.com/search?bcutc=sp- ... earchTerms}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-18 664848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2017-01-18 9080768]
"NPSStartup"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2016-11-30 23818360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Users\Mara\samsung\NPSAgent.exe [2010-07-04 95576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify-Installer]
C:\Users\Mara\AppData\Local\Temp\Connectify\runInstaller.bat [2017-01-19 191]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
C:\Program Files\Dropbox\Client\Dropbox.exe [2017-02-07 26220296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JetVoice]
C:\Users\Mara\Downloads\JETVOICE.EXE [2017-01-28 210944]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2016-11-11 5565960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mailruhomesearch]
C:\Users\Mara\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe --pr_deferred []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.VP80"=vp8vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-02-21 19:19:08 ----D---- C:\AdwCleaner
2017-02-21 18:52:41 ----D---- C:\rsit
2017-02-21 18:52:41 ----D---- C:\Program Files\trend micro
2017-02-19 02:28:15 ----D---- C:\Program Files\Lelohase
2017-02-19 02:27:41 ----D---- C:\KMPlayer
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\lcpmncbtnuif.exe
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\dcgmncbtnuif.exe
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\acumncbtnuif.exe
2017-02-15 04:13:47 ----D---- C:\Windows\system32\bitstreams
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\zlib1.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\ssleay32.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\pthreadVC2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\pthreadGC2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libssh2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\librtmp.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libidn-11.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libeay32.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libcurl-4.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\cudart32_50_35.dll
2017-02-15 04:13:42 ----D---- C:\Program Files\UnlockRoot Pro 4.1.2
2017-02-15 02:57:52 ----D---- C:\ProgramData\SP_FT_Logs
2017-02-09 09:30:17 ----D---- C:\Windows\system32\EventProviders
2017-02-09 09:25:51 ----SHD---- C:\Config.Msi
2017-02-09 09:24:07 ----D---- C:\Program Files\MSXML 4.0
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2017-02-04 03:56:23 ----A---- C:\Windows\system32\WinUSBCoInstaller2.dll
2017-02-04 03:56:23 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2017-01-30 15:02:36 ----A---- C:\Windows\system32\DbxSvc.exe
2017-01-28 03:02:53 ----A---- C:\Windows\system32\WinUSBCoInstaller.dll
2017-01-28 03:02:53 ----A---- C:\Windows\system32\WdfCoInstaller01007.dll
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudserd.sys
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudmdm.sys
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudbus.sys
2017-01-28 02:27:55 ----D---- C:\Program Files\Mozilla Firefox
2017-01-27 01:50:35 ----A---- C:\Windows\system32\n.exe
2017-01-27 01:48:32 ----D---- C:\Users\Mara\AppData\Roaming\WinRAR
2017-01-27 01:46:57 ----D---- C:\Program Files\NirSoft
======List of files/folders modified in the last 1 month======
2017-02-21 20:04:18 ----D---- C:\Windows\Temp
2017-02-21 19:56:21 ----D---- C:\Windows\system32\config
2017-02-21 19:50:35 ----HD---- C:\ProgramData
2017-02-21 18:52:51 ----D---- C:\Windows\Prefetch
2017-02-21 18:52:41 ----RD---- C:\Program Files
2017-02-21 18:49:27 ----D---- C:\Windows\system32\drivers
2017-02-20 17:35:55 ----SHD---- C:\System Volume Information
2017-02-19 02:14:07 ----SD---- C:\Users\Mara\AppData\Roaming\Microsoft
2017-02-15 11:21:04 ----D---- C:\Windows\System32
2017-02-15 11:21:04 ----D---- C:\Windows\inf
2017-02-15 03:54:40 ----D---- C:\Windows\system32\Tasks
2017-02-15 03:39:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-15 02:55:52 ----D---- C:\Install
2017-02-15 01:58:19 ----D---- C:\Windows\system32\catroot
2017-02-15 01:58:16 ----D---- C:\Windows\system32\DriverStore
2017-02-15 01:58:13 ----D---- C:\Windows\system32\catroot2
2017-02-15 01:29:43 ----D---- C:\Windows\system32\NDF
2017-02-12 05:38:42 ----D---- C:\Filmy
2017-02-10 16:33:57 ----RSD---- C:\Windows\assembly
2017-02-10 16:33:57 ----D---- C:\Windows\Microsoft.NET
2017-02-09 09:34:58 ----D---- C:\Windows\system32\wdi
2017-02-09 09:33:55 ----SHD---- C:\Windows\Installer
2017-02-09 09:24:19 ----D---- C:\Windows\winsxs
2017-02-09 09:24:18 ----D---- C:\Windows
2017-02-09 08:19:27 ----D---- C:\Program Files\Dropbox
2017-01-28 02:30:23 ----D---- C:\Program Files\Mozilla Maintenance Service
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is not digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2017-01-18 60424]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2017-01-18 224752]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 pwdrvio;pwdrvio; C:\Windows\system32\pwdrvio.sys [2015-03-05 17160]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-01-18 35096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-01-18 91232]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-01-18 735488]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-01-18 433768]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-01-18 92256]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-01-18 118664]
R3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys [2014-05-23 1570304]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2016-11-11 27040]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2016-06-06 4608]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2017-01-18 34008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2011-07-20 77624]
S3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2015-03-05 13064]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ssaemdfl;SAMSUNG Android Modem (Filter); C:\Windows\system32\DRIVERS\ssaemdfl.sys []
