Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zpráva
Autor
aktij
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 186
Registrován: 25 lis 2007 09:17
Bydliště: Praha

Prosím o kontrolu

#1 Příspěvek od aktij »

Zdravím, tak jsem tu zas. Tentokrát jsem zoufalá. 31.3. ráno proběhla jakási aktualizace win. Jelikož mě z neznámých důvodů musím restart dělat ručně (několik let), tak než jsem ho zcela vypla a znova zapnula, nechala jsem zhasnutý monitor, sbalila se a vyrazila na chatu za dětmi. V cca 17,30 jsem se chtěla juknout na recept a ejhle. Po zapnutí mi to psalo - dojde k původnímu nastavení, zazálohujte si data. To jsem bohužel neudělala. Poté se cca 0,45 minut provádělo to původní nastavení a pak se začal spouštět. Jenomže když to došlo do určité fáze, tak se to začalo vypínat (psalo to anglicky). Syn mi to nějak zprovoznil, ale nebyly tam utility ohledně netu a wifi. Stáhli jsme je přímo z ASUSU a již to jde. Nemám tu vůbec nic, všechno v čudu (moje chyba). Myslela jsem, že to alespoň pofachčí, když nemám zasekaný NTB. OMYL. Je to šíleně pomalé, je tu nějaký MacAffe, který nechci (dávám přednost Avastu). Prosím o kontrolu a pomoc. :cry: :cry:

Zde je RSIT :

info.txt logfile of random's system information tool 1.16 2018-04-03 17:43:48

====== MBR ======

0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000A95BED8D000000000200EEFFFFFF01000000EF66545700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

