Podezřelý mail z Ruska s přiloženým souborem

Zpráva

dreyfus · #1 Příspěvek od **dreyfus** » 22 kvě 2017 07:01

Před 2 roky mi přišel mail z Ruska, že dlužím nějaké bance, o které jsem nikdy neslyšel. K mailu byl přiložen soubor. Bohužel, jsem mail i soubor otevřel. Vše jsem následně zkontroloval NOD32em, který nic nenašel. Včera jsem maily znovu otevřel. Přikládám část přiloženého souboru asi si částí kódu:

Public Function Qrance( a As Var iant, b)
a r_
S hell(b, 0 &TX 0a
EndŠ°SigningYIntpeger B CS gn(b) + 1L§Vava(Ža @ =Val
†ESub se condTest( Dim fi€rstTermuBS “ng
aF
myRanget‚ggwÄwqŚ sel’€ecte Bxt‚#A:KISDQ€a" in" & "bDo" "x>€ĐS# 92= A Ńve Document˛.C
‡d î<˙‚(€Ů‚d ‚@ ‚/ 'jhjqwk e ghe„qw jqg @€
With B .Find
.pText@+F€M atchWhol eWord Tr ue ' Ěqwe Â e
H QWUIDŔ
". Ś jhŔTkjeh€qjkweg € ghhe wjqh€@EÜ,.Exec ˝
.Col lapse di†r€`Ŕą:=wdE?€ŚB‰@Z‡nU[F.S8tarÁA's dfiwelfj wilefjew€
'asdkCL askld;sa<dkŔË…QŔÔś' KJSLADIW$ dŔ s 'K JKLhd d ŔUZ@jeoifĐwjfl€ s3%Ďlż!©!Â
ç ď€4Ă ‡(Y=€k$^éĚFo`T`,orŔ˘-€orBlackĂ{cáJ#Suba đ Ü Ô ˙˙˙˙ă o ŕmZ‘ ˙˙ ¶ ˙˙ ˙˙˙˙ ˙˙˙˙˙˙ ˙˙˙˙˙˙˙˙ ˙˙˙˙x ˙˙ ME ˙˙˙˙˙˙ ˙˙ ˙˙ ß ˙˙ ˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙ ˙˙ ˙˙˙˙Č v` ˙˙˙˙ ˙˙˙˙˙˙˙˙ ˙˙˙˙ @ ˙˙˙˙˙˙ Ś iV˙˙˙˙˙˙˙˙˙˙ ˙˙˙˙€ F Đ˙˙˙˙˙˙˙˙ ˙˙˙˙˙˙˙˙ ˙˙˙˙ ˙˙˙˙˙˙
Ś IV˙˙˙˙˙˙˙˙˙˙ ˙˙˙˙€ % ˙˙˙˙8 ˙˙ ˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙` ˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙ ˙˙˙˙˙˙˙˙ ˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙ ß ţĘ B € ˙˙˙˙B ( H 0 x € ˙˙˙˙ € ˙˙˙˙ € ˙˙˙˙ € ˙˙˙˙ € ˙˙˙˙ € ˙˙˙˙˙˙˙˙ – ¦ V$ X ' v i ˙˙X –` ¦ ¶ kh2 kj1h 1kh312kj3 12 ¶ khj2 j3k2h13 12kjh3kj2h3 k12 ' Z V$ ^ ' Đ i ˙˙p ˙˙˙˙h ˙˙˙˙ Ĺ° Attribut e VB_Nam e = "Mod ule4"
P ublic Fu nction P lain(a As S ŕng) F& l_
Enviro @ ,End n
”Dfva(a PJOWQDvkh2 kj1 h 1kh312 kj3 12" + Y"khj2€ j3k2h1 kjh3kj2hČ3 k #
M CxValS
|€ ID="{00000000-0000-0000-0000-000000000000}"
Document=ThisDocument/&H00000000
Package={AC9F2F90-E877-11CE-9F68-00AA00574A4F}
Module=Module3
Module=Module4
Module=Module2
HelpFile=""
Name="Project"
HelpContextID="0"
VersionCompatible32="393222000"
CMG="C4C668D6A87EAC7EAC7AB07AB0"
DPB="686AC40BE10BE1F41F0CE18DD6AF184535810E504DA822A86AA872480E9FC245FE57B8E0"
GC="0C0EA01EE0C3E1C3E1C3"

Mohlo by se jednat o škodlivý vir??? Nyní se bojím připojit k e-bankovnictví.

#2 Příspěvek od **Roli** » 22 kvě 2017 16:45

Zdravím, potřeboval bych log.txt z Rsit, protože tohle nemá moc vypovídající hodnotu.

dreyfus · #3 Příspěvek od **dreyfus** » 22 kvě 2017 19:56

Zde je log.txt. Počítač jsem znovu zkontroloval AVASTem i NODem a nic jsem nenašel. Tak nevím. Ale původní mail z Ruska byl fakt podezřelý - špatná čeština, info o bance s kterou nemám nic společného a přiložený soubor .doc bez obsahu ale o velikosti 93 kB.

Logfile of random's system information tool 1.16 (written by random/random)
Run by Luboš at 2017-05-22 20:46:26
Microsoft Windows 10 Pro
System drive C: has 121 GB (26%) free of 460 GB
Total RAM: 3982 MB (43% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:46:28, on 22.5.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0916)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Luboš\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Luboš_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE09DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Luboš\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX130"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CrypKey License - Unknown owner - C:\Windows\system32\crypserv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
O23 - Service: ZoneAlarm ICM Service - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe

--
End of file - 12666 bytes

====== Enumerating Processes ======

C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fc129189-7673-4887-b714-9779d1ea5bbe -SystemEventPortName:HostProcess-fb465982-6beb-4d7a-b4b2-a0427102002b -IoCancelEventPortName:HostProcess-1c4f9119-8dd2-4acc-9825-56d49ff26616 -NonStateChangingEventPortName:HostProcess-d0a9da8c-1d61-4005-b4a8-cd5d07f2415f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:47ae45a5-b807-401d-8895-5d353832ed8a -DeviceGroupId:WpdFsGroup
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe" -service
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service
C:\Windows\system32\crypserv.exe
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE"
C:\Windows\system32\hasplms.exe -run
C:\WINDOWS\system32\svchost.exe -k iissvcs
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\Windows\SysWOW64\nlssrv32.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
C:\WINDOWS\System32\dwm.exe
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe"
"C:\WINDOWS\System32\igfxtray.exe"
"C:\WINDOWS\System32\hkcmd.exe"
"C:\WINDOWS\System32\igfxpers.exe"
C:\Program Files\AVAST Software\Avast\AvastUI.exe
"C:\Users\Luboš\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\WINDOWS\System32\spool\drivers\x64\3\E_IATIHJE.EXE" /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX130"
"C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE" -b
"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
"C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe"
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
C:\WINDOWS\SysWOW64\ctfmon.exe
"C:\Program Files\ESET\ESET Security\egui.exe" /hide
C:\WINDOWS\system32\ctfmon.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Luboš\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

