Stránka 1 z 2

prosim o kontrolu

Napsal: 07 pro 2017 10:53
od ahola
ahoj,
prosim o kontrolu, opat zacala v IE vyskakovat hlaska ze chce otvorit resp. ulozit nejaky subor uni.js

Logfile of random's system information tool 1.10 (written by random/random)
Run by Michal at 2017-12-07 10:46:27
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 163 GB (59%) free of 275 GB
Total RAM: 4008 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:46:35, on 7. 12. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\Michal\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Michal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\windows\SysWOW64\Userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
O4 - HKLM\..\Run: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
O4 - HKCU\..\Run: [Google Update] C:\Users\Michal\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MiPhoneManager] "C:\Users\Michal\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe"
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1554982330-1077266817-2899125201-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1554982330-1077266817-2899125201-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1554982330-1077266817-2899125201-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-1554982330-1077266817-2899125201-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: 7 Sticky Notes.lnk = C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SRS PC Sound.lnk = C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michal\Desktop\PartyPoker.lnk
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michal\Desktop\PartyPoker.lnk
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: @C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_core.dll,-101 (chromoting) - Spoločnosť Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12636 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\PHotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\PHotkey\GFNEXSrv.exe"
C:\windows\System32\spoolsv.exe
"taskhost.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\PHotkey\PHotkey.exe"
"C:\Program Files (x86)\PHotkey\MsgTranAgt.exe"
"C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe"
"C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe"
C:\windows\system32\CxAudMsg64.exe
C:\windows\SysWOW64\NLSSRV32.EXE
"C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe" runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w
"C:\Windows\system32\hkcmd.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2076
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" -D "C:/Program Files (x86)/PostgreSQL/8.4/data"
\??\C:\windows\system32\conhost.exe "11901119122604166661393481878-1008474938-1891918242-55665949913056341941479102111
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forklog" "712" "708"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkboot" "892" "-x3"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkboot" "908" "-x4"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkavlauncher" "892"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkcol" "908"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\system32\igfxpers.exe"
"C:\Program Files (x86)\PHotkey\PVDesktop.exe"
"C:\Program Files (x86)\PHotkey\PVDAgent.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\PHotkey\MsOsd.exe"
"C:\windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a0c3028d-13e4-46a6-a443-bc6246c7ad7c -SystemEventPortName:HostProcess-a0e9ec0e-4427-4b2e-af2d-847f77a6aa00 -IoCancelEventPortName:HostProcess-e7bc0820-614d-4767-91fa-687f327b56ca -NonStateChangingEventPortName:HostProcess-960f8409-965b-4b25-9441-5c1f95db52e9 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d1a25fb4-9b9c-4a33-997a-96389deff2bc -DeviceGroupId:
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
/fmw.trayonly
AVGUI.exe /nogui
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"C:\Users\Michal\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe"
"C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" -tray
"C:\Program Files\Logitech\SetPoint\SetPoint.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /h
"C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe"
"C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe"
KHALMNPR.EXE /API
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{9CE9C244-FA73-476D-8C92-0FE3C6F48FA0}
C:\windows\System32\svchost.exe -k LocalServicePeerNet
{1C7DEFAE-21BD-4D16-B315-1A2F48BF81F5}
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
{5B98AFCF-6796-49F5-A15E-258D559AB241}
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3708 CREDAT:275457 /prefetch:2
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3708 CREDAT:1914063 /prefetch:2
"C:\windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1554982330-1077266817-2899125201-10019_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1554982330-1077266817-2899125201-10019 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\Michal\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28 255088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28 193136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28 255088]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28 193136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"=C:\windows\KHALMNPR.EXE [2007-11-29 134160]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2014-01-29 171992]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2014-01-29 399832]
"Persistence"=C:\windows\system32\igfxpers.exe [2014-01-29 442328]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-12-14 316032]
"fspuip"=C:\Program Files\FSP\fspuip.exe [2010-11-08 4055552]
"AmIcoSinglun64"=c:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2013-04-19 374784]
"AvgUi"=C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [2017-10-31 239592]
"AVGUI.exe"=C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [2017-11-27 302744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Michal\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [2017-11-15 601680]
"ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2014-09-19 89600]
""= []
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-10-18 10021040]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-10-10 27832264]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"MiPhoneManager"=C:\Users\Michal\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [2017-08-10 146224]
"NokiaSuite.exe"=C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2014-11-19 1092448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-04 149040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
C:\Program Files (x86)\Samsung\Kies\Kies.exe [2013-04-23 1561968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2013-04-23 311152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KrosMeninyP]
True []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2011-06-30 74752]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-04-27 113288]
"AvgUi"=C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [2017-10-31 239592]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2013-04-19 374784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
SRS PC Sound.lnk - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
7 Sticky Notes.lnk - C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2014-01-29 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-01-09 76816]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=3