====== Uninstall list ======

„Windows Live Essentials“ [20120224]-->MsiExec.exe /I{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}
„Windows Live Mail“ [20120224]-->MsiExec.exe /I{2720009D-9566-45A7-A370-0E6DAC313F3F}
„Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis [20120224]-->MsiExec.exe /I{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}
„Windows Live Messenger“ [20120224]-->MsiExec.exe /X{122800FE-3AAF-4974-9FBD-54B023FA756A}
„Windows Live“ fotogalerija [20120224]-->MsiExec.exe /X{C877E454-FA36-409A-A00E-1240CEC61BBD}
ActiveX контрола на Windows Live Mesh за отдалечени връзки [20120224]-->MsiExec.exe /I{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}
Adobe Flash Player 10 ActiveX [2018/04/01 05:07:04]-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin [2018/04/01 05:07:04]-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader X MUI [20120224]-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001}
ASUS WebStorage [2018/04/01 05:07:04]-->C:\Program Files (x86)\ASUS\ASUS WebStorage\uninst.exe
AsusVibe2.0 [2018/04/01 05:07:04]-->C:\Program Files (x86)\Asus\AsusVibe\unins000.exe
Bing Bar [20120224]-->MsiExec.exe /X{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}
Bubbletown [02/24/2012]-->"C:\Program Files (x86)\Asus\Game Park\Bubbletown\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Bubbletown\install.log"
Control ActiveX Windows Live Mesh pentru conexiuni la distanță [20120224]-->MsiExec.exe /I{260E3D78-94E6-47EC-8E29-46301572BB1E}
D3DX10 [20120224]-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Deadtime Stories [02/24/2012]-->"C:\Program Files (x86)\Asus\Game Park\Deadtime Stories\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Deadtime Stories\install.log"
Dream Day First Home [02/24/2012]-->"C:\Program Files (x86)\Asus\Game Park\Dream Day First Home\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Dream Day First Home\install.log"
Dream Vacation Solitaire [02/24/2012]-->"C:\Program Files (x86)\Asus\Game Park\Dream Vacation Solitaire\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Dream Vacation Solitaire\install.log"
DriverDR 6.5.0 [20180401]-->"C:\Program Files\DriverDR.com\DriverDR\unins000.exe"
Farm Frenzy 3 - Madagascar [02/24/2012]-->"C:\Program Files (x86)\Asus\Game Park\Farm Frenzy 3 - Madagascar\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Farm Frenzy 3 - Madagascar\install.log"
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych [20120224]-->MsiExec.exe /I{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}
Fotogalerija Windows Live [20120224]-->MsiExec.exe /X{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}
Galapago [02/24/2012]-->"C:\Program Files (x86)\Asus\Game Park\Galapago\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Galapago\install.log"
Galeria fotografii usługi Windows Live [20120224]-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}
Galerie foto Windows Live [20120224]-->MsiExec.exe /X{CB66242D-12B1-4494-82D2-6F53A7E024A3}
Game Park Console [2018/04/01 05:07:04]-->C:\Program Files (x86)\Asus\Game Park\GameConsole\Uninstall.exe
Go Go Gourmet Chef of the Year [02/24/2012]-->"C:\Program Files (x86)\Asus\Game Park\Go Go Gourmet Chef of the Year\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Go Go Gourmet Chef of the Year\install.log"
Google Chrome [20120224]-->"C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper [20120224]-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Intel(R) Manageability Engine Firmware Recovery Agent [20180331]-->MsiExec.exe /X{A6C48A9F-694A-4234-B3AA-62590B668927}
Intel(R) Management Engine Components [2018/04/01 05:34:04]-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) OpenCL CPU Runtime [2018/04/01 05:28:27]-->C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics [2018/04/01 05:28:23]-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel® Trusted Connect Service Client [20180331]-->MsiExec.exe /I{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}
Junk Mail filter update [20120224]-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Kontrola Windows Live Mesh ActiveX za daljinske veze [20120224]-->MsiExec.exe /I{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave [20120224]-->MsiExec.exe /I{CA227A9D-09BE-4BFB-9764-48FED2DA5454}
Mahjong Memoirs [02/24/2012]-->"C:\Program Files (x86)\Asus\Game Park\Mahjong Memoirs\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Mahjong Memoirs\install.log"
McAfee SiteAdvisor [2018/04/02 18:54:11]-->C:\Program Files (x86)\McAfee\SiteAdvisor\Uninstall.exe
Mesh Runtime [20120224]-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 4 Client Profile [2012/02/24 13:37:21]-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile [20180403]-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended [2012/02/24 13:38:54]-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended [20120224]-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Office 2010 [20120224]-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}