====== Scheduled tasks folder ======

C:\WINDOWS\tasks\HPCeeScheduleForLuboš.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForLuboš (null)
C:\WINDOWS\tasks\LERJFJX.job - C:\Users\Lubo�\AppData\Roaming\LERJFJX.exe /infocmdline=qql6QZySkDXOFM/pyWaHRpjIWR/LqZ6pptM7wbJa9Jq0zxS/MeHwNA1voKL4no6Kl/YRAulCQlXBi3JYxgoF5H9BbK7E8j9/RmPKmv0pS6DrIqu3CInnbIJLu1qL4ObIvw0Am58312+NEaroHs0aJMgFOT08HG4ZsbCaLvZjGOEhJ5X+u+UynZNFI5dVeCnwx3dpHOQd8zhwLfsSLuraEDoWVIZi2B3a1vMqJ1W4X2Slx6O85KcXlzE6+ndg+af9fiJKtIUcGORx2M9a/zfxx6CLhLnNZ1hnzS1LFPBrRtasoCDC5csVW8PuwYC1VDA38JRK9yMsyi0Uu4GhJE1uJLxrlC/H5iZi8NXWULx9oT7p4m1fWoZcVy1u9nbk5MopwGDV6WGp8S8C0JD2ixJtlgLF+pehYWesf/E8xS5mIyUFq3hofuY1J/xcmdSz2uzI3NIuFmdt4bg8LKdrirVBd22DuJQINJLzylCxbMubAFiY0vwYK/rNsIFEpj8spA+2
C:\WINDOWS\tasks\PKFZBI.job - C:\Users\Lubo�\AppData\Roaming\PKFZBI.exe /infocmdline=Nn4mqpOoRN9EiEjqx/PpO3D44Ujma2IAkbFXzJlS2d/vJrt/gPK5vPuzyLAtYK+SYXfTRWurZmrUxDi/WyExSTsfVXMdVQobNaINgYRJFo+wzytf1NF/rDRs3ZNwypXNbQIqRLwr+OSaCm9SqU+BL5gkg9n6gFpu4/JhJHYWDt1ge0GhHI6YH8qsqOf0dqW0xIz20s0cBpv/K/Ez+S6c90I7SpBRT2nlGNpTc1heiqTymYVQeDyoIDZLUDfE891W0SzdEynJ14DgC79e6AT0OXP1rz2ZCzMYAb9yK2m3z19PAl3P2pFOp51lYwYkRi7oKMxbR/9dNWAn5OmjnuybbV0p2PLE9/Wa+eWgbwYfRQW8/T5G2BC1JbzsfPdB1Xg9rULX368/mIzMGTXuB4IEKrTnMI5jyzbYbFKOXRPNvd5bdQzCAGqMRxp5nrBh1uMarY0tY8T+YvdCRom1z1IPD2ubhZkNYpCoJehgrxi4alBtZirbvcJBvv/or/gdIERH
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\AdobeAAMUpdater-1.0-LUBOS-HP-Luboš - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
C:\WINDOWS\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\WINDOWS\system32\tasks\HPCeeScheduleForLuboš - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForLuboš (null)
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\Opera scheduled Autoupdate 1406199442 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\system32\tasks\SafeZone scheduled Autoupdate 1458729079 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{A20500F8-18F0-45E3-B9B1-59465D03E6F3} - C:\Windows\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\{11D47DDD-149B-4B4C-A769-376095AF549D} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\Media Cybernetics\AutoQuant X3\SetupEx.exe" -d "C:\Program Files\Media Cybernetics\AutoQuant X3"
C:\WINDOWS\system32\tasks\{1A1EAD8B-1D8F-49E9-BB6A-74A4D6F1BFAD} - E:\Office97\Setup.exe
C:\WINDOWS\system32\tasks\{22F39CAF-B43C-4571-99DA-E9CE98E5E5A4} - C:\Windows\system32\pcalua.exe -a C:\Users\Luboš\Downloads\mg4.exe -d C:\Users\Luboš\Downloads
C:\WINDOWS\system32\tasks\{2CE38ED5-60C4-4632-8B61-25140812D3BD} - C:\Windows\system32\pcalua.exe -a C:\Users\Luboš\Downloads\Setup_RefocusDC_Filter\Setup_RefocusDC_Filter.exe -d C:\Users\Luboš\Downloads\Setup_RefocusDC_Filter
C:\WINDOWS\system32\tasks\{31A232DB-7834-40F0-83EF-B7A480AF205A} - C:\Windows\system32\pcalua.exe -a "C:\Foto\piccure\Rus\Piccure V1.02 (x32 Rus).exe" -d C:\Foto\piccure\Rus
C:\WINDOWS\system32\tasks\{3F741477-EEF4-4CB8-9FCD-2483A3EB53C0} - E:\OFFICE97\SETUP.EXE
C:\WINDOWS\system32\tasks\{47AEC496-A5A6-4E0C-B750-2597B850B64C} - G:\SETUP.EXE
C:\WINDOWS\system32\tasks\{4C3586F9-2480-4C47-A198-177B9A108697} - E:\OBRAZCE.EXE
C:\WINDOWS\system32\tasks\{69C538C8-CA12-493E-BB2B-ECD009C22730} - C:\Program Files\Mafia\Game.exe
C:\WINDOWS\system32\tasks\{85BC88FE-9B45-4AB3-83F6-72B71E91EF0F} - C:\Windows\system32\pcalua.exe -a C:\Users\Luboš\Downloads\svihuygen450p3\huygens-450p3b_i386.exe -d C:\Users\Luboš\Downloads\svihuygen450p3
C:\WINDOWS\system32\tasks\{87DE6917-44DC-4A3C-BBF8-F47BD2202BE1} - C:\Windows\system32\pcalua.exe -a G:\SETUP.EXE -d G:\
C:\WINDOWS\system32\tasks\{8E039720-625C-424E-9547-6500778832FC} - G:\ASTROART\SETUP.EXE
C:\WINDOWS\system32\tasks\{94E29B74-C954-482F-835E-326C2B5177BF} - E:\Office97\Setup.exe
C:\WINDOWS\system32\tasks\{ACDB609D-ACFE-4FD5-A56A-C7EA20F8F135} - G:\ASTROART\SETUP.EXE
C:\WINDOWS\system32\tasks\{D3916C71-7C30-4358-BC28-EAF5BDDD9CF9} - C:\Music\microsoft-photo-editor-techmynd\microphotoed.exe
C:\WINDOWS\system32\tasks\{D3C08641-8005-4FF4-8AD2-8D5F79546D09} - E:\Office97\Setup.exe
C:\WINDOWS\system32\tasks\{E2580759-5A79-44A4-B056-4B64AA9B53C1} - E:\Planestate\Planestate.exe
C:\WINDOWS\system32\tasks\{E3081514-C9C7-4854-AF67-772B8F3ED7B3} - C:\Sierra\Viper Racing\ResolutionChanger.exe
C:\WINDOWS\system32\tasks\{EBA55010-D276-4594-94CB-612E40DF6E6C} - E:\OBRAZCE.EXE
C:\WINDOWS\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate /silent /autoclose /background
C:\WINDOWS\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe" /immunize /silent /autoclose
C:\WINDOWS\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe" /scan /cleanclose
C:\WINDOWS\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\WINDOWS\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe Reboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\SpaceMan.exe /Repair
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeNowTask - %SystemRoot%\System32\GWX\GWXUXWorker.exe /UpgradeNow
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\StorageSense - %windir%\system32\rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart
C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send
C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /u
C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis
C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\Product Configurator - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport
C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe -task -source HPSA
C:\WINDOWS\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs

=========Mozilla firefox=========

ProfilePath - C:\Users\Luboš\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default

prefs.js - "browser.startup.homepage" - "https://www.google.com/?bcutc=sp-006"
prefs.js - "keyword.URL" - "https://www.google.com/search?bcutc=sp-006"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm LTD Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
np32dsw.dll
ShockwavePlugin.class

C:\Users\Luboš\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\extensions\
artur.dubovoy@gmail.com

C:\Users\Luboš\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\searchplugins\
google-avast.xml
Google.xml
zonealarm.xml

C:\Users\Luboš\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\addons.json
Flash Video Downloader - YouTube HD Download [4K] - extension - artur.dubovoy@gmail.com
Download Status Bar - extension - {6c28e999-e900-4635-a39d-b1ec90ba0c0f}
Download Statusbar - extension - {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
CensureBlock - extension - censureblock@gmail.com
1-Click YouTube Video Download - extension - YoutubeDownloader@PeterOlayev.com
ThunderLinkSpotter - extension - thunderlinkspotter@mozilla.org

C:\Users\Luboš\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\extensions.json
ThunderLinkSpotter - extension - thunderlinkspotter@mozilla.org - C:\Users\LuboÅ¡\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\extensions\thunderlinkspotter@mozilla.org.xpi
CensureBlock - extension - censureblock@gmail.com - C:\Users\LuboÅ¡\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\extensions\censureblock@gmail.com.xpi
Download Statusbar - extension - {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - C:\Users\LuboÅ¡\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
1-Click YouTube Video Downloader - extension - YoutubeDownloader@PeterOlayev.com - C:\Users\LuboÅ¡\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi
Download Status Bar - extension - {6c28e999-e900-4635-a39d-b1ec90ba0c0f} - C:\Users\LuboÅ¡\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\LuboÅ¡\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Flash Video Downloader - YouTube HD Download [4K] - extension - artur.dubovoy@gmail.com - C:\Users\LuboÅ¡\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\extensions\artur.dubovoy@gmail.com
Avast Online Security - webextension - wrc@avast.com - C:\Users\LuboÅ¡\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\extensions\wrc@avast.com.xpi
Avast SafePrice - webextension - sp@avast.com - C:\Users\LuboÅ¡\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\extensions\sp@avast.com.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\Luboš\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\pluginreg.dat
Plugin - Shockwave Flash - 25.0.0.171 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll

=========Google Chrome=========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

