Vyskakující okna

[Adalpo]

Dobrý den, omylen jsem kliknul na keygen a hned se mi zaviroval počítač. Párkrát za minutu mi vyskočí v prohlížeči okno většinou na erotické téma. Prosím poraďte co mám smazat aby vše bylo v pořádku. Combofix nepomohl a PC je vyčištěné přes ccleaner.
Zde je log:

předem děkuji

Logfile of random's system information tool 1.10 (written by random/random)
Run by pc at 2018-01-26 17:09:03
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 150 GB (31%) free of 477 GB
Total RAM: 3982 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:09:26, on 26.1.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18860)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
C:\Windows\SysWOW64\Codecs\TrayMenu.exe
C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\trend micro\pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Codec Settings UAC Manager] "C:\Windows\system32\Codecs\CodecUACManager.exe"
O4 - HKLM\..\Run: [Bonus.SSR.FR12] "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\pc\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: CodecPackTrayMenu.lnk = C:\Windows\SysWOW64\Codecs\TrayMenu.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 12 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.12.0) - ABBYY Production LLC - C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7146 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe" -service
"taskhost.exe"
taskeng.exe {89449A4D-6BF8-49F7-86AE-5702C3851C00}
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe" /STARTUP
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\RFA 11\rfagent64.exe"
"C:\Windows\SysWOW64\Codecs\TrayMenu.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-00418e24-dfee-47d3-9635-3deb7cdf453c -SystemEventPortName:HostProcess-83783bc2-9970-4762-a376-761553420f8c -IoCancelEventPortName:HostProcess-2f83b974-0674-4df7-9a65-c0ada5286ced -NonStateChangingEventPortName:HostProcess-e34ce2a4-052e-49e9-b512-fcfebc3a678f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:6796e6e1-bbd7-44e4-a795-b4deae43be1c -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\explorer.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="620.0.2097645258\1065371351" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" "C:\Users\pc\AppData\LocalLow\Mozilla\Temp-{bd106de6-6c03-4b98-a7ef-1f1338d027f1}" 620 "\\.\pipe\gecko-crash-server-pipe.620" gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="620.3.848226777\361482754" -childID 1 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|98:2|99:1|114:5000|124:0|126:0|137:10000|149:-1|154:128|155:10000|156:0|162:24|163:32768|165:0|166:0|174:2|178:1048576|179:100|180:5000|182:600|184:1|193:3|197:0|206:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:0|92:1|95:1|97:0|100:1|101:0|108:0|113:0|116:1|119:1|121:1|125:0|128:1|131:1|132:1|138:1|139:0|140:1|142:0|148:0|150:1|151:0|152:1|153:1|160:0|161:0|164:1|167:0|169:1|171:1|172:0|177:0|181:1|186:0|187:0|188:0|189:1|190:0|191:1|192:1|195:0|198:0|199:0|200:1|201:1|202:0|203:1|204:1|205:1|207:0|208:0|210:0|218:1|219:1|220:0|221:0|222:0| -stringPrefs "3:7;release|96:0;|141:3;1.0|158:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ�|159:4;high|194:38;{bd106de6-6c03-4b98-a7ef-1f1338d027f1}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 620 "\\.\pipe\gecko-crash-server-pipe.620" tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="620.13.1120114727\201037001" -childID 2 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|98:2|99:1|114:5000|124:0|126:0|137:10000|149:-1|154:128|155:10000|156:0|162:24|163:32768|165:0|166:0|174:2|178:1048576|179:100|180:5000|182:600|184:1|193:3|197:0|206:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:0|92:1|95:1|97:0|100:1|101:0|108:0|113:0|116:1|119:1|121:1|125:0|128:1|131:1|132:1|138:1|139:0|140:1|142:0|148:0|150:1|151:0|152:1|153:1|160:0|161:0|164:1|167:0|169:1|171:1|172:0|177:0|181:1|186:0|187:0|188:0|189:1|190:0|191:1|192:1|195:0|198:0|199:0|200:1|201:1|202:0|203:1|204:1|205:1|207:0|208:0|210:0|218:1|219:1|220:0|221:0|222:0| -stringPrefs "3:7;release|96:0;|141:3;1.0|158:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ�|159:4;high|194:38;{bd106de6-6c03-4b98-a7ef-1f1338d027f1}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 620 "\\.\pipe\gecko-crash-server-pipe.620" tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="620.20.542473715\1067846882" -childID 3 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|98:2|99:1|114:5000|124:0|126:0|137:10000|149:-1|154:128|155:10000|156:0|162:24|163:32768|165:0|166:0|174:2|178:1048576|179:100|180:5000|182:600|184:1|193:3|197:0|206:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:0|92:1|95:1|97:0|100:1|101:0|108:0|113:0|116:1|119:1|121:1|125:0|128:1|131:1|132:1|138:1|139:0|140:1|142:0|148:0|150:1|151:0|152:1|153:1|160:0|161:0|164:1|167:0|169:1|171:1|172:0|177:0|181:1|186:0|187:0|188:0|189:1|190:0|191:1|192:1|195:0|198:0|199:0|200:1|201:1|202:0|203:1|204:1|205:1|207:0|208:0|210:0|218:1|219:1|220:0|221:0|222:0| -stringPrefs "3:7;release|96:0;|141:3;1.0|158:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ�|159:4;high|194:38;{bd106de6-6c03-4b98-a7ef-1f1338d027f1}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 620 "\\.\pipe\gecko-crash-server-pipe.620" tab
taskeng.exe {852D583E-D928-41EF-A6D5-16308678AA62}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528