Microsoft Silverlight [20120224]-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] [20120224]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable (x64) [20180331]-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}
Microsoft Visual C++ 2005 Redistributable (x64) [20180401]-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [20180331]-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [20180331]-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Mozilla Firefox 59.0.2 (x64 cs) [2018/04/01 20:01:33]-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service [2018/04/01 20:01:33]-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT [20120224]-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSVCRT_amd64 [20120224]-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
NVIDIA Graphics Driver 296.97 [20180331]-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA HD Audio Driver 1.3.13.1 [20180331]-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA Update 1.7.13 [20180331]-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení [20120224]-->MsiExec.exe /I{B6190387-0036-4BEB-8D74-A0AFC5F14706}
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia [20120224]-->MsiExec.exe /I{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}
Plants vs Zombies [02/24/2012]-->"C:\Program Files (x86)\Asus\Game Park\Plants vs Zombies\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Plants vs Zombies\install.log"
Poczta usługi Windows Live [20120224]-->MsiExec.exe /I{64376910-1860-4CEF-8B34-AA5D205FC5F1}
Podstawowe programy Windows Live [20120224]-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383}
Pošta Windows Live [20120224]-->MsiExec.exe /I{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}
Program McAfee Internet Security [2018/04/02 18:55:50]-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
Qualcomm Atheros WiFi Driver Installation [20180401]-->"C:\Program Files (x86)\InstallShield Installation Information\{7D916FA5-DAE9-4A25-B089-655C70EAF607}\setup.exe" -runfromtemp -l0x0405 -removeonly
Security Update for Microsoft .NET Framework 4 Client Profile (KB3097994) [2018/04/03 17:33:36]-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A836EEA3-2699-38B2-9B30-076F0177F416} /parameterfolder Client
Shared C Run-time for x64 [20180401]-->MsiExec.exe /I{EF79C448-6946-4D71-8134-03407888C054}
Turbo Fiesta [02/24/2012]-->"C:\Program Files (x86)\Asus\Game Park\Turbo Fiesta\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Turbo Fiesta\install.log"
Windows Live Communications Platform [20120224]-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials [2012/02/24 13:52:31]-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials [20120224]-->MsiExec.exe /I{17835B63-8308-427F-8CF5-D76E0D5FE457}
Windows Live Essentials [20120224]-->MsiExec.exe /I{410DF0AA-882D-450D-9E1B-F5397ACFFA80}
Windows Live Essentials [20120224]-->MsiExec.exe /I{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}
Windows Live Essentials [20120224]-->MsiExec.exe /I{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}
Windows Live Essentials [20120224]-->MsiExec.exe /I{8EFCE1F8-8ADB-40F2-BED7-7728BED00EC0}
Windows Live Essentials [20120224]-->MsiExec.exe /I{A1668729-C4D2-49AE-877B-FB608362FFF1}
Windows Live Essentials [20120224]-->MsiExec.exe /I{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}
Windows Live Essentials [20120224]-->MsiExec.exe /I{C01FCACE-CC3D-49A2-ADC2-583A49857C58}
Windows Live Essentials [20120224]-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Essentials [20120224]-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live Essentials [20120224]-->MsiExec.exe /I{FEEF7F78-5876-438B-B554-C4CC426A4302}
Windows Live Family Safety [20120224]-->MsiExec.exe /I{03E5CBD3-73E3-410D-890D-D3F48B2653A6}
Windows Live Family Safety [20120224]-->MsiExec.exe /I{0E7EF678-587B-43E9-B13C-9F4B52ACFFCA}
Windows Live Family Safety [20120224]-->MsiExec.exe /I{0F872589-F781-4EAF-9CBC-BF6A9809F17D}
Windows Live Family Safety [20120224]-->MsiExec.exe /I{19E42E62-8C05-42DE-9DC4-C606F9F8927B}
Windows Live Family Safety [20120224]-->MsiExec.exe /I{1E8F990F-A140-47D4-B266-402E9CF96FC3}
Windows Live Family Safety [20120224]-->MsiExec.exe /I{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}
Windows Live Family Safety [20120224]-->MsiExec.exe /I{553BB3BD-7A2A-4E5E-9B2F-2D14DC70093A}
Windows Live Family Safety [20120224]-->MsiExec.exe /I{5708148D-3A0E-4587-8311-DFCFA33F4D92}
Windows Live Family Safety [20120224]-->MsiExec.exe /I{7D8BBAF2-E7C6-4BB6-9E35-31340373F699}
Windows Live Family Safety [20120224]-->MsiExec.exe /I{A2D54577-154D-4D8B-9ECF-D7D4553ECE63}