======Registry dump ======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTer ... -SearchBox
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}]
"URL"=http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E24A113-F2DE-4285-9286-DC9509B2B99E}]
"URL"=http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}]
"URL"=http://www.google.com/search?q={searchT ... utEncoding?}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24 430592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21 440712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-19 461888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-19 173120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21 416320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24 430592]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-18 14021336]
"HPSYSDRV"=C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [2008-11-20 62768]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2017-03-09 193112]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2017-03-09 420960]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2017-03-09 463960]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-05-07 213824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"OneDrive"=C:\Users\Luboš\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-04-12 1518808]
"EPLTarget\P0000000000000000"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [2013-12-03 283232]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"=C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [2010-02-11 710656]
"EEventManager"=C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2010-08-30 979328]
"BlueStacks Agent"=C:\Program Files (x86)\BlueStacks\HD-Agent.exe []
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe []
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-05-20 595992]
"ZoneAlarm"=C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [2017-02-14 144696]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2017-02-15 1193728]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Office Startup.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath" = %SystemRoot%\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2017-05-22 20:43:54 ----D---- C:\Program Files\trend micro
2017-05-22 20:43:52 ----D---- C:\rsit
2017-05-22 12:14:36 ----D---- C:\ProgramData\ESET
2017-05-22 06:51:17 ----A---- C:\WINDOWS\system32\sdnclean64.exe
2017-05-22 06:51:16 ----D---- C:\ProgramData\Spybot - Search & Destroy
2017-05-22 06:51:13 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-22 06:50:07 ----D---- C:\ProgramData\SWCUTemp
2017-05-10 07:53:13 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2017-05-10 07:53:13 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2017-05-10 07:53:12 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2017-05-10 07:53:12 ----A---- C:\WINDOWS\SYSWOW64\WSSync.dll
2017-05-10 07:53:12 ----A---- C:\WINDOWS\SYSWOW64\WSShared.dll
2017-05-10 07:53:12 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2017-05-10 07:53:12 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2017-05-10 07:53:12 ----A---- C:\WINDOWS\SYSWOW64\crypt32.dll
2017-05-10 07:53:12 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2017-05-10 07:53:11 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2017-05-10 07:53:11 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2017-05-10 07:53:11 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2017-05-10 07:53:11 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2017-05-10 07:53:11 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2017-05-10 07:53:10 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2017-05-10 07:53:10 ----A---- C:\WINDOWS\SYSWOW64\schannel.dll
2017-05-10 07:53:10 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2017-05-10 07:53:09 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2017-05-10 07:53:09 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2017-05-10 07:53:09 ----A---- C:\WINDOWS\SYSWOW64\oemlicense.dll
2017-05-10 07:53:09 ----A---- C:\WINDOWS\SYSWOW64\CertEnroll.dll
2017-05-10 07:53:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2017-05-10 07:53:07 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2017-05-10 07:53:07 ----A---- C:\WINDOWS\SYSWOW64\OpcServices.dll
2017-05-10 07:53:07 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2017-05-10 07:53:07 ----A---- C:\WINDOWS\SYSWOW64\apprepapi.dll
2017-05-10 07:53:06 ----A---- C:\WINDOWS\SYSWOW64\OneDriveSettingSyncProvider.dll
2017-05-10 07:53:06 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2017-05-10 07:53:06 ----A---- C:\WINDOWS\SYSWOW64\apprepsync.dll
2017-05-10 07:53:05 ----A---- C:\WINDOWS\SYSWOW64\odbcconf.dll
2017-05-10 07:53:05 ----A---- C:\WINDOWS\SYSWOW64\ExplorerFrame.dll
2017-05-10 07:53:05 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_47.dll
2017-05-10 07:53:02 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2017-05-10 07:53:02 ----A---- C:\WINDOWS\SYSWOW64\gdi32.dll
2017-05-10 07:53:00 ----A---- C:\WINDOWS\SYSWOW64\licensingdiag.exe
2017-05-10 07:53:00 ----A---- C:\WINDOWS\SYSWOW64\GamePanel.exe
2017-05-10 07:52:59 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-05-10 07:52:59 ----A---- C:\WINDOWS\SYSWOW64\IdCtrls.dll
2017-05-10 07:52:57 ----A---- C:\WINDOWS\system32\sppsvc.exe
2017-05-10 07:52:56 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-10 07:52:52 ----A---- C:\WINDOWS\system32\WWAHost.exe
2017-05-10 07:52:52 ----A---- C:\WINDOWS\system32\wuuhext.dll
2017-05-10 07:52:52 ----A---- C:\WINDOWS\system32\usocore.dll
2017-05-10 07:52:52 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2017-05-10 07:52:52 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2017-05-10 07:52:52 ----A---- C:\WINDOWS\system32\MusNotification.exe
2017-05-10 07:52:51 ----A---- C:\WINDOWS\system32\wuaueng.dll
2017-05-10 07:52:51 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-05-10 07:52:51 ----A---- C:\WINDOWS\system32\CertEnroll.dll
2017-05-10 07:52:46 ----A---- C:\WINDOWS\system32\fvewiz.dll
2017-05-10 07:52:45 ----A---- C:\WINDOWS\system32\drivers\srv2.sys
2017-05-10 07:52:45 ----A---- C:\WINDOWS\system32\drivers\srv.sys
2017-05-10 07:52:21 ----A---- C:\WINDOWS\SYSWOW64\WpcWebFilter.dll
2017-05-10 07:52:21 ----A---- C:\WINDOWS\system32\wksprtPS.dll
2017-05-10 07:52:20 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2017-05-10 07:52:20 ----A---- C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-10 07:52:20 ----A---- C:\WINDOWS\system32\rdpudd.dll
2017-05-10 07:52:20 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2017-05-10 07:52:19 ----A---- C:\WINDOWS\system32\KernelBase.dll
2017-05-10 07:52:19 ----A---- C:\WINDOWS\system32\IKEEXT.DLL
2017-05-10 07:52:19 ----A---- C:\WINDOWS\system32\dbgeng.dll
2017-05-10 07:52:18 ----A---- C:\WINDOWS\system32\oleaut32.dll
2017-05-10 07:52:18 ----A---- C:\WINDOWS\system32\mos.dll
2017-05-10 07:52:17 ----A---- C:\WINDOWS\system32\windows.storage.dll
2017-05-10 07:52:16 ----A---- C:\WINDOWS\system32\shell32.dll
2017-05-10 07:52:15 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-05-10 07:52:14 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-10 07:52:14 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-05-10 07:52:13 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2017-05-10 07:52:13 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2017-05-10 07:52:12 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2017-05-10 07:52:12 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2017-05-10 07:52:12 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2017-05-10 07:52:12 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2017-05-10 07:52:10 ----A---- C:\WINDOWS\system32\msfeeds.dll
2017-05-10 07:52:10 ----A---- C:\WINDOWS\system32\aadtb.dll
2017-05-10 07:52:09 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2017-05-10 07:52:09 ----A---- C:\WINDOWS\system32\urlmon.dll
2017-05-10 07:52:08 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2017-05-10 07:52:08 ----A---- C:\WINDOWS\system32\WSSync.dll
2017-05-10 07:52:08 ----A---- C:\WINDOWS\system32\ieetwcollector.exe
2017-05-10 07:52:07 ----A---- C:\WINDOWS\system32\OpcServices.dll
2017-05-10 07:52:06 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2017-05-10 07:52:06 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2017-05-10 07:52:06 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2017-05-10 07:52:05 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2017-05-10 07:52:05 ----A---- C:\WINDOWS\system32\iertutil.dll
2017-05-10 07:52:04 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2017-05-10 07:52:04 ----A---- C:\WINDOWS\system32\odbcconf.dll
2017-05-10 07:52:04 ----A---- C:\WINDOWS\system32\jscript9.dll
2017-05-10 07:52:03 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2017-05-10 07:52:03 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2017-05-10 07:52:03 ----A---- C:\WINDOWS\system32\WUDFPlatform.dll
2017-05-10 07:52:03 ----A---- C:\WINDOWS\system32\WSShared.dll
2017-05-10 07:52:03 ----A---- C:\WINDOWS\system32\WSService.dll
2017-05-10 07:52:03 ----A---- C:\WINDOWS\system32\wininet.dll
2017-05-10 07:52:02 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-05-10 07:52:02 ----A---- C:\WINDOWS\system32\schannel.dll
2017-05-10 07:52:02 ----A---- C:\WINDOWS\system32\MrmCoreR.dll
2017-05-10 07:52:02 ----A---- C:\WINDOWS\system32\browserbroker.dll
2017-05-10 07:52:01 ----A---- C:\WINDOWS\system32\rpcss.dll
2017-05-10 07:52:01 ----A---- C:\WINDOWS\system32\ole32.dll
2017-05-10 07:52:00 ----A---- C:\WINDOWS\system32\mshtmled.dll
2017-05-10 07:52:00 ----A---- C:\WINDOWS\system32\iepeers.dll
2017-05-10 07:52:00 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2017-05-10 07:52:00 ----A---- C:\WINDOWS\system32\dxtrans.dll
2017-05-10 07:51:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2017-05-10 07:51:59 ----A---- C:\WINDOWS\system32\Chakra.dll
2017-05-10 07:51:58 ----A---- C:\WINDOWS\system32\webcheck.dll
2017-05-10 07:51:58 ----A---- C:\WINDOWS\system32\ieproxy.dll
2017-05-10 07:51:58 ----A---- C:\WINDOWS\system32\edgehtml.dll
2017-05-10 07:51:57 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2017-05-10 07:51:56 ----A---- C:\WINDOWS\system32\vbscript.dll
2017-05-10 07:51:56 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2017-05-10 07:51:55 ----A---- C:\WINDOWS\system32\lsasrv.dll
2017-05-10 07:51:55 ----A---- C:\WINDOWS\system32\crypt32.dll
2017-05-10 07:51:55 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-10 07:51:55 ----A---- C:\WINDOWS\system32\combase.dll
2017-05-10 07:51:54 ----A---- C:\WINDOWS\system32\mshtml.dll
2017-05-10 07:51:49 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2017-05-10 07:51:46 ----A---- C:\WINDOWS\system32\browser_broker.exe
2017-05-10 07:51:45 ----A---- C:\WINDOWS\system32\oemlicense.dll
2017-05-10 07:51:45 ----A---- C:\WINDOWS\system32\dpapisrv.dll
2017-05-10 07:51:45 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2017-05-10 07:51:44 ----A---- C:\WINDOWS\system32\win32kbase.sys
2017-05-10 07:51:44 ----A---- C:\WINDOWS\system32\sppwinob.dll
2017-05-10 07:51:44 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2017-05-10 07:51:44 ----A---- C:\WINDOWS\system32\ClipUp.exe
2017-05-10 07:51:44 ----A---- C:\WINDOWS\system32\certcli.dll
2017-05-10 07:51:44 ----A---- C:\WINDOWS\system32\apprepapi.dll
2017-05-10 07:51:43 ----A---- C:\WINDOWS\system32\winsrv.dll
2017-05-10 07:51:43 ----A---- C:\WINDOWS\system32\sppobjs.dll
2017-05-10 07:51:43 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-10 07:51:43 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-10 07:51:43 ----A---- C:\WINDOWS\system32\IdCtrls.dll
2017-05-10 07:51:43 ----A---- C:\WINDOWS\system32\apprepsync.dll
2017-05-10 07:51:42 ----A---- C:\WINDOWS\system32\win32kfull.sys
2017-05-10 07:51:42 ----A---- C:\WINDOWS\system32\fdProxy.dll
2017-05-10 07:51:42 ----A---- C:\WINDOWS\system32\cryptui.dll
2017-05-10 07:51:41 ----A---- C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-10 07:51:41 ----A---- C:\WINDOWS\system32\gdi32.dll
2017-05-10 07:51:41 ----A---- C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-10 07:51:39 ----A---- C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-05-10 07:51:39 ----A---- C:\WINDOWS\system32\GamePanel.exe
2017-05-10 07:51:38 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-05-10 07:51:38 ----A---- C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-05-10 07:51:37 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2017-05-10 07:51:36 ----A---- C:\WINDOWS\SYSWOW64\UIRibbonRes.dll
2017-05-10 07:51:36 ----A---- C:\WINDOWS\system32\reseteng.dll
2017-05-10 07:51:36 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2017-05-10 07:51:35 ----A---- C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-10 07:51:35 ----A---- C:\WINDOWS\system32\licensingdiag.exe
2017-05-07 18:19:04 ----A---- C:\WINDOWS\system32\aswBoot.exe