"C:\Users\pc\Downloads\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529

prefs.js - "browser.startup.homepage" - "http://www.bbc.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.137 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.151.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.151.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.137 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.151.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.151.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-12-06 571968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-06 235584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-06 473664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-06 187968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-05-14 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-05-14 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-05-14 440088]
"rfagent"=C:\Program Files\RFA 11\rfagent64.exe [2017-05-14 3557904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe [2017-12-27 1981624]
"Akamai NetSession Interface"=C:\Users\pc\AppData\Local\Akamai\netsession_win.exe [2015-09-10 4691384]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-12-01 10249048]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Codec Settings UAC Manager"=C:\Windows\system32\Codecs\CodecUACManager.exe []
"Bonus.SSR.FR12"=C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [2016-10-18 1527960]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-05 587288]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
CodecPackTrayMenu.lnk - C:\Windows\SysWOW64\Codecs\TrayMenu.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-05-10 436224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.ffds"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2018-01-26 17:09:03 ----D---- C:\rsit
2018-01-26 17:09:03 ----D---- C:\Program Files\trend micro
2018-01-26 17:01:02 ----SHD---- C:\$RECYCLE.BIN
2018-01-26 17:00:59 ----D---- C:\Windows\temp
2018-01-26 17:00:58 ----A---- C:\ComboFix.txt
2018-01-26 16:45:19 ----D---- C:\Program Files\CCleaner
2018-01-26 15:24:15 ----A---- C:\Windows\zip.exe
2018-01-26 15:24:15 ----A---- C:\Windows\SWSC.exe
2018-01-26 15:24:15 ----A---- C:\Windows\SWREG.exe
2018-01-26 15:24:15 ----A---- C:\Windows\sed.exe
2018-01-26 15:24:15 ----A---- C:\Windows\PEV.exe
2018-01-26 15:24:15 ----A---- C:\Windows\NIRCMD.exe
2018-01-26 15:24:15 ----A---- C:\Windows\MBR.exe
2018-01-26 15:24:15 ----A---- C:\Windows\grep.exe
2018-01-26 15:24:09 ----D---- C:\Qoobox
2018-01-26 15:23:46 ----D---- C:\Windows\erdnt
2018-01-26 14:51:25 ----D---- C:\Users\pc\AppData\Roaming\SystemProcess
2018-01-26 14:12:12 ----D---- C:\Program Files (x86)\Final Fantasy VII
2017-12-31 12:59:32 ----D---- C:\ProgramData\RELOADED
2017-12-31 12:53:33 ----D---- C:\Program Files (x86)\Torchlight II
2017-12-29 19:54:50 ----D---- C:\Users\pc\AppData\Roaming\.mono
2017-12-29 19:28:26 ----D---- C:\Users\pc\AppData\Roaming\com.mojang.scrolls.launcher.LauncherApplication
2017-12-29 19:27:02 ----D---- C:\Program Files (x86)\Scrolls