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-12-07 10:46:27 ----D---- C:\rsit
2017-12-04 22:14:44 ----SHD---- C:\$RECYCLE.BIN
2017-12-04 22:11:07 ----A---- C:\windows\zoek-delete.exe
2017-12-04 22:11:04 ----D---- C:\windows\Temp
2017-11-27 10:17:15 ----A---- C:\windows\system32\drivers\avgArPot.sys
2017-11-27 10:16:33 ----A---- C:\windows\system32\avgBoot.exe

======List of files/folders modified in the last 1 month======

2017-12-07 10:46:35 ----D---- C:\windows\Prefetch
2017-12-07 10:46:31 ----D---- C:\Program Files\trend micro
2017-12-07 10:46:03 ----D---- C:\Users\Michal\AppData\Roaming\BitComet
2017-12-07 10:42:43 ----D---- C:\Users\Michal\AppData\Roaming\Skype
2017-12-07 10:10:58 ----D---- C:\windows\system32\config
2017-12-07 10:02:45 ----D---- C:\windows\system32\Tasks
2017-12-07 10:01:13 ----A---- C:\windows\SYSWOW64\log.txt
2017-12-07 10:00:35 ----D---- C:\Users\Michal\AppData\Roaming\7 Sticky Notes
2017-12-06 21:32:40 ----A---- C:\blitzerr.txt
2017-12-04 22:12:58 ----D---- C:\Windows
2017-12-04 22:07:42 ----D---- C:\windows\system32\drivers\etc
2017-12-04 22:05:59 ----SHD---- C:\System Volume Information
2017-12-04 22:02:40 ----D---- C:\windows\SysWOW64
2017-12-03 09:49:09 ----SHD---- C:\windows\Installer
2017-11-30 14:40:52 ----D---- C:\windows\system32\drivers
2017-11-30 14:40:52 ----D---- C:\Program Files (x86)
2017-11-30 10:52:03 ----D---- C:\ProgramData\Skype
2017-11-27 10:19:03 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2017-11-27 10:18:53 ----D---- C:\windows\system32\Macromed
2017-11-27 10:18:47 ----D---- C:\windows\SYSWOW64\Macromed
2017-11-27 10:16:33 ----D---- C:\windows\system32
2017-11-25 16:30:34 ----HD---- C:\ProgramData
2017-11-20 19:51:13 ----D---- C:\windows\inf
2017-11-20 19:51:13 ----A---- C:\windows\system32\PerfStringBackup.INI
2017-11-16 10:19:23 ----D---- C:\windows\system32\catroot2
2017-11-15 14:38:00 ----D---- C:\Users\Michal\AppData\Roaming\MPC-HC
2017-11-13 10:47:48 ----D---- C:\Program Files\CCleaner
2017-11-08 10:56:10 ----D---- C:\windows\winsxs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 avgbidsh;avgbidsh; C:\windows\system32\drivers\avgbidsha.sys [2017-11-27 192584]
R0 avgblog;avgblog; C:\windows\system32\drivers\avgbloga.sys [2017-11-27 336896]
R0 avgbuniv;avgbuniv; C:\windows\system32\drivers\avgbuniva.sys [2017-11-27 51336]
R0 avgRvrt;avgRvrt; C:\windows\system32\drivers\avgRvrt.sys [2017-11-27 76832]
R0 avgVmm;avgVmm; C:\windows\system32\drivers\avgVmm.sys [2017-11-27 356880]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-09-13 437272]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-24 25960]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-07-27 834544]
R1 avgArPot;avgArPot; C:\windows\system32\drivers\avgArPot.sys [2017-11-27 176000]
R1 avgbdisk;avgbdisk; C:\windows\system32\drivers\avgbdiska.sys [2017-11-27 166624]
R1 avgbidsdriver;avgbidsdriver; C:\windows\system32\drivers\avgbidsdrivera.sys [2017-11-27 314640]
R1 avgRdr;avgRdr; C:\windows\system32\drivers\avgRdr2.sys [2017-11-27 102792]
R1 avgSnx;avgSnx; C:\windows\system32\drivers\avgSnx.sys [2017-11-27 1018648]
R1 avgSP;avgSP; C:\windows\system32\drivers\avgSP.sys [2017-11-27 447800]
R1 avgtp;avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [2014-04-27 50464]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 avgMonFlt;avgMonFlt; C:\windows\system32\drivers\avgMonFlt.sys [2017-11-27 140704]
R2 avgStm;avgStm; C:\windows\system32\drivers\avgStm.sys [2017-11-27 196392]
R2 PEGAGFN;PEGAGFN; \??\C:\Program Files (x86)\PHotkey\PEGAGFN.sys [2010-12-10 14344]
R3 acpials;ALS Sensor Filter; C:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2011-12-13 2797056]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-01-28 1581184]