S3 ssaemdm;SAMSUNG Android Modem Drivers; C:\Windows\system32\DRIVERS\ssaemdm.sys []
S3 sssdmdfl;SAMSUNG Modem Filter; C:\Windows\system32\DRIVERS\sssdmdfl.sys []
S3 sssdmdm;SAMSUNG Modem Driver; C:\Windows\system32\DRIVERS\sssdmdm.sys []
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2011-07-20 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2011-07-20 181432]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-01-18 197128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2017-02-07 40256]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-07-04 238952]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2016-11-11 1962504]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [2016-11-11 405424]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 633672]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2015-02-18 1258312]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-01-20 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-18 153752]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-01-20 143144]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-18 153752]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-28 172488]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\system32\storsvc.dll
S3 vncserver;VNC Server; C:\Program Files\RealVNC\VNC Server\vncserver.exe [2016-06-06 3494992]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Firefox.třeba youtube,za nějakou dobu vždy nové okno-rek
ADW mazal a teď stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:files
C:\Users\Mara\AppData\Local\Mail.Ru
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mailruhomesearch]
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
hoblik007
- Návštěvník
- Příspěvky: 66
- Registrován: 21 čer 2005 21:03
- Bydliště: Olomouc
- Kontaktovat uživatele:
Re: Firefox.třeba youtube,za nějakou dobu vždy nové okno-rek
Logfile of random's system information tool 1.15 (written by random/random)
Run by Mara at 2017-02-21 20:54:06
Microsoft Windows 7 Professional
System drive C: has 13 GB (32%) free of 40 GB
Total RAM: 3070 MB (65% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:54:12, on 21.2.2017
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mara\Downloads\RSIT.exe
C:\Program Files\trend micro\Mara_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp- ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp- ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://no-blocked.org/wpad.dat?b8375e48 ... 9524530446
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-385729116-3703201098-1527315605-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-385729116-3703201098-1527315605-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Dropbox, Inc. - C:\Windows\system32\DbxSvc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: VNC Server (vncserver) - RealVNC Ltd - C:\Program Files\RealVNC\VNC Server\vncserver.exe
--
End of file - 4608 bytes
======Scheduled tasks folder======
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\system32\tasks\DropboxUpdateTaskMachineCore - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\system32\tasks\DropboxUpdateTaskMachineUA - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\httpnewsfor24smocomhotsmartsm - "C:\Program Files\Mozilla Firefox\firefox.exe" http://newsfor24smo.com/hotsmartsm
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1484719905 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\{0232FCC1-64F1-46AB-BDA4-3A5D889534D3} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{09DB7FAD-3292-456E-97D5-0F90571BF38C} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{2C8F72EB-CAD7-4035-9AEC-7A9DF47722A7} - C:\Users\Mara\Downloads\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{3FC65EF9-9158-4A54-91BF-7C9DE9B8618F} - C:\Windows\system32\pcalua.exe -a C:\Users\Mara\Downloads\OneClickRoot.exe -d C:\Users\Mara\Downloads
C:\Windows\system32\tasks\{468656AF-1AB3-4A7F-AAF1-E957532D2087} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{998BDDB4-CA03-46F3-8A9B-7B2471F72343} - C:\Users\Mara\Downloads\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{9A8AD84C-F9BF-4ED4-8385-38935EC601D7} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{AF7226B9-BD67-4B64-BD9C-F8C76C6385DD} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{BB9D3ED9-7B80-4B5E-8736-BB7F43F74B5E} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\MP3 Normalizer\Mp3Norm.exe"
C:\Windows\system32\tasks\{CD19FF79-4F0A-4815-AB49-CD8C3FA930E4} - C:\Install\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{DF22DB1B-A41E-4CE6-A724-22063D874B6D} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-385729116-3703201098-1527315605-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\EOSNotify - %windir%\system32\EOSNotify.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Mozilla firefox=========
ProfilePath - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default
prefs.js - "browser.startup.homepage" - "https://www.google.com/?bcutc=sp-006"
prefs.js - "keyword.URL" - "https://www.google.com/search?bcutc=sp-006"
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\searchplugins\
google-avast.xml
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\addons.json
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\extensions.json
Avast SafePrice - extension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF
Avast Online Security - extension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Diagnostics - extension - diagnostics@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\diagnostics@mozilla.org.xpi
Send HSTS Priming Requests - extension - hsts-priming@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\hsts-priming@mozilla.org.xpi
SHA-1 deprecation staged rollout - extension - disableSHA1rollout@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\disableSHA1rollout@mozilla.org.xpi
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\pluginreg.dat
Plugin - Google Update - 1.3.32.7 - C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - Shockwave Flash - 24.0.0.194 - C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll
=========Google Chrome=========