======List of files/folders modified in the last 1 month======

2018-01-26 17:09:03 ----RD---- C:\Program Files
2018-01-26 17:00:59 ----D---- C:\Windows
2018-01-26 16:59:06 ----A---- C:\Windows\system.ini
2018-01-26 16:57:36 ----D---- C:\Windows\SYSWOW64\drivers
2018-01-26 16:57:36 ----D---- C:\Windows\SysWOW64
2018-01-26 16:57:36 ----D---- C:\Windows\AppPatch
2018-01-26 16:57:36 ----D---- C:\Program Files (x86)\Common Files
2018-01-26 16:54:18 ----D---- C:\Windows\system32\drivers
2018-01-26 16:53:35 ----D---- C:\Users\pc\AppData\Roaming\uTorrent
2018-01-26 16:48:57 ----D---- C:\Dokumenty
2018-01-26 16:47:35 ----D---- C:\Users\pc\AppData\Roaming\MPC-HC
2018-01-26 16:47:07 ----D---- C:\Windows\inf
2018-01-26 16:47:07 ----D---- C:\Windows\debug
2018-01-26 16:46:56 ----D---- C:\Windows\system32\config
2018-01-26 16:45:22 ----D---- C:\Windows\system32\Tasks
2018-01-26 15:32:23 ----D---- C:\Windows\system32\drivers\etc
2018-01-26 15:24:37 ----SHD---- C:\System Volume Information
2018-01-26 14:51:22 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-01-26 14:12:12 ----RD---- C:\Program Files (x86)
2018-01-26 14:12:06 ----D---- C:\Windows\Prefetch
2018-01-26 14:08:59 ----SHD---- C:\Windows\Installer
2018-01-24 21:54:14 ----D---- C:\Users\pc\AppData\Roaming\vlc
2018-01-24 16:42:45 ----D---- C:\ProgramData\ProductData
2018-01-22 22:11:14 ----D---- C:\Windows\system32\NDF
2018-01-18 15:49:26 ----D---- C:\Windows\system32\catroot2
2018-01-11 03:04:27 ----D---- C:\ProgramData\Microsoft Help
2018-01-11 03:04:21 ----D---- C:\Windows\system32\MRT
2018-01-11 03:01:57 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-01-11 03:01:45 ----AC---- C:\Windows\system32\MRT.exe
2018-01-10 16:17:16 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-01-10 16:17:14 ----D---- C:\Windows\system32\Macromed
2018-01-10 16:17:13 ----D---- C:\Windows\SYSWOW64\Macromed
2018-01-06 19:45:54 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-04 20:19:59 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2017-12-31 12:59:32 ----D---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2017-03-09 30744]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2015-06-08 127760]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-05-10 14759136]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-04-10 676968]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-08-07 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-08-07 47672]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.12.0;ABBYY FineReader 12 PE Licensing Service; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [2016-04-28 955520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-05-14 276248]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-11-14 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-01-05 194000]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-09-12 159960]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-07-22 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]

-----------------EOF-----------------

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[Adalpo]

Zde je log

# AdwCleaner 7.0.7.0 - Logfile created on Fri Jan 26 17:00:01 2018
# Updated on 2018/18/01 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\pc\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\pc\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader


***** [ Files ] *****

Deleted: C:\Users\All Users\Desktop\\Smart Defrag 5.lnk
Deleted: C:\Users\Public\Desktop\\Smart Defrag 5.lnk


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Codec Settings UAC Manager


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2339 B] - [2018/1/26 16:59:5]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

[Rudy]

Dejte nový log RSIT.

[Adalpo]