Windows Live Family Safety [20120224]-->MsiExec.exe /I{B96C4CA9-FA40-490C-B3BB-50F84A44694E}
Windows Live Family Safety [20120224]-->MsiExec.exe /I{BCA3DCDA-170A-44DB-A888-78105ABACF43}
Windows Live Family Safety [20120224]-->MsiExec.exe /I{D8F30372-43E3-4720-ABDE-11C95E562B71}
Windows Live Family Safety [20120224]-->MsiExec.exe /X{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}
Windows Live fotoattēlu galerija [20120224]-->MsiExec.exe /X{CF936193-C584-458C-B793-15FA945621AF}
Windows Live Fotogaléria [20120224]-->MsiExec.exe /X{97F77D62-5110-4FA3-A2D3-410B92D31199}
Windows Live Fotogalerie [20120224]-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E}
Windows Live Foto-galerija [20120224]-->MsiExec.exe /X{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}
Windows Live Fotótár [20120224]-->MsiExec.exe /X{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}
Windows Live Galerija fotografija [20120224]-->MsiExec.exe /X{E5377D46-83C5-445A-A1F1-830336B42A10}
Windows Live ID Sign-in Assistant [20120224]-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer [20120224]-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector [20120224]-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65}
Windows Live Mail [20120224]-->MsiExec.exe /I{0B80A0FD-755A-4796-BFB0-A7B07366F33A}
Windows Live Mail [20120224]-->MsiExec.exe /I{82803FF3-563F-414F-A403-8D4C167D4120}
Windows Live Mail [20120224]-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail [20120224]-->MsiExec.exe /I{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}
Windows Live Mail [20120224]-->MsiExec.exe /I{C454280F-3C3E-4929-B60E-9E6CED5717E7}
Windows Live Mail [20120224]-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mail [20120224]-->MsiExec.exe /I{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}
Windows Live Mail [20120224]-->MsiExec.exe /I{D07B1FDA-876B-4914-9E9A-309732B6D44F}
Windows Live Mail [20120224]-->MsiExec.exe /I{F66430D8-08E6-4C96-B9B7-90E66E27D58C}
Windows Live Mail [20120224]-->MsiExec.exe /I{FA6CF94F-DACF-4FE7-959D-55C421B91B17}
Windows Live Mesh [20120224]-->MsiExec.exe /I{0A093C39-CBB3-4142-B93F-562F176B6305}
Windows Live Mesh [20120224]-->MsiExec.exe /I{2D3E034E-F76B-410A-A169-55755D2637BB}
Windows Live Mesh [20120224]-->MsiExec.exe /I{5CF5B1A5-CBC3-42F0-8533-5A5090665862}
Windows Live Mesh [20120224]-->MsiExec.exe /I{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}
Windows Live Mesh [20120224]-->MsiExec.exe /I{80E8C65A-8F70-4585-88A2-ABC54BABD576}
Windows Live Mesh [20120224]-->MsiExec.exe /I{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}
Windows Live Mesh [20120224]-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh [20120224]-->MsiExec.exe /I{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}
Windows Live Mesh [20120224]-->MsiExec.exe /I{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}
Windows Live Mesh [20120224]-->MsiExec.exe /I{C08D5964-C42F-48EE-A893-2396F9562A7C}
Windows Live Mesh [20120224]-->MsiExec.exe /I{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}
Windows Live Mesh [20120224]-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Mesh [20120224]-->MsiExec.exe /I{EAB1BDF2-734A-4D44-9169-7615D185C974}
Windows Live Mesh [20120224]-->MsiExec.exe /I{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}
Windows Live Mesh ActiveX Control for Remote Connections [20120224]-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh ActiveX kontrola za daljinske veze [20120224]-->MsiExec.exe /I{8985AE5E-622A-4980-8BF8-0A1830643220}
Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem [20120224]-->MsiExec.exe /I{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}
Windows Live Mesh ActiveX-i juhtelement kaugühendustele [20120224]-->MsiExec.exe /I{216ACEC1-4556-4717-A8DE-3F7F5F9C6F63}
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz [20120224]-->MsiExec.exe /I{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}
Windows Live Messenger [20120224]-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger [20120224]-->MsiExec.exe /X{2F54E453-8C93-4B3B-936A-233C909E6CAC}
Windows Live Messenger [20120224]-->MsiExec.exe /X{A3389C72-1782-4BB4-BBAA-33345DE52E3F}
Windows Live Messenger [20120224]-->MsiExec.exe /X{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}
Windows Live Messenger [20120224]-->MsiExec.exe /X{BD0C3887-64E6-41D8-9A38-BC6F34369352}
Windows Live Messenger [20120224]-->MsiExec.exe /X{BD215FCB-27E8-4C86-9251-8B8C1D548743}
Windows Live Messenger [20120224]-->MsiExec.exe /X{D47C66BE-0EB5-4587-93FE-D1E176C4B25C}
Windows Live Messenger [20120224]-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live Messenger [20120224]-->MsiExec.exe /X{E9AD2143-26D5-4201-BED1-19DCC03B407D}
Windows Live Messenger [20120224]-->MsiExec.exe /X{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}