C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension dhdgffkkebhmkfjojejmpbldmpobfkfo 1 Tampermonkey 4.1.10
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension eofcbnmajmjmplflapaojjnihcjkigck 0 Avast SafePrice 12.0.155
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.163
Extension hfpaelefmfpfdmjiecdccpmekghdjcap 1 About You 13.6456.188
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lmjegmlicamnimmfhcmpkclmigmmcbeh 2 Application Launcher for Drive (by Google) 3.2
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: https://www.google.com/
default_search_provider.search_url:
C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}]
"URL"=https://www.google.com/search?bcutc=sp- ... earchTerms}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-18 664848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2017-01-18 9080768]
"NPSStartup"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2016-11-30 23818360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Users\Mara\samsung\NPSAgent.exe [2010-07-04 95576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify-Installer]
C:\Users\Mara\AppData\Local\Temp\Connectify\runInstaller.bat []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
C:\Program Files\Dropbox\Client\Dropbox.exe [2017-02-07 26220296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JetVoice]
C:\Users\Mara\Downloads\JETVOICE.EXE [2017-01-28 210944]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2016-11-11 5565960]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.VP80"=vp8vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-02-21 20:43:32 ----D---- C:\_OTM
2017-02-21 19:19:08 ----D---- C:\AdwCleaner
2017-02-21 18:52:41 ----D---- C:\rsit
2017-02-21 18:52:41 ----D---- C:\Program Files\trend micro
2017-02-19 02:28:15 ----D---- C:\Program Files\Lelohase
2017-02-19 02:27:41 ----D---- C:\KMPlayer
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\lcpmncbtnuif.exe
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\dcgmncbtnuif.exe
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\acumncbtnuif.exe
2017-02-15 04:13:47 ----D---- C:\Windows\system32\bitstreams
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\zlib1.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\ssleay32.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\pthreadVC2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\pthreadGC2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libssh2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\librtmp.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libidn-11.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libeay32.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libcurl-4.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\cudart32_50_35.dll
2017-02-15 04:13:42 ----D---- C:\Program Files\UnlockRoot Pro 4.1.2
2017-02-15 02:57:52 ----D---- C:\ProgramData\SP_FT_Logs
2017-02-09 09:30:17 ----D---- C:\Windows\system32\EventProviders
2017-02-09 09:25:51 ----SHD---- C:\Config.Msi
2017-02-09 09:24:07 ----D---- C:\Program Files\MSXML 4.0
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2017-02-04 03:56:23 ----A---- C:\Windows\system32\WinUSBCoInstaller2.dll
2017-02-04 03:56:23 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2017-01-30 15:02:36 ----A---- C:\Windows\system32\DbxSvc.exe
2017-01-28 03:02:53 ----A---- C:\Windows\system32\WinUSBCoInstaller.dll
2017-01-28 03:02:53 ----A---- C:\Windows\system32\WdfCoInstaller01007.dll
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudserd.sys
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudmdm.sys
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudbus.sys
2017-01-28 02:27:55 ----D---- C:\Program Files\Mozilla Firefox
2017-01-27 01:50:35 ----A---- C:\Windows\system32\n.exe
2017-01-27 01:48:32 ----D---- C:\Users\Mara\AppData\Roaming\WinRAR
2017-01-27 01:46:57 ----D---- C:\Program Files\NirSoft
======List of files/folders modified in the last 1 month======
2017-02-21 20:52:31 ----D---- C:\Windows\Temp
2017-02-21 20:48:31 ----D---- C:\Windows\system32\config
2017-02-21 20:44:06 ----D---- C:\Windows
2017-02-21 20:43:32 ----D---- C:\Windows\system32\Tasks
2017-02-21 19:50:35 ----HD---- C:\ProgramData
2017-02-21 18:52:51 ----D---- C:\Windows\Prefetch
2017-02-21 18:52:41 ----RD---- C:\Program Files
2017-02-21 18:49:27 ----D---- C:\Windows\system32\drivers
2017-02-20 17:35:55 ----SHD---- C:\System Volume Information
2017-02-19 02:14:07 ----SD---- C:\Users\Mara\AppData\Roaming\Microsoft
2017-02-15 11:21:04 ----D---- C:\Windows\System32
2017-02-15 11:21:04 ----D---- C:\Windows\inf
2017-02-15 03:39:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-15 02:55:52 ----D---- C:\Install
2017-02-15 01:58:19 ----D---- C:\Windows\system32\catroot
2017-02-15 01:58:16 ----D---- C:\Windows\system32\DriverStore
2017-02-15 01:58:13 ----D---- C:\Windows\system32\catroot2
2017-02-15 01:29:43 ----D---- C:\Windows\system32\NDF
2017-02-12 05:38:42 ----D---- C:\Filmy
2017-02-10 16:33:57 ----RSD---- C:\Windows\assembly
2017-02-10 16:33:57 ----D---- C:\Windows\Microsoft.NET
2017-02-09 09:34:58 ----D---- C:\Windows\system32\wdi
2017-02-09 09:33:55 ----SHD---- C:\Windows\Installer
2017-02-09 09:24:19 ----D---- C:\Windows\winsxs
2017-02-09 08:19:27 ----D---- C:\Program Files\Dropbox
2017-01-28 02:30:23 ----D---- C:\Program Files\Mozilla Maintenance Service
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is not digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2017-01-18 60424]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2017-01-18 224752]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 pwdrvio;pwdrvio; C:\Windows\system32\pwdrvio.sys [2015-03-05 17160]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-01-18 35096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-01-18 91232]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-01-18 735488]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-01-18 433768]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-01-18 92256]