R3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64; C:\windows\system32\DRIVERS\fspad_wlh64.sys [2010-11-08 68608]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2014-01-29 5363200]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\windows\system32\DRIVERS\LHidFilt.Sys [2007-11-29 54288]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\windows\system32\DRIVERS\LMouFilt.Sys [2007-11-29 56336]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 78848]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 180224]
S3 ALSysIO;ALSysIO; \??\C:\Users\Michal\AppData\Local\Temp\ALSysIO64.sys []
S3 AmUStor;AM USB Stroage Driver; C:\windows\system32\drivers\AmUStor.SYS [2013-04-24 109336]
S3 androidusb;Google Device Driver; C:\windows\System32\Drivers\wsadb.sys [2014-06-01 40808]
S3 avgHwid;avgHwid; C:\windows\system32\drivers\avgHwid.sys [2017-11-27 39424]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudbus.sys [2013-04-03 103064]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS []
S3 FARMNTIO;FARMNTIO; \??\c:\windows\system32\drivers\farmntio.sys [2010-06-03 24152]
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2010-09-22 48488]
S3 MGHwCtrl;MGHwCtrl; \??\c:\Utility\Silent\MGHwCtrl.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudmdm.sys [2013-04-03 203672]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudserd.sys [2013-04-03 203672]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
S3 WinUsb;Android USB Driver; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-09-27 83984]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [2010-12-10 104968]
R2 AVG Antivirus;AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [2017-11-27 282536]
R2 avgsvc;AVG Service; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2017-10-31 1428656]
R2 CxAudMsg;@C:\windows\system32\CxAudMsg64.exe,-100; C:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
R2 GFNEXSrv;GFNEX Service; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [2010-12-10 159752]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\windows\SysWOW64\NLSSRV32.EXE [2012-08-28 69640]
R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvvsvc.exe [2010-12-24 993896]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w []
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 avgbIDSAgent;avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [2017-11-27 7600584]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-07-18 317408]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2014-01-29 279000]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-15 194032]
S3 chromoting;@C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_core.dll,-101; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [2017-11-02 71512]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-03-01 111616]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-01-09 160272]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-04 267824]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-01-25 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2014-03-28 1255736]
S4 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Re: prosim o kontrolu

Napsal: 07 pro 2017 11:34
od JaRon
ahoj,
na zaciatok nainstaluj novu javu z www.java.com
restart a napis aky je stav ?

Re: prosim o kontrolu

Napsal: 11 pro 2017 21:58
od ahola
hlaska stale vyskakuje, momentalne je to cca jeden krat den.

Re: prosim o kontrolu

Napsal: 12 pro 2017 08:01
od JaRon
prescanuj PC s MBAM

Re: prosim o kontrolu

Napsal: 13 pro 2017 20:25
od ahola
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 13.12.17
Čas skenování: 14:21
Logovací soubor: 85127468-e008-11e7-9ea4-e0699541f353.json
Správce: Ano

-Informace o softwaru-
Verze: 3.3.1.2183
Verze komponentů: 1.0.262
Aktualizovat verzi balíku komponent: 1.0.3480
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Michal-MSICX640\Michal