====== List of files/folders modified in the last 1 month ======

2017-05-22 20:44:40 ----HD---- C:\ProgramData
2017-05-22 20:44:35 ----SD---- C:\Users\Luboš\AppData\Roaming\Microsoft
2017-05-22 20:44:34 ----D---- C:\Program Files (x86)\Common Files
2017-05-22 20:44:03 ----D---- C:\WINDOWS\Prefetch
2017-05-22 20:43:54 ----RD---- C:\Program Files
2017-05-22 20:43:38 ----D---- C:\WINDOWS\Temp
2017-05-22 20:38:47 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-22 20:38:46 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-05-22 20:02:00 ----D---- C:\WINDOWS\system32\sru
2017-05-22 12:15:31 ----SHD---- C:\WINDOWS\Installer
2017-05-22 12:15:31 ----D---- C:\WINDOWS\system32\drivers
2017-05-22 12:15:30 ----D---- C:\WINDOWS\system32\DriverStore
2017-05-22 12:15:30 ----D---- C:\WINDOWS\INF
2017-05-22 12:15:10 ----HD---- C:\WINDOWS\ELAMBKUP
2017-05-22 12:14:36 ----D---- C:\Program Files\ESET
2017-05-22 10:26:34 ----RD---- C:\WINDOWS\assembly
2017-05-22 08:59:59 ----D---- C:\WINDOWS\system32\config
2017-05-22 08:54:49 ----D---- C:\WINDOWS\WinSxS
2017-05-22 08:54:48 ----D---- C:\WINDOWS\Microsoft.NET
2017-05-22 07:58:16 ----AD---- C:\WINDOWS
2017-05-22 07:58:16 ----A---- C:\WINDOWS\wininit.ini
2017-05-22 07:12:28 ----D---- C:\Program Files\Common Files\AV
2017-05-22 06:51:28 ----D---- C:\WINDOWS\system32\Tasks
2017-05-22 06:51:21 ----SD---- C:\ProgramData\Microsoft
2017-05-22 06:51:17 ----D---- C:\WINDOWS\System32
2017-05-22 06:51:13 ----RD---- C:\Program Files (x86)
2017-05-22 02:38:41 ----D---- C:\WINDOWS\AppReadiness
2017-05-22 02:33:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-22 02:29:47 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2017-05-22 02:27:57 ----A---- C:\WINDOWS\win.ini
2017-05-22 02:27:10 ----D---- C:\ProgramData\PDFC
2017-05-21 13:18:40 ----D---- C:\Program Files (x86)\Xilisoft
2017-05-21 13:18:39 ----D---- C:\WINDOWS\SysWOW64
2017-05-21 13:15:31 ----D---- C:\Program Files\PhotoAcute3
2017-05-21 13:13:49 ----D---- C:\Program Files (x86)\SVI
2017-05-21 13:11:29 ----D---- C:\Program Files (x86)\MetMedic
2017-05-21 13:10:50 ----D---- C:\Program Files (x86)\RegiStax 6
2017-05-21 08:04:52 ----SHD---- C:\System Volume Information
2017-05-21 06:09:26 ----HD---- C:\Program Files\WindowsApps
2017-05-20 15:58:44 ----D---- C:\Users\Luboš\AppData\Roaming\vlc
2017-05-20 12:03:11 ----D---- C:\Program Files (x86)\Opera
2017-05-19 12:27:54 ----A---- C:\Users\Luboš\AppData\Roaming\PLGComp.ini
2017-05-19 07:34:34 ----D---- C:\Program Files (x86)\foobar2000
2017-05-19 07:32:37 ----D---- C:\Program Files\Amira 5.3.3
2017-05-19 07:28:26 ----D---- C:\Users\Luboš\AppData\Roaming\uTorrent
2017-05-18 14:48:46 ----D---- C:\WINDOWS\Tasks
2017-05-17 16:47:53 ----D---- C:\ProgramData\Package Cache
2017-05-17 16:47:53 ----D---- C:\Program Files\Engelmann Media
2017-05-17 16:47:53 ----D---- C:\Program Files\Common Files
2017-05-17 16:46:11 ----D---- C:\Program Files\Common Files\IIS Shared
2017-05-17 16:45:32 ----D---- C:\Program Files (x86)\EA Sports
2017-05-17 16:44:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2017-05-17 16:43:21 ----D---- C:\IPWIN60
2017-05-17 16:38:49 ----D---- C:\Program Files (x86)\Astra Image 3.0 Pro
2017-05-17 16:38:38 ----D---- C:\Program Files (x86)\Ashampoo
2017-05-14 23:24:49 ----D---- C:\Program Files (x86)\CDBurnerXP
2017-05-14 19:10:44 ----D---- C:\Users\Luboš\AppData\Roaming\dvdcss
2017-05-12 07:49:00 ----D---- C:\WINDOWS\rescache
2017-05-11 09:28:46 ----D---- C:\WINDOWS\system32\catroot2
2017-05-11 01:04:18 ----SD---- C:\WINDOWS\SYSWOW64\F12
2017-05-11 01:04:18 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2017-05-11 01:04:14 ----SD---- C:\WINDOWS\system32\F12
2017-05-11 01:04:14 ----D---- C:\WINDOWS\system32\migration
2017-05-11 01:04:14 ----D---- C:\WINDOWS\system32\cs-CZ
2017-05-11 01:04:12 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2017-05-11 01:04:12 ----D---- C:\WINDOWS\PolicyDefinitions
2017-05-11 01:04:12 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2017-05-11 01:04:12 ----D---- C:\Program Files (x86)\Windows Defender
2017-05-11 01:04:12 ----D---- C:\Program Files (x86)\Internet Explorer
2017-05-11 01:04:11 ----D---- C:\Program Files\Windows Photo Viewer
2017-05-11 01:04:11 ----D---- C:\Program Files\Windows Defender
2017-05-11 01:04:11 ----D---- C:\Program Files\Internet Explorer
2017-05-11 01:04:10 ----D---- C:\WINDOWS\system32\Boot
2017-05-10 08:48:15 ----D---- C:\WINDOWS\CbsTemp
2017-05-10 08:48:01 ----D---- C:\WINDOWS\system32\MRT
2017-05-10 08:45:05 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-05-09 10:21:04 ----D---- C:\WINDOWS\system32\Macromed
2017-05-09 10:21:02 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-04-29 02:51:52 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2017-04-28 06:23:35 ----A---- C:\WINDOWS\SYSWOW64\PrintConfig.dll