Windows Live Messenger [20120224]-->MsiExec.exe /X{F35DC85A-E96B-496B-ABE7-F04192824856}
Windows Live Messenger [20120224]-->MsiExec.exe /X{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}
Windows Live Messenger [20120224]-->MsiExec.exe /X{FA20D803-14E5-4B00-8F03-B519D46F9D4A}
Windows Live MIME IFilter [20120224]-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{60C3C026-DB53-4DAB-8B97-7C1241F9A847}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{7AF8E500-B349-4A77-8265-9854E9A47925}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{8D33ECF4-1A77-4674-ABAE-DFF978C5BC0A}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{A101F637-2E56-42C0-8E08-F1E9086BFAF3}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}
Windows Live Movie Maker [20120224]-->MsiExec.exe /X{FF737490-5A2D-4269-9D82-97DB2F7C0B09}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{073F306D-9851-4969-B828-7B6444D07D55}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{1168ECF1-2932-4E86-BC83-560C256C8022}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{442032CB-900C-49C7-B4B4-2B76525DD403}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{5D163056-96B7-440F-A836-89BA5D3CFF2F}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{6B556C37-8919-4991-AC34-93D018B9EA49}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{6F37D92B-41AA-44B7-80D2-457ABDE11896}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{7D0DE76C-874E-4BDE-A204-F4240160693E}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{84267681-BF16-40B6-9564-27BC57D7D71C}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}
Windows Live Photo Common [20120224]-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery [20120224]-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery [20120224]-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform [20120224]-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Pošta [20120224]-->MsiExec.exe /I{517EAAB9-C35E-4949-B8C2-20C241162BBB}
Windows Live Remote Client [20120224]-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Client Resources [20120224]-->MsiExec.exe /I{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}
Windows Live Remote Client Resources [20120224]-->MsiExec.exe /I{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}
Windows Live Remote Client Resources [20120224]-->MsiExec.exe /I{2F304EF4-0C31-47F4-8557-0641AAE4197C}
Windows Live Remote Client Resources [20120224]-->MsiExec.exe /I{3921492E-82D2-4180-8124-E347AD2F2DB4}
Windows Live Remote Client Resources [20120224]-->MsiExec.exe /I{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}
Windows Live Remote Client Resources [20120224]-->MsiExec.exe /I{5F44A3A1-5D24-4708-8776-66B42B174C64}
Windows Live Remote Client Resources [20120224]-->MsiExec.exe /I{641B32DB-8226-4250-86C9-34671162F5D5}
Windows Live Remote Client Resources [20120224]-->MsiExec.exe /I{78654366-5889-4A70-90D9-04B00709EEE0}
Windows Live Remote Client Resources [20120224]-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}
Windows Live Remote Client Resources [20120224]-->MsiExec.exe /I{B680A663-1A15-47A5-A07C-7DF9A97558B7}
Windows Live Remote Client Resources [20120224]-->MsiExec.exe /I{E10CB758-D5FD-4A2D-A1C9-459D6BB0C035}
Windows Live Remote Client Resources [20120224]-->MsiExec.exe /I{ED421F97-E1C3-4E78-9F54-A53888215D58}
Windows Live Remote Client Resources [20120224]-->MsiExec.exe /I{F0793412-6407-4870-9A8C-6FE198A4EB12}
Windows Live Remote Service [20120224]-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live Remote Service Resources [20120224]-->MsiExec.exe /I{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}
Windows Live Remote Service Resources [20120224]-->MsiExec.exe /I{29CFD07F-4971-41B0-B14D-621ACCC264AC}
Windows Live Remote Service Resources [20120224]-->MsiExec.exe /I{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}
Windows Live Remote Service Resources [20120224]-->MsiExec.exe /I{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}
Windows Live Remote Service Resources [20120224]-->MsiExec.exe /I{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}
Windows Live Remote Service Resources [20120224]-->MsiExec.exe /I{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}
Windows Live Remote Service Resources [20120224]-->MsiExec.exe /I{61407251-7F7D-4303-810D-226A04D5CFF3}
Windows Live Remote Service Resources [20120224]-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}
Windows Live Remote Service Resources [20120224]-->MsiExec.exe /I{6A2482BC-733A-404A-939A-2D5BC636E6F9}
Windows Live Remote Service Resources [20120224]-->MsiExec.exe /I{97A295A7-8840-4B35-BB61-27A8F4512CA3}
Windows Live Remote Service Resources [20120224]-->MsiExec.exe /I{9E9C960F-7F47-46D5-A95D-950B354DE2B8}