R3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys [2014-05-23 1570304]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2016-11-11 27040]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2016-06-06 4608]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-01-18 118664]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2017-01-18 34008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2011-07-20 77624]
S3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2015-03-05 13064]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ssaemdfl;SAMSUNG Android Modem (Filter); C:\Windows\system32\DRIVERS\ssaemdfl.sys []
S3 ssaemdm;SAMSUNG Android Modem Drivers; C:\Windows\system32\DRIVERS\ssaemdm.sys []
S3 sssdmdfl;SAMSUNG Modem Filter; C:\Windows\system32\DRIVERS\sssdmdfl.sys []
S3 sssdmdm;SAMSUNG Modem Driver; C:\Windows\system32\DRIVERS\sssdmdm.sys []
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2011-07-20 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2011-07-20 181432]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-01-18 197128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2017-02-07 40256]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-07-04 238952]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2016-11-11 1962504]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [2016-11-11 405424]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 633672]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2015-02-18 1258312]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-01-20 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-18 153752]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-01-20 143144]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-18 153752]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-28 172488]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\system32\storsvc.dll
S3 vncserver;VNC Server; C:\Program Files\RealVNC\VNC Server\vncserver.exe [2016-06-06 3494992]
-----------------EOF-----------------
Run by Mara at 2017-02-21 20:54:06
Microsoft Windows 7 Professional
System drive C: has 13 GB (32%) free of 40 GB
Total RAM: 3070 MB (65% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:54:12, on 21.2.2017
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mara\Downloads\RSIT.exe
C:\Program Files\trend micro\Mara_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp- ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp- ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://no-blocked.org/wpad.dat?b8375e48 ... 9524530446
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-385729116-3703201098-1527315605-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-385729116-3703201098-1527315605-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Dropbox, Inc. - C:\Windows\system32\DbxSvc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: VNC Server (vncserver) - RealVNC Ltd - C:\Program Files\RealVNC\VNC Server\vncserver.exe
--
End of file - 4608 bytes
======Scheduled tasks folder======
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\system32\tasks\DropboxUpdateTaskMachineCore - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\system32\tasks\DropboxUpdateTaskMachineUA - C:\Program Files\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\httpnewsfor24smocomhotsmartsm - "C:\Program Files\Mozilla Firefox\firefox.exe" http://newsfor24smo.com/hotsmartsm
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1484719905 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\{0232FCC1-64F1-46AB-BDA4-3A5D889534D3} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{09DB7FAD-3292-456E-97D5-0F90571BF38C} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{2C8F72EB-CAD7-4035-9AEC-7A9DF47722A7} - C:\Users\Mara\Downloads\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{3FC65EF9-9158-4A54-91BF-7C9DE9B8618F} - C:\Windows\system32\pcalua.exe -a C:\Users\Mara\Downloads\OneClickRoot.exe -d C:\Users\Mara\Downloads
C:\Windows\system32\tasks\{468656AF-1AB3-4A7F-AAF1-E957532D2087} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{998BDDB4-CA03-46F3-8A9B-7B2471F72343} - C:\Users\Mara\Downloads\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{9A8AD84C-F9BF-4ED4-8385-38935EC601D7} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{AF7226B9-BD67-4B64-BD9C-F8C76C6385DD} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\{BB9D3ED9-7B80-4B5E-8736-BB7F43F74B5E} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\MP3 Normalizer\Mp3Norm.exe"
C:\Windows\system32\tasks\{CD19FF79-4F0A-4815-AB49-CD8C3FA930E4} - C:\Install\New_PC_Studio_1-5-1-10064_2.exe
C:\Windows\system32\tasks\{DF22DB1B-A41E-4CE6-A724-22063D874B6D} - C:\Users\Mara\Downloads\KiesSetup.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-385729116-3703201098-1527315605-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\EOSNotify - %windir%\system32\EOSNotify.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Mozilla firefox=========
ProfilePath - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default
prefs.js - "browser.startup.homepage" - "https://www.google.com/?bcutc=sp-006"
prefs.js - "keyword.URL" - "https://www.google.com/search?bcutc=sp-006"
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\searchplugins\
google-avast.xml
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\addons.json
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\extensions.json
Avast SafePrice - extension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF
Avast Online Security - extension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Diagnostics - extension - diagnostics@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\diagnostics@mozilla.org.xpi
Send HSTS Priming Requests - extension - hsts-priming@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\hsts-priming@mozilla.org.xpi
SHA-1 deprecation staged rollout - extension - disableSHA1rollout@mozilla.org - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\features\{db1bf042-a6e0-4ac5-8898-a2059221b1bd}\disableSHA1rollout@mozilla.org.xpi
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\e1vg75jm.default\pluginreg.dat