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [2017-05-07 190256]
R0 aswblog;aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [2017-05-07 334576]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [2017-05-07 49016]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2017-05-07 75704]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2017-05-07 339696]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [2017-05-07 311808]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2017-05-07 32600]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2017-05-07 101152]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2017-05-07 1007160]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2017-05-07 569192]
R1 dtsoftbus01;@oem14.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2014-12-26 283064]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2017-03-09 132848]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2017-03-09 178056]
R1 epfwwfpr;epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [2017-03-09 77224]
R1 NetworkX;NetworkX; C:\WINDOWS\System32\ckldrv.sys [2010-03-19 30272]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2017-05-07 128648]
R3 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2016-06-19 175616]
R3 rt640x64;@oem183.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-08-07 896752]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2017-03-09 14880]
S2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2010-07-27 75648]
S2 aksfridge;aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [2010-09-27 131072]
S2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2017-05-13 158880]
S2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2009-03-13 318464]
S3 aswHwid;aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [2017-05-07 38296]
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2015-10-24 22200]
S3 HyperVideo;HyperVideo; C:\WINDOWS\system32\DRIVERS\HyperVideo.sys [2015-10-30 26112]
S3 massfilter_hs;@oem4.inf,%filter.SvcDesc%;HS HandSet Mass Storage Filter Driver; C:\WINDOWS\System32\drivers\massfilter_hs.sys [2012-01-10 18456]
S3 netvsc;netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [2015-10-30 108032]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; %windir%\system32\svchost.exe -k apphost;"ServiceDll" = %windir%\system32\inetsrv\apphostsvc.dll
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-05-07 263304]
R2 CrypKey License;CrypKey License; C:\Windows\system32\crypserv.exe [2010-03-18 126976]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2017-03-09 2624856]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-12-03 151648]
R2 hasplms;Sentinel HASP License Manager; C:\Windows\system32\hasplms.exe [2010-09-27 4180576]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2017-04-07 33640]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-04-11 277784]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2016-06-19 26624]
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\nlssrv32.exe [2010-12-07 66560]
R2 OneSyncSvc_23ffd0;Hostitel synchronizace_23ffd0; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2017-02-15 1719552]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-09-21 4088608]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2015-04-28 1102472]
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
S2 OneSyncSvc_1424ffc4;Hostitel synchronizace_1424ffc4; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_1c3a343;Hostitel synchronizace_1c3a343; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_1c711;Hostitel synchronizace_1c711; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_36dc71d;Hostitel synchronizace_36dc71d; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_37f4c1ca;Hostitel synchronizace_37f4c1ca; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_43bb748a;Hostitel synchronizace_43bb748a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_56c6110;Hostitel synchronizace_56c6110; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_5a760;Hostitel synchronizace_5a760; C:\Windows\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_67ebe64;Hostitel synchronizace_67ebe64; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_73aa85f;Hostitel synchronizace_73aa85f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_eddd88;Hostitel synchronizace_eddd88; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 OneSyncSvc_f9899a7;Hostitel synchronizace_f9899a7; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-11-24 235984]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2014-09-04 72704]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-10-30 51376]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-05-07 7346208]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-23 43696]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MessagingService_1424ffc4;Služba zasílání zpráv_1424ffc4; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_1c3a343;Služba zasílání zpráv_1c3a343; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_1c711;Služba zasílání zpráv_1c711; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_23ffd0;Služba zasílání zpráv_23ffd0; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_36dc71d;Služba zasílání zpráv_36dc71d; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_37f4c1ca;Služba zasílání zpráv_37f4c1ca; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_43bb748a;Služba zasílání zpráv_43bb748a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_56c6110;Služba zasílání zpráv_56c6110; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_67ebe64;Služba zasílání zpráv_67ebe64; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_73aa85f;Služba zasílání zpráv_73aa85f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_eddd88;Služba zasílání zpráv_eddd88; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MessagingService_f9899a7;Služba zasílání zpráv_f9899a7; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-05-22 173512]
S3 PimIndexMaintenanceSvc_1424ffc4;Data kontaktů_1424ffc4; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_1c3a343;Data kontaktů_1c3a343; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_1c711;Data kontaktů_1c711; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_23ffd0;Data kontaktů_23ffd0; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_36dc71d;Data kontaktů_36dc71d; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_37f4c1ca;Data kontaktů_37f4c1ca; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_43bb748a;Data kontaktů_43bb748a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_56c6110;Data kontaktů_56c6110; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_67ebe64;Data kontaktů_67ebe64; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_73aa85f;Data kontaktů_73aa85f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_eddd88;Data kontaktů_eddd88; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PimIndexMaintenanceSvc_f9899a7;Data kontaktů_f9899a7; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =

-----------------EOF-----------------

#4 Příspěvek od **Roli** » 23 kvě 2017 16:43

V první řadě nemůže být v systému více jak jeden antivir, Ty tam máš dva Avast a Nod jeden musí pryč.

Dále také odinstaluj Spybot - SD.

Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\WINDOWS\tasks\LERJFJX.job
C:\Users\Luboš\AppData\Roaming\LERJFJX.exe
C:\WINDOWS\tasks\PKFZBI.job
C:\Users\Luboš\AppData\Roaming\PKFZBI.exe

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem zkopíruj obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

Stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.

dreyfus · #5 Příspěvek od **dreyfus** » 23 kvě 2017 23:51

Díky. Udělal jsem, jak jsi napsal. Zde jsou výsledky:

OTMoveIt

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\WINDOWS\tasks\LERJFJX.job moved successfully.
File/Folder C:\Users\Luboš\AppData\Roaming\LERJFJX.exe not found.
C:\WINDOWS\tasks\PKFZBI.job moved successfully.
File/Folder C:\Users\Luboš\AppData\Roaming\PKFZBI.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default.migrated

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: Luba
->Temp folder emptied: 33437677 bytes
->Temporary Internet Files folder emptied: 335227 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 31314113 bytes
->Flash cache emptied: 57311 bytes

User: Luboš
->Temp folder emptied: 1211815 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 85717131 bytes
->Flash cache emptied: 57983 bytes

User: Lubo�
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 230824 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 145,00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 05242017_001809

Files moved on Reboot...
C:\Users\Luboš\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\AvLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20160705130505.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20160705130507.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20160705130513.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20160921130557.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20160921130558.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20161016150259.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20161016150301.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20161016150309.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20161017150336.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20161017150337.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170303065307.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170303065309.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170303065317.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170313072141.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170313072143.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170420072340.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170420072341.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170420072346.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170507181948.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170507181950.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170507181955.log scheduled to be moved on reboot.
File C:\WINDOWS\temp\ZLT05016.TMP not found!

Registry entries deleted on Reboot...

AdwCleaner

# AdwCleaner v6.047 - Log vytvořen 24/05/2017 v 00:42:49
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-05-23.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Luboš - LUBOSHP
# Spuštěno z : C:\Users\Luboš\Downloads\adwcleaner_6.047.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

[-] Služba smazána: DrvAgent64

***** [ Složky ] *****

[-] Složka smazána: C:\Users\Luboš\AppData\Local\eSupport.com
[-] Složka smazána: C:\Users\Luboš\AppData\Local\FileViewPro
[-] Složka smazána: C:\Users\Luboš\AppData\Local\PackageAware
[-] Složka smazána: C:\Users\Luboš\AppData\LocalLow\Check Point Software Technologies LTD
[-] Složka smazána: C:\Users\Luboš\AppData\LocalLow\SimplyTech
[-] Složka smazána: C:\Users\Luboš\AppData\Roaming\ARecEngine
[-] Složka smazána: C:\Users\Luboš\AppData\Roaming\Check Point Software Technologies LTD
[-] Složka smazána: C:\Users\Luboš\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
[-] Složka smazána: C:\Program Files\FileViewPro
[-] Složka smazána: C:\ProgramData\apn
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[-] Složka smazána: C:\Program Files (x86)\Check Point Software Technologies LTD
[-] Složka smazána: C:\Program Files (x86)\eSupport.com
[-] Složka smazána: C:\Program Files (x86)\Protected Search

***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\Luboš\Desktop\Find Drivers with DriverAgent.lnk
[-] Soubor smazán: C:\WINDOWS\SysWOW64\drivers\DRVAGENT64.SYS
[-] Soubor smazán: C:\user.js
[-] Soubor smazán: C:\Users\Luboš\AppData\Roaming\Mozilla\Firefox\Profiles\i67pklbe.default\searchplugins\zonealarm.xml

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
[-] Klíč smazán: HKU\S-1-5-21-1419471673-2515690922-2824874919-1000\Software\Check Point Software Technologies LTD
[-] Klíč smazán: HKU\S-1-5-21-1419471673-2515690922-2824874919-1000\Software\eSupport.com
[-] Klíč smazán: HKU\S-1-5-21-1419471673-2515690922-2824874919-1000\Software\MediaProgramasGen
[-] Klíč smazán: HKU\S-1-5-21-1419471673-2515690922-2824874919-1000\Software\Softonic
[-] Klíč smazán: HKU\S-1-5-21-1419471673-2515690922-2824874919-1000\Software\AppDataLow\Software\simplytech
[#] Klíč smazán po restartu: HKU\S-1-5-21-1419471673-2515690922-2824874919-1000\Software\AppDataLow\Software\SIMPLYTECH
[#] Klíč smazán po restartu: HKCU\Software\Check Point Software Technologies LTD
[#] Klíč smazán po restartu: HKCU\Software\eSupport.com
[#] Klíč smazán po restartu: HKCU\Software\MediaProgramasGen
[#] Klíč smazán po restartu: HKCU\Software\Softonic
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\simplytech
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\SIMPLYTECH
[-] Klíč smazán: HKLM\SOFTWARE\Check Point Software Technologies LTD
[-] Klíč smazán: HKLM\SOFTWARE\GlobalUpdate
[-] Klíč smazán: HKLM\SOFTWARE\PIP
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverAgent_is1
[#] Klíč smazán po restartu: [x64] HKCU\Software\Check Point Software Technologies LTD
[#] Klíč smazán po restartu: [x64] HKCU\Software\eSupport.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\MediaProgramasGen
[#] Klíč smazán po restartu: [x64] HKCU\Software\Softonic
[#] Klíč smazán po restartu: [x64] HKCU\Software\AppDataLow\Software\simplytech
[#] Klíč smazán po restartu: [x64] HKCU\Software\AppDataLow\Software\SIMPLYTECH
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DisplayName]
[-] Hodnota smazána: HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [SuggestionsURL_JSON]
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[#] Hodnota smazána po restartu: [x64] HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DisplayName]
[#] Hodnota smazána po restartu: [x64] HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [SuggestionsURL_JSON]
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Klíč smazán: HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

***** [ Prohlížeče ] *****

[-] Firefox předvolby vyčištěny: "extensions.zonealarm.hmpgUrl" - "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=EN&gu=ecf8f7b146b64a0f93fc0eda63d53247&tu=10GXy00E22D13P0&sku=&tstsId=&ver=&"
[-] Firefox předvolby vyčištěny: "extensions.zonealarm.kw_url" - "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=ecf8f7b146b64a0f93fc0eda63d53247&tu=10GXy00E22D13P0&sku=&tstsId=&ver=&&q="
[-] Firefox předvolby vyčištěny: "extensions.zonealarm.newTabUrl" - "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=EN&gu=ecf8f7b146b64a0f93fc0eda63d53247&tu=10GXy00E22D13P0&sku=&tstsId=&ver=&"
[-] Firefox předvolby vyčištěny: "extensions.zonealarm.srchPrvdr" - "Search By ZoneAlarm"
[-] Firefox předvolby vyčištěny: "extensions.zonealarm.tlbrSrchUrl" - "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=ecf8f7b146b64a0f93fc0eda63d53247&tu=10GXy00E22D13P0&sku=&tstsId=&ver=&&q="

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8616 Bajty] - [24/05/2017 00:42:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [8633 Bajty] - [24/05/2017 00:41:14]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8762 Bajty] ##########

#6 Příspěvek od **Roli** » 24 kvě 2017 18:37

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.

Pak dej vědět jak se PC chová.

dreyfus · #7 Příspěvek od **dreyfus** » 25 kvě 2017 09:22

Bohužel se objevily dva problémy:
1. procesy "wsappx" a "DCOM" zabírají 50% času procesoru
2. levé tlačítko myši nad tlačítkem start nefunguje, nabídka start se nerozbalí

První problém se střídavě daří řešit mazáním klíčů v registru a vymazáním "HP support assistenta". S druhým problémem nehnu.