Windows Live Remote Service Resources [20120224]-->MsiExec.exe /I{D157C6E7-5847-4FD1-BEDC-7389493874F6}
Windows Live Remote Service Resources [20120224]-->MsiExec.exe /I{D3E4F422-7E0F-49C7-8B00-F42490D7A385}
Windows Live SOXE [20120224]-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live SOXE Definitions [20120224]-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live UX Platform [20120224]-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live UX Platform Language Pack [20120224]-->MsiExec.exe /I{09922FFE-D153-44AE-8B60-EA3CB8088F93}
Windows Live UX Platform Language Pack [20120224]-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734}
Windows Live UX Platform Language Pack [20120224]-->MsiExec.exe /I{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}
Windows Live UX Platform Language Pack [20120224]-->MsiExec.exe /I{2CC0789D-D31B-445F-8970-6E058BE39754}
Windows Live UX Platform Language Pack [20120224]-->MsiExec.exe /I{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}
Windows Live UX Platform Language Pack [20120224]-->MsiExec.exe /I{4C378B16-46B7-4DA1-A2CE-2EE676F74680}
Windows Live UX Platform Language Pack [20120224]-->MsiExec.exe /I{4D141929-141B-4605-95D6-2B8650C1C6DA}
Windows Live UX Platform Language Pack [20120224]-->MsiExec.exe /I{545192D4-E817-4EAA-834D-623EA50CF268}
Windows Live UX Platform Language Pack [20120224]-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform Language Pack [20120224]-->MsiExec.exe /I{5E627606-53B9-42D1-97E1-D03F6229E248}
Windows Live UX Platform Language Pack [20120224]-->MsiExec.exe /I{826A9D28-CAB2-4950-8AAA-B639DCA444CE}
Windows Live UX Platform Language Pack [20120224]-->MsiExec.exe /I{EA777812-4905-4C08-8F6E-13BDCC734609}
Windows Live UX Platform Language Pack [20120224]-->MsiExec.exe /I{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}
Windows Live Writer [20120224]-->MsiExec.exe /X{047377C9-C74B-4345-82E8-03BAE5DF2C32}
Windows Live Writer [20120224]-->MsiExec.exe /X{11778DA1-0495-4ED9-972F-F9E0B0367CD5}
Windows Live Writer [20120224]-->MsiExec.exe /X{1D6C2068-807F-4B76-A0C2-62ED05656593}
Windows Live Writer [20120224]-->MsiExec.exe /X{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}
Windows Live Writer [20120224]-->MsiExec.exe /X{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}
Windows Live Writer [20120224]-->MsiExec.exe /X{4264C020-850B-4F08-ACBE-98205D9C336C}
Windows Live Writer [20120224]-->MsiExec.exe /X{69C9C672-400A-43A0-B2DE-9DB38C371282}
Windows Live Writer [20120224]-->MsiExec.exe /X{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}
Windows Live Writer [20120224]-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer [20120224]-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer [20120224]-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Live Writer [20120224]-->MsiExec.exe /X{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}
Windows Live Writer [20120224]-->MsiExec.exe /X{C1C9D199-B4DD-4895-92DD-9A726A2FE341}
Windows Live Writer [20120224]-->MsiExec.exe /X{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}
Windows Live Writer [20120224]-->MsiExec.exe /X{E55E0C35-AC3C-4683-BA2F-834348577B80}
Windows Live Writer Resources [20120224]-->MsiExec.exe /X{26E3C07C-7FF7-4362-9E99-9E49E383CF16}
Windows Live Writer Resources [20120224]-->MsiExec.exe /X{458F399F-62AC-4747-99F5-499BBF073D29}
Windows Live Writer Resources [20120224]-->MsiExec.exe /X{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}
Windows Live Writer Resources [20120224]-->MsiExec.exe /X{5D2E7BD7-4B6F-4086-BA8A-E88484750624}
Windows Live Writer Resources [20120224]-->MsiExec.exe /X{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}
Windows Live Writer Resources [20120224]-->MsiExec.exe /X{77DAF553-291A-4471-988C-5677D90DB57E}
Windows Live Writer Resources [20120224]-->MsiExec.exe /X{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}
Windows Live Writer Resources [20120224]-->MsiExec.exe /X{7E90B133-FF47-48BB-91B8-36FC5A548FE9}
Windows Live Writer Resources [20120224]-->MsiExec.exe /X{AB78C965-5C67-409B-8433-D7B5BDB12073}
Windows Live Writer Resources [20120224]-->MsiExec.exe /X{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}
Windows Live Writer Resources [20120224]-->MsiExec.exe /X{D5A4E5F3-9ACD-412E-B380-F838DF9787B9}
Windows Live Writer Resources [20120224]-->MsiExec.exe /X{D987098B-3AD4-4E88-B80E-CF27A32D1955}
Windows Live Writer Resources [20120224]-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live'i fotogalerii [20120224]-->MsiExec.exe /X{C7DEE8F5-29D4-4A5E-823B-4A7850C5E53D}
World of Goo [02/24/2012]-->"C:\Program Files (x86)\Asus\Game Park\World of Goo\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\World of Goo\install.log"
Фотогалерия на Windows Live [20120224]-->MsiExec.exe /X{4444F27C-B1A8-464E-9486-4C37BAB39A09}