Nový log RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by pc at 2018-01-27 09:52:12
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 149 GB (31%) free of 477 GB
Total RAM: 3982 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:52:13, on 27.1.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18860)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\SysWOW64\Codecs\TrayMenu.exe
C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\pc\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
C:\Users\pc\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\pc\AppData\Local\Akamai\netsession_win.exe
C:\Users\pc\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\trend micro\pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Bonus.SSR.FR12] "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\pc\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: CodecPackTrayMenu.lnk = C:\Windows\SysWOW64\Codecs\TrayMenu.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 12 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.12.0) - ABBYY Production LLC - C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7380 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe" -service
"taskhost.exe"
taskeng.exe {597D27A6-D73E-49DD-BA67-D7730686AD0C}
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe" /STARTUP
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-86f0b1ad-3be6-4e3b-b8ba-fc1040b55fc5 -SystemEventPortName:HostProcess-9d376210-cb3e-4c44-b51d-9451cfbbd515 -IoCancelEventPortName:HostProcess-b157efa9-87d5-4781-ade2-8d8f2cd2ef4a -NonStateChangingEventPortName:HostProcess-d8dda00c-f43e-4e8e-be63-35253cf904b3 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9c45b49c-d0f2-49d7-858b-c5f83a3c9802 -DeviceGroupId:WpdFsGroup
"C:\Program Files\RFA 11\rfagent64.exe"
"C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Windows\SysWOW64\Codecs\TrayMenu.exe"
"C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\pc\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe" uTorrent_2812_03C875F8_433846424 µTorrent4823DF041B09 uTorrent
"C:\Users\pc\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe" uTorrent_2812_00ACE7A0_785532717 µTorrent4823DF041B09 uTorrent
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\cmd.exe /c ""C:/Users/pc/AppData/Local/Akamai/installer_no_upload_silent.exe" & "C:/Users/pc/AppData/Local/Akamai/netsession_win.exe""
"C:/Users/pc/AppData/Local/Akamai/netsession_win.exe"
"C:/Users/pc/AppData/Local/Akamai/netsession_win.exe" --client
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\pc\Downloads\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529

prefs.js - "browser.startup.homepage" - "http://www.bbc.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.137 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.151.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.151.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.137 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.151.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.151.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-12-06 571968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-06 235584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-06 473664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-06 187968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-05-14 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-05-14 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-05-14 440088]
"rfagent"=C:\Program Files\RFA 11\rfagent64.exe [2017-05-14 3557904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe [2017-12-27 1981624]
"Akamai NetSession Interface"=C:\Users\pc\AppData\Local\Akamai\netsession_win.exe [2015-09-10 4691384]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-12-01 10249048]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Bonus.SSR.FR12"=C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [2016-10-18 1527960]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-05 587288]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
CodecPackTrayMenu.lnk - C:\Windows\SysWOW64\Codecs\TrayMenu.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-05-10 436224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.ffds"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2018-01-26 17:57:25 ----D---- C:\AdwCleaner
2018-01-26 17:09:03 ----D---- C:\rsit
2018-01-26 17:09:03 ----D---- C:\Program Files\trend micro
2018-01-26 17:01:02 ----SHD---- C:\$RECYCLE.BIN
2018-01-26 17:00:59 ----D---- C:\Windows\temp
2018-01-26 17:00:58 ----A---- C:\ComboFix.txt
2018-01-26 16:45:19 ----D---- C:\Program Files\CCleaner
2018-01-26 15:24:15 ----A---- C:\Windows\zip.exe
2018-01-26 15:24:15 ----A---- C:\Windows\SWSC.exe
2018-01-26 15:24:15 ----A---- C:\Windows\SWREG.exe
2018-01-26 15:24:15 ----A---- C:\Windows\sed.exe
2018-01-26 15:24:15 ----A---- C:\Windows\PEV.exe
2018-01-26 15:24:15 ----A---- C:\Windows\NIRCMD.exe
2018-01-26 15:24:15 ----A---- C:\Windows\MBR.exe
2018-01-26 15:24:15 ----A---- C:\Windows\grep.exe
2018-01-26 15:24:09 ----D---- C:\Qoobox
2018-01-26 15:23:46 ----D---- C:\Windows\erdnt
2018-01-26 14:51:25 ----D---- C:\Users\pc\AppData\Roaming\SystemProcess
2018-01-26 14:12:12 ----D---- C:\Program Files (x86)\Final Fantasy VII
2017-12-31 12:59:32 ----D---- C:\ProgramData\RELOADED
2017-12-31 12:53:33 ----D---- C:\Program Files (x86)\Torchlight II
2017-12-29 19:54:50 ----D---- C:\Users\pc\AppData\Roaming\.mono
2017-12-29 19:28:26 ----D---- C:\Users\pc\AppData\Roaming\com.mojang.scrolls.launcher.LauncherApplication
2017-12-29 19:27:02 ----D---- C:\Program Files (x86)\Scrolls