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 338775
Zjištěné hrozby: 1
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 6 hod, 1 min, 50 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 1
PUP.Optional.BundleInstaller, C:\USERS\MICHAL\APPDATA\LOCAL\TEMP\BIT7F9F.TMP.EXE, Žádná uživatelská akce, [19], [458026],1.0.3480

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Re: prosim o kontrolu

Napsal: 13 pro 2017 21:57
od JaRon
Nechaj odstranit, restart a napis, aky je stav

Re: prosim o kontrolu

Napsal: 13 pro 2017 22:13
od ahola
odstranene, hlaska stale vyskakuje

Re: prosim o kontrolu

Napsal: 14 pro 2017 08:33
od JaRon

Re: prosim o kontrolu

Napsal: 14 pro 2017 10:29
od ahola
Zoek.exe v5.0.0.1 Updated 24-October-2017
Tool run by Michal on çt 14. 12. 2017 at 9:56:04,32.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Michal\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14. 12. 2017 10:00:16 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.centrum.sk/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... urceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... urceid=ie7
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... HP_skSK442

==== Reset Google Chrome ======================

C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Michal\AppData\Local\Temp will be emptied at reboot
C:\Users\postgres\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Michal\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on çt 14. 12. 2017 at 10:21:30,16 ======================

Re: prosim o kontrolu

Napsal: 14 pro 2017 12:09
od JaRon
uz je to OK ?
ak nie vloz oba logy FRST

Re: prosim o kontrolu

Napsal: 14 pro 2017 21:57
od ahola
ziadna zmena, obcas to v IE vyskoci

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
Ran by Michal (administrator) on MICHAL-MSICX640 (14-12-2017 21:44:45)
Running from C:\Users\Michal\Desktop
Loaded Profiles: UpdatusUser & Michal & postgres (Available Profiles: UpdatusUser & Michal & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Microsoft Corporation) C:\Windows\system32\rundll32.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\MsOsd.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
() C:\Users\Michal\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Fabio Martin) C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\windows\KHALMNPR.EXE [134160 2007-11-29] (Logitech, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [4055552 2010-11-08] (Sentelic Corporation)
HKLM\...\Run: [AmIcoSinglun64] => c:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-11-27] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1554982330-1077266817-2899125201-1000\...\Run: [ROC_JAN2013_TB] => "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB
HKU\S-1-5-21-1554982330-1077266817-2899125201-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-1554982330-1077266817-2899125201-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP
HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\...\Run: [Google Update] => C:\Users\Michal\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-15] (Google Inc.)
HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] ()
HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\...\Run: [] => [X]
HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\...\Run: [MiPhoneManager] => C:\Users\Michal\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [146224 2017-08-10] ()
HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1554982330-1077266817-2899125201-1006\...\Run: [ROC_JAN2013_TB] => "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB
HKU\S-1-5-21-1554982330-1077266817-2899125201-1006\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-1554982330-1077266817-2899125201-1006\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2011-07-26]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS PC Sound.lnk [2011-03-27]
ShortcutTarget: SRS PC Sound.lnk -> C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
Startup: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk [2011-11-03]
ShortcutTarget: 7 Sticky Notes.lnk -> C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe (Fabio Martin)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0A1BC192-E1C2-488C-8FDE-F180505762A4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D367C479-1275-46AB-A05D-6C077D262AD3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://fr.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.centrum.sk/
HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1554982330-1077266817-2899125201-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1554982330-1077266817-2899125201-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1554982330-1077266817-2899125201-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-07] (Oracle Corporation)
BHO-x32: Pomocník pri prihlasovaní v konte Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-07] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1554982330-1077266817-2899125201-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2011-07-28] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1554982330-1077266817-2899125201-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1554982330-1077266817-2899125201-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default [2017-12-14]