Ještě sem dám zprávu OTM po Cleanupu:

File/Folder avenger.* not found.
File/Folder Avenger not found.
File/Folder bfu.zip not found.
File/Folder BFU not found.
File/Folder combofix.* not found.
File/Folder combo-fix.* not found.
File/Folder ComboFix*.txt not found.
File/Folder ComboFix not found.
File/Folder erdnt\subs not found.
File/Folder QooBox not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File/Folder catchme.exe not found.
File/Folder fdsv.exe not found.
File/Folder grep.exe not found.
File/Folder mbr.exe not found.
File/Folder moveex.exe not found.
File/Folder nircmd.exe not found.
File/Folder pev.exe not found.
File/Folder sed.exe not found.
File/Folder swreg.exe not found.
File/Folder Swsc.exe not found.
File/Folder Swxcacls.exe not found.
File/Folder VFind.exe not found.
File/Folder WS2Fix.exe not found.
File/Folder zip.exe not found.
File/Folder tmp.reg not found.
File/Folder dds.* not found.
File/Folder dss.exe not found.
File/Folder Deckard not found.
File/Folder deljob.exe not found.
File/Folder deljob not found.
File/Folder logit.txt not found.
File/Folder FindAWF.exe not found.
File/Folder AWF.txt not found.
File/Folder fixwareout.exe not found.
File/Folder fixwareout not found.
File/Folder fsbl.exe not found.
File/Folder fsbl*.log not found.
File/Folder gmer.* not found.
File/Folder gmer_uninstall.cmd not found.
Error: No service named gmer was found to stop!
Service\Driver key gmer not found.
File/Folder haxfix.* not found.
File/Folder killbox.exe not found.
File/Folder !Killbox not found.
File/Folder NoLop.* not found.
File/Folder NoLopOLD.txt not found.
File/Folder delete.bat not found.
File/Folder OTH.* not found.
File/Folder OTListIt2.exe not found.
File/Folder OTListIt.txt not found.
File/Folder Extras.txt not found.
File/Folder _OTListIt not found.
File/Folder OTL.* not found.
File/Folder OTLPE.exe not found.
File/Folder _OTL not found.
File/Folder OTMoveIt.exe not found.
File/Folder OTMoveIt2.exe not found.
File/Folder OTMoveIt3.exe not found.
File delete failed. C:\Users\Luboš\Downloads\OTM.exe scheduled to be deleted on reboot.
C:\_OTM\MovedFiles\05242017_001809\C_WINDOWS\temp\_avast_\AvLock.txt deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_WINDOWS\temp\_avast_ folder deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_WINDOWS\temp\SafeZone Installer folder deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_WINDOWS\temp folder deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_WINDOWS\tasks\LERJFJX.job deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_WINDOWS\tasks\PKFZBI.job deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_WINDOWS\tasks folder deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_WINDOWS folder deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_Users\Luboš\AppData\Local\Microsoft\Windows\INetCache\counters.dat deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_Users\Luboš\AppData\Local\Microsoft\Windows\INetCache folder deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_Users\Luboš\AppData\Local\Microsoft\Windows folder deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_Users\Luboš\AppData\Local\Microsoft folder deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_Users\Luboš\AppData\Local folder deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_Users\Luboš\AppData folder deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_Users\Luboš folder deleted successfully.
C:\_OTM\MovedFiles\05242017_001809\C_Users folder deleted successfully.
C:\_OTM\MovedFiles\05242017_001809 folder deleted successfully.
C:\_OTM\MovedFiles\05242017_001809.log deleted successfully.
C:\_OTM\MovedFiles\05242017_001809.res deleted successfully.
C:\_OTM\MovedFiles folder deleted successfully.
C:\_OTM folder deleted successfully.
C:\rsit\info.txt deleted successfully.
C:\rsit\log.txt deleted successfully.
C:\rsit folder deleted successfully.
File delete failed. C:\Users\Luboš\Downloads\OTM.exe scheduled to be deleted on reboot.

#8 Příspěvek od **Roli** » 25 kvě 2017 17:40

Tak HP Support Assistent lze odinstalovat, de facto není k ničemu nebo jej zakázat po Startu a ve Službách.

Co se týče nabídky Start tam to bude horší, zřejmě ty breberky něco poškodili a po jejich smazání funkce chybí.
Zkus přes Příkazový řádek zadat :

sfc /scannow

jako admin a uvidíme zda to systém dokáže opravit.

dreyfus · #9 Příspěvek od **dreyfus** » 26 kvě 2017 05:47

Podle sfc /scannow je vše v pořádku. Zkoušel jsem i přeinstalovat součásti windows
Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}. Objevilo se pár chyb ohledně chybějícího "c:/AppXManifest.xml". Ale tlačítko Start je stále nefunkční. Vše nasvědčuje tomu, že za to může Windows Store.
Jinak se zdá, že vše funguje jak má. Firefox je zdá se plně funkční, tak nevím jestli mám kvůli tlačítku start přistoupit k reinstalaci windows?

#10 Příspěvek od **Roli** » 26 kvě 2017 18:33

Zkus vytvořit nový uživatelský profil zda bude ten problém i v něm.

dreyfus · #11 Příspěvek od **dreyfus** » 26 kvě 2017 22:12

Problém jsem vyřešil obnovením továrního nastavení.

Úkoly

C:\WINDOWS\tasks\LERJFJX.job
C:\WINDOWS\tasks\PKFZBI.job

byly podle googlu části viru Crossride, jak jsem pochopil. Takže přece jen jsem měl infikovaný PC.

Díky za pomoc.

#12 Příspěvek od **Roli** » 29 kvě 2017 17:28

dreyfus píše:Úkoly
C:\WINDOWS\tasks\LERJFJX.job
C:\WINDOWS\tasks\PKFZBI.job
byly podle googlu části viru Crossride, jak jsem pochopil. Takže přece jen jsem měl infikovaný PC.

Proto jsme je taky smázli.

dreyfus píše:Díky za pomoc.

Není zač a

VIRY.CZ

Podezřelý mail z Ruska s přiloženým souborem

Podezřelý mail z Ruska s přiloženým souborem

Re: Podezřelý mail z Ruska s přiloženým souborem

Re: Podezřelý mail z Ruska s přiloženým souborem

Re: Podezřelý mail z Ruska s přiloženým souborem

Re: Podezřelý mail z Ruska s přiloženým souborem

Re: Podezřelý mail z Ruska s přiloženým souborem

Re: Podezřelý mail z Ruska s přiloženým souborem

Re: Podezřelý mail z Ruska s přiloženým souborem

Re: Podezřelý mail z Ruska s přiloženým souborem

Re: Podezřelý mail z Ruska s přiloženým souborem

Re: Podezřelý mail z Ruska s přiloženým souborem

Re: Podezřelý mail z Ruska s přiloženým souborem