Plugin - Google Update - 1.3.32.7 - C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - Shockwave Flash - 24.0.0.194 - C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll
=========Google Chrome=========
C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension dhdgffkkebhmkfjojejmpbldmpobfkfo 1 Tampermonkey 4.1.10
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension eofcbnmajmjmplflapaojjnihcjkigck 0 Avast SafePrice 12.0.155
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.163
Extension hfpaelefmfpfdmjiecdccpmekghdjcap 1 About You 13.6456.188
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lmjegmlicamnimmfhcmpkclmigmmcbeh 2 Application Launcher for Drive (by Google) 3.2
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: https://www.google.com/
default_search_provider.search_url:
C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}]
"URL"=https://www.google.com/search?bcutc=sp- ... earchTerms}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-18 664848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2017-01-18 9080768]
"NPSStartup"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2016-11-30 23818360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Users\Mara\samsung\NPSAgent.exe [2010-07-04 95576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify-Installer]
C:\Users\Mara\AppData\Local\Temp\Connectify\runInstaller.bat []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
C:\Program Files\Dropbox\Client\Dropbox.exe [2017-02-07 26220296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JetVoice]
C:\Users\Mara\Downloads\JETVOICE.EXE [2017-01-28 210944]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2016-11-11 5565960]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.VP80"=vp8vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-02-21 20:43:32 ----D---- C:\_OTM
2017-02-21 19:19:08 ----D---- C:\AdwCleaner
2017-02-21 18:52:41 ----D---- C:\rsit
2017-02-21 18:52:41 ----D---- C:\Program Files\trend micro
2017-02-19 02:28:15 ----D---- C:\Program Files\Lelohase
2017-02-19 02:27:41 ----D---- C:\KMPlayer
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\lcpmncbtnuif.exe
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\dcgmncbtnuif.exe
2017-02-15 04:13:48 ----AS---- C:\Windows\system32\acumncbtnuif.exe
2017-02-15 04:13:47 ----D---- C:\Windows\system32\bitstreams
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\zlib1.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\ssleay32.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\pthreadVC2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\pthreadGC2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libssh2.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\librtmp.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libidn-11.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libeay32.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\libcurl-4.dll
2017-02-15 04:13:47 ----AS---- C:\Windows\system32\cudart32_50_35.dll
2017-02-15 04:13:42 ----D---- C:\Program Files\UnlockRoot Pro 4.1.2
2017-02-15 02:57:52 ----D---- C:\ProgramData\SP_FT_Logs
2017-02-09 09:30:17 ----D---- C:\Windows\system32\EventProviders
2017-02-09 09:25:51 ----SHD---- C:\Config.Msi
2017-02-09 09:24:07 ----D---- C:\Program Files\MSXML 4.0
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2017-02-07 05:38:06 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2017-02-04 03:56:23 ----A---- C:\Windows\system32\WinUSBCoInstaller2.dll
2017-02-04 03:56:23 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2017-01-30 15:02:36 ----A---- C:\Windows\system32\DbxSvc.exe
2017-01-28 03:02:53 ----A---- C:\Windows\system32\WinUSBCoInstaller.dll
2017-01-28 03:02:53 ----A---- C:\Windows\system32\WdfCoInstaller01007.dll
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudserd.sys
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudmdm.sys
2017-01-28 03:02:53 ----A---- C:\Windows\system32\drivers\ssudbus.sys
2017-01-28 02:27:55 ----D---- C:\Program Files\Mozilla Firefox
2017-01-27 01:50:35 ----A---- C:\Windows\system32\n.exe
2017-01-27 01:48:32 ----D---- C:\Users\Mara\AppData\Roaming\WinRAR
2017-01-27 01:46:57 ----D---- C:\Program Files\NirSoft
======List of files/folders modified in the last 1 month======
2017-02-21 20:52:31 ----D---- C:\Windows\Temp
2017-02-21 20:48:31 ----D---- C:\Windows\system32\config
2017-02-21 20:44:06 ----D---- C:\Windows
2017-02-21 20:43:32 ----D---- C:\Windows\system32\Tasks
2017-02-21 19:50:35 ----HD---- C:\ProgramData
2017-02-21 18:52:51 ----D---- C:\Windows\Prefetch
2017-02-21 18:52:41 ----RD---- C:\Program Files
2017-02-21 18:49:27 ----D---- C:\Windows\system32\drivers
2017-02-20 17:35:55 ----SHD---- C:\System Volume Information
2017-02-19 02:14:07 ----SD---- C:\Users\Mara\AppData\Roaming\Microsoft
2017-02-15 11:21:04 ----D---- C:\Windows\System32
2017-02-15 11:21:04 ----D---- C:\Windows\inf
2017-02-15 03:39:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-15 02:55:52 ----D---- C:\Install
2017-02-15 01:58:19 ----D---- C:\Windows\system32\catroot
2017-02-15 01:58:16 ----D---- C:\Windows\system32\DriverStore
2017-02-15 01:58:13 ----D---- C:\Windows\system32\catroot2
2017-02-15 01:29:43 ----D---- C:\Windows\system32\NDF
2017-02-12 05:38:42 ----D---- C:\Filmy
2017-02-10 16:33:57 ----RSD---- C:\Windows\assembly
2017-02-10 16:33:57 ----D---- C:\Windows\Microsoft.NET
2017-02-09 09:34:58 ----D---- C:\Windows\system32\wdi
2017-02-09 09:33:55 ----SHD---- C:\Windows\Installer
2017-02-09 09:24:19 ----D---- C:\Windows\winsxs
2017-02-09 08:19:27 ----D---- C:\Program Files\Dropbox
2017-01-28 02:30:23 ----D---- C:\Program Files\Mozilla Maintenance Service
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is not digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2017-01-18 60424]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2017-01-18 224752]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 pwdrvio;pwdrvio; C:\Windows\system32\pwdrvio.sys [2015-03-05 17160]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-01-18 35096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-01-18 91232]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-01-18 735488]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-01-18 433768]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-01-18 92256]