====== Security center information ======

AV: McAfee Anti-Virus and Antispyware disabled
FW: McAfee Firewall disabled
AS: McAfee Anti-Virus and Antispyware disabled
AS: Windows Defender

====== System event log ======

Computer Name: Sara-PC
Event Code: 516
Message: Proces **\mcshield.exe pid (3972) obsahuje podepsaný, ale nedůvěryhodný kód, ovladačem McAfee mu nicméně bylo povoleno provedení privilegované operace.
Record Number: 5864
Source Name: mfehidk
Time Written: 20180403153301.693070-000
Event Type: Upozornění
User:

Computer Name: Sara-PC
Event Code: 11
Message: Vlastní knihovny DLL se načítají pro každou aplikaci. Správce systému by měl zkontrolovat seznam knihoven a ujistit se, že souvisejí s důvěryhodnými aplikacemi.
Record Number: 5806
Source Name: Microsoft-Windows-Wininit
Time Written: 20180403152515.001850-000
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM

Computer Name: Sara-PC
Event Code: 10010
Message: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.
Record Number: 5646
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20180402225926.000000-000
Event Type: Chyba
User:

Computer Name: Sara-PC
Event Code: 516
Message: Proces **\mcshield.exe pid (4916) obsahuje podepsaný, ale nedůvěryhodný kód, ovladačem McAfee mu nicméně bylo povoleno provedení privilegované operace.
Record Number: 5596
Source Name: mfehidk
Time Written: 20180402224621.528001-000
Event Type: Upozornění
User:

Computer Name: Sara-PC
Event Code: 11
Message: Vlastní knihovny DLL se načítají pro každou aplikaci. Správce systému by měl zkontrolovat seznam knihoven a ujistit se, že souvisejí s důvěryhodnými aplikacemi.
Record Number: 5543
Source Name: Microsoft-Windows-Wininit
Time Written: 20180402224248.560458-000
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM
====== Application event log ======

Computer Name: Sara-PC
Event Code: 903
Message: Služba Ochrana softwaru byla ukončena.

Record Number: 2551
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20180403153329.000000-000
Event Type: Informace
User:

Computer Name: Sara-PC
Event Code: 902
Message: Služba Ochrana softwaru byla spuštěna.
6.1.7601.17514
Record Number: 2543
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20180403152826.000000-000
Event Type: Informace
User:

Computer Name: Sara-PC
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 2521
Source Name: Microsoft-Windows-WMI
Time Written: 20180403152521.000000-000
Event Type: Informace
User:

Computer Name: Sara-PC
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 2517
Source Name: Microsoft-Windows-WMI
Time Written: 20180403152513.000000-000
Event Type: Informace
User:

Computer Name: Sara-PC
Event Code: 1530
Message: Systém Windows zjistil, že soubor registru je stále používán jinými aplikacemi nebo službami. Soubor bude nyní uvolněn. Aplikace nebo služby, které soubor registru používají, nemusejí potom fungovat správně.