======List of files/folders modified in the last 1 month======

2018-01-27 09:52:13 ----D---- C:\Windows\Prefetch
2018-01-27 09:49:33 ----D---- C:\Users\pc\AppData\Roaming\uTorrent
2018-01-27 09:46:12 ----D---- C:\ProgramData\RFA_Backups
2018-01-27 09:43:14 ----D---- C:\Windows\system32\config
2018-01-27 09:35:59 ----SHD---- C:\System Volume Information
2018-01-27 09:34:32 ----SHD---- C:\Windows\Installer
2018-01-26 18:00:59 ----D---- C:\Windows
2018-01-26 17:59:59 ----D---- C:\Users\pc\AppData\Roaming\IObit
2018-01-26 17:59:59 ----D---- C:\ProgramData\IObit
2018-01-26 17:09:03 ----RD---- C:\Program Files
2018-01-26 16:59:06 ----A---- C:\Windows\system.ini
2018-01-26 16:57:36 ----D---- C:\Windows\SYSWOW64\drivers
2018-01-26 16:57:36 ----D---- C:\Windows\SysWOW64
2018-01-26 16:57:36 ----D---- C:\Windows\AppPatch
2018-01-26 16:57:36 ----D---- C:\Program Files (x86)\Common Files
2018-01-26 16:54:18 ----D---- C:\Windows\system32\drivers
2018-01-26 16:48:57 ----D---- C:\Dokumenty
2018-01-26 16:47:35 ----D---- C:\Users\pc\AppData\Roaming\MPC-HC
2018-01-26 16:47:07 ----D---- C:\Windows\inf
2018-01-26 16:47:07 ----D---- C:\Windows\debug
2018-01-26 16:45:22 ----D---- C:\Windows\system32\Tasks
2018-01-26 15:32:23 ----D---- C:\Windows\system32\drivers\etc
2018-01-26 14:51:22 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-01-26 14:12:12 ----RD---- C:\Program Files (x86)
2018-01-24 21:54:14 ----D---- C:\Users\pc\AppData\Roaming\vlc
2018-01-24 16:42:45 ----D---- C:\ProgramData\ProductData
2018-01-22 22:11:14 ----D---- C:\Windows\system32\NDF
2018-01-18 15:49:26 ----D---- C:\Windows\system32\catroot2
2018-01-11 03:04:27 ----D---- C:\ProgramData\Microsoft Help
2018-01-11 03:04:21 ----D---- C:\Windows\system32\MRT
2018-01-11 03:01:57 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-01-11 03:01:45 ----AC---- C:\Windows\system32\MRT.exe
2018-01-10 16:17:16 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-01-10 16:17:14 ----D---- C:\Windows\system32\Macromed
2018-01-10 16:17:13 ----D---- C:\Windows\SYSWOW64\Macromed
2018-01-06 19:45:54 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-04 20:19:59 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2017-12-31 12:59:32 ----D---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2017-03-09 30744]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2015-06-08 127760]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-05-10 14759136]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-04-10 676968]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-08-07 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-08-07 47672]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.12.0;ABBYY FineReader 12 PE Licensing Service; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [2016-04-28 955520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-05-14 276248]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-11-14 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-01-05 194000]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-09-12 159960]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-07-22 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]

-----------------EOF-----------------

[Rudy]

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Users\pc\AppData\Local\Akamai

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Co jste zkoušel tím Combofixem? CF je profi utilita, kterou si laik může poškodit systém.

[Adalpo]

Kdysi za mlada a to jistě chápete každý stahuje keygeny a cracky aby za nic neplatil a tak se stávalo, že jsem měl PC zavirované skoro pořád.
A právě na tomto serveru vždy pomohl combofix a jiné utility. Po mnoha letech jsem si včera omylem zaviroval PC a nechtěl jsem hned něco řešit přes vaš fórum když "vím jak se šmejdu zbavit".
jenže to jaksi nepomohlo. Takže tak. Jinak jsem okamžitě přispěl alespoň stovečkou )

Zde je log:

P.S. ještě jsem zaznamenal zvýšení výkonu CPU na cca 70-80% ikdyž nic "normálně" neběží. Dělá to proces system proces, když ho killnu tak to přestane ale občas se zase sám aktivuje