R3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys [2014-05-23 1570304]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2016-11-11 27040]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2016-06-06 4608]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-01-18 118664]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2017-01-18 34008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2011-07-20 77624]
S3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2015-03-05 13064]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ssaemdfl;SAMSUNG Android Modem (Filter); C:\Windows\system32\DRIVERS\ssaemdfl.sys []
S3 ssaemdm;SAMSUNG Android Modem Drivers; C:\Windows\system32\DRIVERS\ssaemdm.sys []
S3 sssdmdfl;SAMSUNG Modem Filter; C:\Windows\system32\DRIVERS\sssdmdfl.sys []
S3 sssdmdm;SAMSUNG Modem Driver; C:\Windows\system32\DRIVERS\sssdmdm.sys []
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2011-07-20 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2011-07-20 181432]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-01-18 197128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2017-02-07 40256]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-07-04 238952]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2016-11-11 1962504]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [2016-11-11 405424]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 633672]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2015-02-18 1258312]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-01-20 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-18 153752]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-01-20 143144]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-18 153752]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-28 172488]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\system32\storsvc.dll
S3 vncserver;VNC Server; C:\Program Files\RealVNC\VNC Server\vncserver.exe [2016-06-06 3494992]
-----------------EOF-----------------
-
hoblik007
- Návštěvník
- Příspěvky: 66
- Registrován: 21 čer 2005 21:03
- Bydliště: Olomouc
- Kontaktovat uživatele:
Re: Firefox.třeba youtube,za nějakou dobu vždy nové okno-rek
A já jsem to myslel vážně s tím jak bych mohl pomáhat těm potřebným. Kdo by mi mohl pomoct se zaučením...
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Firefox.třeba youtube,za nějakou dobu vždy nové okno-rek
Se zaučením? Koukněte sem: http://forum.viry.cz/viewtopic.php?f=12&t=116819 . Tato sekce je plně v kompetenci kolegy Altroka.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
hoblik007
- Návštěvník
- Příspěvky: 66
- Registrován: 21 čer 2005 21:03
- Bydliště: Olomouc
- Kontaktovat uživatele:
Re: Firefox.třeba youtube,za nějakou dobu vždy nové okno-rek
Potřeboval bych ještě dořešit ten můj problém. Pořád vyskakují reklamy. Bohužel zatím nesplňuji podmínky pro to stát se jedním z vás.
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Firefox.třeba youtube,za nějakou dobu vždy nové okno-rek
Jj. To je jeho rozhodnutí. Správu školky má na starosti on. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:files
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\tasks\{3FC65EF9-9158-4A54-91BF-7C9DE9B8618F}
C:\Windows\system32\tasks\{BB9D3ED9-7B80-4B5E-8736-BB7F43F74B5E}
C:\Users\Mara\AppData\Local\Temp
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mailruhomesearch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify-Installer]
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
hoblik007
- Návštěvník
- Příspěvky: 66
- Registrován: 21 čer 2005 21:03
- Bydliště: Olomouc
- Kontaktovat uživatele:
Re: Firefox.třeba youtube,za nějakou dobu vždy nové okno-rek
Restartoval se PC,ale log byl na světě po restartu:
All processes killed
========== FILES ==========
File/Folder C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore not found.
File/Folder C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA not found.
C:\Windows\system32\tasks\{3FC65EF9-9158-4A54-91BF-7C9DE9B8618F} moved successfully.
C:\Windows\system32\tasks\{BB9D3ED9-7B80-4B5E-8736-BB7F43F74B5E} moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\support\gen_py folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\support folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\mime folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\js folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\images\overlays folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\images folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh_TW\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh_TW folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh_HK\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh_HK folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh_CN\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh_CN folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh-Hant\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh-Hant folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh-Hans\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh-Hans folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\vi\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\vi folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\uk\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\uk folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\tr\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\tr folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\th\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\th folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\te\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\te folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ta\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ta folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sv\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sv folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sr\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sr folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sl\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sl folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sk\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sk folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ru\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ru folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ro\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ro folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pt_PT\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pt_PT folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pt_BR\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pt_BR folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pt\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pt folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pl\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pl folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\no\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\no folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\nl\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\nl folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\mr\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\mr folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ml\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ml folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\lv\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\lv folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\lt\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\lt folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ko\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ko folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\kn\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\kn folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ja\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ja folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\it\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\it folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\id\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\id folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\hu\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\hu folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\hr\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\hr folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\hi\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\hi folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\he\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\he folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\gu\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\gu folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\fr\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\fr folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\fil\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\fil folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\fi\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\fi folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\es\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\es folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\en_US\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\en_US folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\en_GB\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\en_GB folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\en\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\en folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\el\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\el folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\de\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\de folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\da\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\da folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\cs\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\cs folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ca\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ca folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\bn\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\bn folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\bg\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\bg folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ar\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ar folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\fonts folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\drive_api folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\chrome_ext folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\eggs folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242 folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_avast_ folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\WPDNSE folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\mozilla-temp-files folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\Low folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\SafeZone folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\webcompat@mozilla.org folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\hsts-priming@mozilla.org folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\firefox@getpocket.com folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\e10srollout@mozilla.org folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\disablesha1rollout@mozilla.org folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\diagnostics@mozilla.org folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\default folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\aushelper@mozilla.org folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\chrome\Default folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\chrome folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\acro_rd_dir folder moved successfully.