CHR Extension: (Prezentácie) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-14]
CHR Extension: (Dokumenty) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-14]
CHR Extension: (Disk Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-14]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-14]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-14]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-14]
CHR Extension: (Chrome Media Router) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-14]
StartMenuInternet: Google Chrome - C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2010-12-10] ()
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-11-27] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7600584 2017-11-27] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (http://www.BitComet.com)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [71512 2017-11-02] (Spoločnosť Google Inc.)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-12-10] ()
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [267824 2007-05-04] (Nero AG)
R2 postgresql-8.4; C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe [66048 2009-12-10] (PostgreSQL Global Development Group) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 stisvc; %SystemRoot%\System32\wiaservc.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\windows\System32\Drivers\wsadb.sys [40808 2014-06-01] (Google Inc)
R1 avgArPot; C:\windows\System32\drivers\avgArPot.sys [176000 2017-11-27] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\windows\System32\drivers\avgbdiska.sys [166624 2017-11-27] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\windows\System32\drivers\avgbidsdrivera.sys [314640 2017-11-27] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\windows\System32\drivers\avgbidsha.sys [192584 2017-11-27] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\windows\System32\drivers\avgbloga.sys [336896 2017-11-27] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\windows\System32\drivers\avgbuniva.sys [51336 2017-11-27] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\windows\System32\drivers\avgHwid.sys [39424 2017-11-27] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\windows\System32\drivers\avgMonFlt.sys [140704 2017-11-27] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\windows\System32\drivers\avgRdr2.sys [102792 2017-11-27] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\windows\System32\drivers\avgRvrt.sys [76832 2017-11-27] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\windows\System32\drivers\avgSnx.sys [1018648 2017-11-27] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\windows\System32\drivers\avgSP.sys [447800 2017-11-27] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\windows\System32\drivers\avgStm.sys [196392 2017-11-27] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-04-27] (AVG Technologies)
R0 avgVmm; C:\windows\System32\drivers\avgVmm.sys [356880 2017-11-27] (AVG Technologies CZ, s.r.o.)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [24152 2010-06-03] ()
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2010-12-10] (PEGATRON)
R0 sptd; C:\windows\System32\Drivers\sptd.sys [834544 2011-07-27] () [File not signed]
S3 ssudserd; C:\windows\System32\DRIVERS\ssudserd.sys [203672 2013-04-03] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
S3 ALSysIO; \??\C:\Users\Michal\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
S3 MGHwCtrl; \??\c:\Utility\Silent\MGHwCtrl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-14 21:44 - 2017-12-14 21:45 - 000022189 _____ C:\Users\Michal\Desktop\FRST.txt
2017-12-14 21:44 - 2017-12-14 21:44 - 000000000 ____D C:\FRST
2017-12-14 21:42 - 2017-12-14 21:43 - 000112640 _____ (forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe
2017-12-14 21:32 - 2017-12-14 21:32 - 002392064 _____ (Farbar) C:\Users\Michal\Desktop\FRST64.exe
2017-12-14 11:30 - 2017-12-14 12:22 - 000000000 ____D C:\Users\Michal\Desktop\Knightfall
2017-12-14 10:25 - 2017-12-14 10:25 - 000003758 _____ C:\windows\System32\Tasks\AutoKMS
2017-12-14 10:05 - 2017-12-14 09:55 - 000024064 _____ C:\windows\zoek-delete.exe
2017-12-07 13:24 - 2017-12-07 13:24 - 000000000 ____D C:\Users\Michal\AppData\Roaming\Sun
2017-12-03 21:11 - 2017-12-14 12:22 - 000000000 ____D C:\Users\Michal\Desktop\Marcella
2017-11-27 10:17 - 2017-11-27 10:17 - 000001938 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2017-11-27 10:17 - 2017-11-27 10:16 - 000176000 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgArPot.sys
2017-11-27 10:16 - 2017-11-27 10:16 - 000366288 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\avgBoot.exe
2017-11-17 15:04 - 2017-12-03 09:48 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-14 21:41 - 2017-05-06 20:08 - 078713542 _____ C:\blitzerr.txt
2017-12-14 21:27 - 2011-07-26 17:35 - 000000000 ____D C:\Users\Michal\AppData\Roaming\Skype
2017-12-14 12:22 - 2011-07-27 14:53 - 000000000 ____D C:\Users\Michal\AppData\Roaming\BitComet
2017-12-14 10:36 - 2017-10-22 18:27 - 000005044 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Michal-MSICX640-Michal Michal-MSICX640