Logfile of random's system information tool 1.10 (written by random/random)
Run by pc at 2018-01-27 13:15:40
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 152 GB (32%) free of 477 GB
Total RAM: 3982 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:15:42, on 27.1.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18860)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\SysWOW64\Codecs\TrayMenu.exe
C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe
C:\Users\pc\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
C:\Users\pc\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
C:\Program Files\trend micro\pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Bonus.SSR.FR12] "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: CodecPackTrayMenu.lnk = C:\Windows\SysWOW64\Codecs\TrayMenu.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 12 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.12.0) - ABBYY Production LLC - C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6904 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe" -service
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {15D3EC10-B8A7-4623-B40C-B1D36A80791A}
"C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe" /STARTUP
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-627bd2b9-ac97-43f5-84f4-4363fababc23 -SystemEventPortName:HostProcess-edfa4bdc-98d5-40c6-9137-72754deae89e -IoCancelEventPortName:HostProcess-fa26312d-16e4-4a81-9398-a6b571c75142 -NonStateChangingEventPortName:HostProcess-4eb80e46-44a7-4272-a414-4c831017d417 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:62736423-ea31-4791-8266-2be65a04a446 -DeviceGroupId:WpdFsGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\RFA 11\rfagent64.exe"
"C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Windows\SysWOW64\Codecs\TrayMenu.exe"
"C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Users\pc\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe" uTorrent_2916_00A71010_1042550654 µTorrent4823DF041B09 uTorrent
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Users\pc\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe" uTorrent_2916_00A711D8_1717705245 µTorrent4823DF041B09 uTorrent
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\pc\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

=========Mozilla firefox=========

ProfilePath - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529

prefs.js - "browser.startup.homepage" - "http://www.bbc.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.137 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.151.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.151.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.137 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.151.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.151.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-12-06 571968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-06 235584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-06 473664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-06 187968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-05-14 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-05-14 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-05-14 440088]
"rfagent"=C:\Program Files\RFA 11\rfagent64.exe [2017-05-14 3557904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe [2017-12-27 1981624]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-12-01 10249048]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Bonus.SSR.FR12"=C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [2016-10-18 1527960]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
CodecPackTrayMenu.lnk - C:\Windows\SysWOW64\Codecs\TrayMenu.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-05-10 436224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.ffds"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2018-01-27 13:11:51 ----D---- C:\_OTM
2018-01-26 17:57:25 ----D---- C:\AdwCleaner
2018-01-26 17:09:03 ----D---- C:\rsit
2018-01-26 17:09:03 ----D---- C:\Program Files\trend micro
2018-01-26 17:01:02 ----SHD---- C:\$RECYCLE.BIN
2018-01-26 17:00:59 ----D---- C:\Windows\temp
2018-01-26 17:00:58 ----A---- C:\ComboFix.txt
2018-01-26 16:45:19 ----D---- C:\Program Files\CCleaner
2018-01-26 15:24:15 ----A---- C:\Windows\zip.exe
2018-01-26 15:24:15 ----A---- C:\Windows\SWSC.exe
2018-01-26 15:24:15 ----A---- C:\Windows\SWREG.exe
2018-01-26 15:24:15 ----A---- C:\Windows\sed.exe
2018-01-26 15:24:15 ----A---- C:\Windows\PEV.exe
2018-01-26 15:24:15 ----A---- C:\Windows\NIRCMD.exe
2018-01-26 15:24:15 ----A---- C:\Windows\MBR.exe
2018-01-26 15:24:15 ----A---- C:\Windows\grep.exe
2018-01-26 15:24:09 ----D---- C:\Qoobox
2018-01-26 15:23:46 ----D---- C:\Windows\erdnt
2018-01-26 14:51:25 ----D---- C:\Users\pc\AppData\Roaming\SystemProcess
2017-12-31 12:59:32 ----D---- C:\ProgramData\RELOADED
2017-12-31 12:53:33 ----D---- C:\Program Files (x86)\Torchlight II
2017-12-29 19:54:50 ----D---- C:\Users\pc\AppData\Roaming\.mono
2017-12-29 19:28:26 ----D---- C:\Users\pc\AppData\Roaming\com.mojang.scrolls.launcher.LauncherApplication
2017-12-29 19:27:02 ----D---- C:\Program Files (x86)\Scrolls