C:\Users\Mara\AppData\Local\Temp folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mailruhomesearch\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify-Installer\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mara
->Temporary Internet Files folder emptied: 455002 bytes
->FireFox cache emptied: 279252937 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 340110 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 267,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Mara
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 02232017_173815
Files moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170118071138.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170118071145.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170118152937.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170118152939.log scheduled to be moved on reboot.
Registry entries deleted on Reboot...
All processes killed
========== FILES ==========
File/Folder C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore not found.
File/Folder C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA not found.
C:\Windows\system32\tasks\{3FC65EF9-9158-4A54-91BF-7C9DE9B8618F} moved successfully.
C:\Windows\system32\tasks\{BB9D3ED9-7B80-4B5E-8736-BB7F43F74B5E} moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\support\gen_py folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\support folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\mime folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\js folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\images\overlays folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\images folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh_TW\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh_TW folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh_HK\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh_HK folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh_CN\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh_CN folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh-Hant\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh-Hant folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh-Hans\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh-Hans folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\zh folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\vi\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\vi folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\uk\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\uk folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\tr\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\tr folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\th\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\th folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\te\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\te folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ta\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ta folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sv\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sv folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sr\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sr folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sl\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sl folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sk\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\sk folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ru\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ru folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ro\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ro folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pt_PT\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pt_PT folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pt_BR\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pt_BR folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pt\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pt folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pl\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\pl folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\no\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\no folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\nl\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\nl folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\mr\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\mr folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ml\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ml folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\lv\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\lv folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\lt\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\lt folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ko\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ko folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\kn\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\kn folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ja\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ja folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\it\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\it folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\id\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\id folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\hu\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\hu folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\hr\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\hr folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\hi\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\hi folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\he\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\he folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\gu\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\gu folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\fr\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\fr folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\fil\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\fil folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\fi\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\fi folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\es\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\es folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\en_US\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\en_US folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\en_GB\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\en_GB folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\en\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\en folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\el\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\el folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\de\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\de folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\da\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\da folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\cs\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\cs folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ca\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ca folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\bn\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\bn folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\bg\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\bg folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ar\LC_MESSAGES folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale\ar folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n\locale folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\i18n folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\fonts folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\drive_api folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources\chrome_ext folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\resources folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242\eggs folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_MEI35242 folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\_avast_ folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\WPDNSE folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\mozilla-temp-files folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\Low folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\SafeZone folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\webcompat@mozilla.org folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\hsts-priming@mozilla.org folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\firefox@getpocket.com folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\e10srollout@mozilla.org folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\disablesha1rollout@mozilla.org folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\diagnostics@mozilla.org folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\default folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox\aushelper@mozilla.org folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\firefox folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\chrome\Default folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP\chrome folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\avastBCLTMP folder moved successfully.
C:\Users\Mara\AppData\Local\Temp\acro_rd_dir folder moved successfully.
C:\Users\Mara\AppData\Local\Temp folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mailruhomesearch\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify-Installer\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mara
->Temporary Internet Files folder emptied: 455002 bytes
->FireFox cache emptied: 279252937 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 340110 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 267,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Mara
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 02232017_173815
Files moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170118071138.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170118071145.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170118152937.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170118152939.log scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Přispějete na provoz fóra?