2017-12-14 10:28 - 2009-07-14 05:45 - 000009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-14 10:28 - 2009-07-14 05:45 - 000009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-14 10:24 - 2011-03-27 07:08 - 000000000 ____D C:\Users\UpdatusUser
2017-12-14 10:23 - 2011-11-02 17:16 - 000000000 ____D C:\Users\Michal\AppData\Roaming\7 Sticky Notes
2017-12-14 10:21 - 2011-07-29 09:46 - 000000000 ____D C:\Users\postgres
2017-12-14 10:21 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-12-14 09:05 - 2016-09-20 10:35 - 000003600 _____ C:\windows\System32\Tasks\AVG EUpdate Task
2017-12-14 07:41 - 2014-01-28 16:34 - 000029102 _____ C:\Users\Michal\Desktop\ppm hadzana.xlsx
2017-12-14 07:28 - 2017-11-10 23:29 - 000000000 ____D C:\Users\Michal\Desktop\Belfer (2017)
2017-12-14 06:38 - 2011-07-26 21:59 - 000002428 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-13 22:11 - 2014-05-08 22:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-07 13:26 - 2014-10-22 10:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-07 13:26 - 2013-10-19 07:02 - 000000000 ____D C:\ProgramData\Oracle
2017-12-07 13:26 - 2013-06-25 09:31 - 000000000 ____D C:\Program Files (x86)\Java
2017-12-07 13:23 - 2015-01-22 12:22 - 000097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2017-12-07 10:46 - 2014-03-30 16:16 - 000000000 ____D C:\Program Files\trend micro
2017-11-30 23:05 - 2011-07-27 17:22 - 000000000 ____D C:\Users\Michal\Desktop\Filmy stiahnuť
2017-11-30 22:56 - 2017-04-03 19:31 - 000004178 _____ C:\windows\System32\Tasks\Antivirus Emergency Update
2017-11-30 10:52 - 2011-07-26 17:35 - 000000000 ____D C:\ProgramData\Skype
2017-11-28 20:56 - 2017-06-21 21:07 - 000000000 ____D C:\Users\Michal\AppData\Local\CrashDumps
2017-11-27 10:20 - 2014-08-20 19:33 - 000000000 ____D C:\Users\Michal\AppData\Local\Adobe
2017-11-27 10:19 - 2012-03-30 10:57 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-11-27 10:19 - 2011-07-28 22:14 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-27 10:18 - 2011-11-11 19:32 - 000000000 ____D C:\windows\system32\Macromed
2017-11-27 10:18 - 2011-03-27 07:35 - 000000000 ____D C:\windows\SysWOW64\Macromed
2017-11-27 10:17 - 2017-04-24 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-11-27 10:17 - 2017-04-03 19:31 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSP.sys
2017-11-27 10:16 - 2017-04-03 19:31 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSP.sys.151177424487802
2017-11-27 10:16 - 2017-04-03 19:31 - 000356880 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgVmm.sys
2017-11-27 10:16 - 2017-04-03 19:31 - 000196392 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgStm.sys
2017-11-27 10:16 - 2017-04-03 19:31 - 000140704 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgMonFlt.sys
2017-11-27 10:16 - 2017-04-03 19:31 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRvrt.sys
2017-11-27 10:16 - 2017-04-03 19:31 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgHwid.sys
2017-11-27 10:15 - 2017-04-03 19:31 - 001018648 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSnx.sys
2017-11-27 10:15 - 2017-04-03 19:31 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRdr2.sys
2017-11-27 10:14 - 2017-04-03 19:31 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbloga.sys
2017-11-27 10:14 - 2017-04-03 19:31 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsdrivera.sys
2017-11-27 10:14 - 2017-04-03 19:31 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsha.sys
2017-11-27 10:14 - 2017-04-03 19:31 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbdiska.sys
2017-11-27 10:14 - 2017-04-03 19:31 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbuniva.sys
2017-11-20 19:51 - 2009-07-14 06:13 - 000781298 _____ C:\windows\system32\PerfStringBackup.INI
2017-11-20 19:51 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2017-11-17 15:05 - 2014-12-26 20:45 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-15 19:33 - 2011-07-26 21:57 - 000003548 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1554982330-1077266817-2899125201-1001UA
2017-11-15 19:33 - 2011-07-26 21:57 - 000003276 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1554982330-1077266817-2899125201-1001Core
2017-11-15 14:38 - 2015-03-24 11:18 - 000000000 ____D C:\Users\Michal\AppData\Roaming\MPC-HC
2017-11-14 21:35 - 2011-07-26 21:54 - 000003368 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 21:35 - 2011-07-26 21:54 - 000003240 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2011-07-29 09:02 - 2011-07-29 09:07 - 000000173 _____ () C:\Users\Michal\AppData\Local\msmathematics.qat.Michal
2016-08-05 16:54 - 2016-08-05 16:54 - 000007625 _____ () C:\Users\Michal\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-12-14 10:24 - 2017-12-14 10:24 - 000001536 _____ () C:\Users\Michal\AppData\Local\Temp\NEventMessages.dll
2017-12-14 10:24 - 2017-12-14 10:24 - 000001536 _____ () C:\Users\Michal\AppData\Local\Temp\NOSEventMessages.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\windows\system32\drivers\sptd.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Security Center ==================

AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Michal\Desktop" je 2376 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KrosMeninyP
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
"C:\Program Files (x86)\Winamp\winampa.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
ECHO is off.


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: prosim o kontrolu

Napsal: 15 pro 2017 07:26
od JaRon
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
C:\windows\AutoKMS\AutoKMS.exe
HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1554982330-1077266817-2899125201-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1554982330-1077266817-2899125201-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
R0 sptd; C:\windows\System32\Drivers\sptd.sys [834544 2011-07-27] () [File not signed]
S3 ALSysIO; \??\C:\Users\Michal\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
S3 MGHwCtrl; \??\c:\Utility\Silent\MGHwCtrl.sys [X]
2017-12-14 10:25 - 2017-12-14 10:25 - 000003758 _____ C:\windows\System32\Tasks\AutoKMS
2017-12-14 10:24 - 2017-12-14 10:24 - 000001536 _____ () C:\Users\Michal\AppData\Local\Temp\NEventMessages.dll
2017-12-14 10:24 - 2017-12-14 10:24 - 000001536 _____ () C:\Users\Michal\AppData\Local\Temp\NOSEventMessages.dll
C:\windows\system32\drivers\sptd.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KrosMeninyP
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [x]





EmptyTemp:
Reboot:
End
•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

:arrow: Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

:arrow: Restart PC a dejte mi sem fixlog.txt

Re: prosim o kontrolu

Napsal: 15 pro 2017 10:26
od ahola
pocas opravy vyskocila modra obrazovka, aj pri opätovnom pokuse znova modra obrazovka

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-12-2017
Ran by Michal (15-12-2017 10:14:52) Run:2
Running from C:\Users\Michal\Desktop
Loaded Profiles: UpdatusUser & Michal & postgres (Available Profiles: UpdatusUser & Michal & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
C:\windows\AutoKMS\AutoKMS.exe
HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1554982330-1077266817-2899125201-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1554982330-1077266817-2899125201-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL =
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
R0 sptd; C:\windows\System32\Drivers\sptd.sys [834544 2011-07-27] () [File not signed]
S3 ALSysIO; \??\C:\Users\Michal\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
S3 MGHwCtrl; \??\c:\Utility\Silent\MGHwCtrl.sys [X]
2017-12-14 10:25 - 2017-12-14 10:25 - 000003758 _____ C:\windows\System32\Tasks\AutoKMS
2017-12-14 10:24 - 2017-12-14 10:24 - 000001536 _____ () C:\Users\Michal\AppData\Local\Temp\NEventMessages.dll
2017-12-14 10:24 - 2017-12-14 10:24 - 000001536 _____ () C:\Users\Michal\AppData\Local\Temp\NOSEventMessages.dll
C:\windows\system32\drivers\sptd.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KrosMeninyP
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [x]





EmptyTemp:
Reboot:
End
*****************

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => key not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"C:\windows\AutoKMS\AutoKMS.exe" => not found.
HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1554982330-1077266817-2899125201-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1554982330-1077266817-2899125201-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => removed successfully
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found
"HKLM\Software\Classes\PROTOCOLS\Handler\linkscanner" => removed successfully

Re: prosim o kontrolu

Napsal: 15 pro 2017 10:50
od JaRon
OK, vycisti registre s CCleanerom, ak sa hlaska bude nadalej objavovat zakaz scriptovanie
podla navodu https://www.technipages.com/internet-ex ... javascript

Re: prosim o kontrolu

Napsal: 21 pro 2017 12:09
od ahola
zatial to vyzera ok, díky.
ta modra smrt suvisela len s tym skriptom a fixom?