======List of files/folders modified in the last 1 month======

2018-01-27 13:15:16 ----D---- C:\Users\pc\AppData\Roaming\uTorrent
2018-01-27 13:11:51 ----D---- C:\Windows\Prefetch
2018-01-27 10:38:44 ----RD---- C:\Program Files (x86)
2018-01-27 10:37:44 ----D---- C:\Windows\Microsoft.NET
2018-01-27 10:37:31 ----SHD---- C:\Windows\Installer
2018-01-27 10:37:28 ----RSD---- C:\Windows\assembly
2018-01-27 10:37:15 ----SHD---- C:\System Volume Information
2018-01-27 10:32:06 ----D---- C:\Windows\system32\Tasks
2018-01-27 10:28:26 ----D---- C:\Windows\system32\config
2018-01-27 09:46:12 ----D---- C:\ProgramData\RFA_Backups
2018-01-26 18:00:59 ----D---- C:\Windows
2018-01-26 17:59:59 ----D---- C:\Users\pc\AppData\Roaming\IObit
2018-01-26 17:59:59 ----D---- C:\ProgramData\IObit
2018-01-26 17:09:03 ----RD---- C:\Program Files
2018-01-26 16:59:06 ----A---- C:\Windows\system.ini
2018-01-26 16:57:36 ----D---- C:\Windows\SYSWOW64\drivers
2018-01-26 16:57:36 ----D---- C:\Windows\SysWOW64
2018-01-26 16:57:36 ----D---- C:\Windows\AppPatch
2018-01-26 16:57:36 ----D---- C:\Program Files (x86)\Common Files
2018-01-26 16:54:18 ----D---- C:\Windows\system32\drivers
2018-01-26 16:48:57 ----D---- C:\Dokumenty
2018-01-26 16:47:35 ----D---- C:\Users\pc\AppData\Roaming\MPC-HC
2018-01-26 16:47:07 ----D---- C:\Windows\inf
2018-01-26 16:47:07 ----D---- C:\Windows\debug
2018-01-26 15:32:23 ----D---- C:\Windows\system32\drivers\etc
2018-01-26 14:51:22 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-01-24 21:54:14 ----D---- C:\Users\pc\AppData\Roaming\vlc
2018-01-24 16:42:45 ----D---- C:\ProgramData\ProductData
2018-01-22 22:11:14 ----D---- C:\Windows\system32\NDF
2018-01-18 15:49:26 ----D---- C:\Windows\system32\catroot2
2018-01-11 03:04:27 ----D---- C:\ProgramData\Microsoft Help
2018-01-11 03:04:21 ----D---- C:\Windows\system32\MRT
2018-01-11 03:01:57 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-01-11 03:01:45 ----AC---- C:\Windows\system32\MRT.exe
2018-01-10 16:17:16 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-01-10 16:17:14 ----D---- C:\Windows\system32\Macromed
2018-01-10 16:17:13 ----D---- C:\Windows\SYSWOW64\Macromed
2018-01-06 19:45:54 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-04 20:19:59 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2017-12-31 12:59:32 ----D---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2017-03-09 30744]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2015-06-08 127760]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-05-10 14759136]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-04-10 676968]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-08-07 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-08-07 47672]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.12.0;ABBYY FineReader 12 PE Licensing Service; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [2016-04-28 955520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-05-14 276248]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-11-14 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-01-05 194000]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-09-12 159960]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-07-22 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]

-----------------EOF-----------------

[Rudy]

OK, to chápu, jenže CF je profesinální utilita, kterou si ani já nedovolím požít "naostro", tj bez předchozí kontroly jinám skenerem, abych nepoškodil systém. Navíc CF smaže veškěré stopy po šmejdech, který by jinak skener ukázal. Dále má CF "spadeno" na některé zcela regulérní aplikace, které smaže.

Jinak smazáno. Ještě udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[Adalpo]

Zde je log

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 27.01.18
Čas skenování: 14:30
Logovací soubor: 4721e90a-0366-11e8-8ac2-80c16ef9054b.json
Správce: Ano

-Informace o softwaru-
Verze: 3.3.1.2183
Verze komponentů: 1.0.262
Aktualizovat verzi balíku komponent: 1.0.3797
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: pc-PC\pc

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 251979
Zjištěné hrozby: 41
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 3 min, 52 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 41
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\2611659.CFG, Žádná uživatelská akce, [1089], [345404],1.0.3797
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\2611659.JS, Žádná uživatelská akce, [1089], [345398],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\6RPSK7TX1HNG.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\BSELYDIWCNXY.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\HYRKGLKXXY8G.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\O2S3JA8T3TNH.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\UDYQRUYGGDJD.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\XSFKSDQG4D52.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\350DQJAKQPPQ.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\31NFQL8QYXAV.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\AUFATYEEYHK4.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\GY5NDFV3SVYF.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\A4ZIZPT20ZYJ.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\O1PKUR8FWZUC.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\F1NWMEVPRD6M.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\SCSVQNZCBDCQ.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\7B68EHRYS5DH.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\WSVIKUYPIOSZ.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\76GMAEHUZWOQ.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\MZPDXK1HD2Z5.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\CQZWL1F3USVG.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\CIUVTNSXJP3F.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\RTXUBJKLLVMU.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\Z6ZN8DWIBLJD.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\JVBOCDOHX2YR.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\IDCWSAI11YAZ.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\PT7USMQTYFRD.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\VMJBWHF0REJI.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\OOENDLUFN2SS.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\URCS0VHJS6XK.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\UPRLMLCE3IAC.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\YKGAJBUIPUJO.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\Z3ZKFPRLMGPR.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\YEYRX3QNDNKZ.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\2QNN67XD00IP.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\7YBLIZTNOTXG.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\DRJN2ZZA1O4Z.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\MHK5Y1WQWVRZ.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\PUT16WUYM3OK.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\VAGDS0YAKVEX.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797
Generic.Malware/Suspicious, C:\USERS\PC\APPDATA\ROAMING\HGLG7NQ7Q2798TJZ\YQQMSUULB11Y.EXE, Žádná uživatelská akce, [0], [392686],1.0.3797

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Rudy]

Všechny nalezené položky smažte.

[Adalpo]

Smazáno, řekl bych že tam ještě něco je. Vyskočilo mi okno prohlížeče s přehráváním nějakých videí hned po tom co jsem po restartu spustil internet a tyto stránky.

[Rudy]

Zkusíme vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[Adalpo]

Ufff tak tohle byl fakt mazec. Před spuštěním Zoek se počítač začal chovat jak zpomalený film. Vůbec nic nefungovalo a byl nehorázně pomalý a zaekával se. V nouzovém režimu vše ok. Ani se mi ndařilo se dostat na internet jak to bylo pomalé. Nakonec jsem zjistil že to bylo malwarebytes tak jsem to odinstaloval a už to běhá normálně. Ovšem nevím zda je vše zničeno.
Tady je log ze Zoek


Zoek.exe v5.0.0.1 Updated 24-October-2017
Tool run by pc on so 27.01.2018 at 19:06:13,72.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK No Internet Access Detected
Launched: C:\Users\pc\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== FireFox Fix ======================

Deleted from C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529\prefs.js:
user_pref("browser.startup.homepage", "http://www.bbc.com/");

Added to C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\pc\AppData\Roaming\Thunderbird\Profiles\com62s2b.default\prefs.js:

Added to C:\Users\pc\AppData\Roaming\Thunderbird\Profiles\com62s2b.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\pc\AppData\Roaming\Thunderbird\Profiles\com62s2b.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529
- Undetermined - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\pc\AppData\Roaming\Thunderbird\Profiles\com62s2b.default
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529
7C287305070FA26E37B1A822FDBD0488 - C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U151
61A992D1093451F466C1ACFD907645B4 - C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.1510.12
6F6AEB68A01F4D297CFE923E47D16CF4 - C:\Users\pc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
81D6D6EE6226773449C5CBE9496EDAF6 - c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll - Microsoft® Silverlight
FC18E6D133877BE07C753552705A5B8C - c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll - Silverlight Plug-In
D16896ABE7C64F3E8805266F1A76A591 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.cz/?gws_rd=ssl"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02

==== Reset Google Chrome ======================

C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data.ReadOnly was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\pc\AppData\Local\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529\cache2 emptied successfully
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529\storage\default\https+++shiltirs.com\cache emptied successfully
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529\storage\default\https+++twitter.com\cache emptied successfully
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529\storage\default\https+++waudeesestew.com\cache emptied successfully
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529\storage\default\https+++www.facebook.com\cache emptied successfully
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\7hepwisv.default-1479238807529\storage\default\https+++www.youtube.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\pc\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\pc\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 27.01.2018 at 19:09:18,01 ======================


a tady log z junkware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by pc (Limited) on so 27.01.2018 at 19:37:11,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\pc\AppData\Local\alawarwrapper (Folder)
Successfully deleted: C:\users\Public\Documents\alawarwrapper (Folder)
Successfully deleted: C:\Windows\system32\Tasks\SmartDefrag_Startup (Task)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_Install_pc (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 27.01.2018 at 19:38:10,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Rudy]

OK. Otestujte, zda něco nevyskakuje.