PODROBNOSTI –
1 user registry handles leaked from \Registry\User\S-1-5-21-3555903808-2307568763-4169163906-1001:
Process 576 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3555903808-2307568763-4169163906-1001

Record Number: 2502
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20180402225905.694802-000
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM
====== Security event log ======

Computer Name: Sara-PC
Event Code: 4905
Message: Došlo k pokusu zrušit registraci zdroje události zabezpečení.

Předmět
ID zabezpečení: S-1-5-18
Název účtu: SARA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Proces:
ID procesu: 0x109c
Název procesu: C:\Windows\System32\VSSVC.exe

Zdroj události:
Název zdroje: VSSAudit
ID zdroje události: 0x14f104
Record Number: 4933
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180403153144.347134-000
Event Type: Úspěšný audit
User:

Computer Name: Sara-PC
Event Code: 4904
Message: Došlo k pokusu zaregistrovat zdroj události zabezpečení.

Předmět :
ID zabezpečení: S-1-5-18
Název účtu: SARA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Proces:
ID procesu: 0x109c
Název procesu: C:\Windows\System32\VSSVC.exe

Zdroj události:
Název zdroje: VSSAudit
ID zdroje události: 0x14f104
Record Number: 4932
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180403153144.347134-000
Event Type: Úspěšný audit
User:

Computer Name: Sara-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 4931
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180403153043.990628-000
Event Type: Úspěšný audit
User:

Computer Name: Sara-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SARA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x2b8
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 4930
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180403153043.990628-000
Event Type: Úspěšný audit
User:

Computer Name: Sara-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 4929
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180403152929.157297-000
Event Type: Úspěšný audit
User:
====== Environment variables ======

"ComSpec" = %SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK" = NO
"OS" = Windows_NT
"Path" = C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
"PATHEXT" = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE" = AMD64
"TEMP" = %SystemRoot%\TEMP
"TMP" = %SystemRoot%\TEMP
"USERNAME" = SYSTEM
"windir" = %SystemRoot%
"PSModulePath" = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS" = 4
"PROCESSOR_LEVEL" = 6

a ještě jeden (byly dva)

Nevešel se mi sem, tak v další zprávě ....

aktij
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 186
Registrován: 25 lis 2007 09:17
Bydliště: Praha

Re: Prosím o kontrolu

#2 Příspěvek od aktij »

Logfile of random's system information tool 1.16 (written by random/random)
Run by Sara at 2018-04-03 17:42:43
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 645 GB (94%) free of 689 GB
Total RAM: 3980 MB (33% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:43:30, on 3.4.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\trend micro\Sara_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3555903808-2307568763-4169163906-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3555903808-2307568763-4169163906-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service (McOobeSv) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10569 bytes

====== Enumerating Processes ======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 25704112
\??\C:\Windows\system32\conhost.exe "11210629941190471850-1916722748-15739556351816631797-26661014510729633292027449877
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe"
"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc
"C:\Windows\system32\mfevtps.exe"
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\x64\saHook.dll", saHooker_Initialize_and_Wait
"C:\Windows\SysWOW64\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\taskhost.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\mcafee.com\agent\mcagent.exe" /runkey
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\Mozilla Firefox\firefox.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4256.6.1192341515\1790436572" -childID 2 -isForBrowser -intPrefs 6:50|7:-1|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|251:1|260:2000|277:4|281:0|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|149:1|150:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:1|181:0|182:1|184:1|186:0|188:1|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|219:0|220:1|221:0|222:1|225:0|226:0|229:1|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:0|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|224:4;high|278:38;{a3213ced-6714-4884-aec5-a6f8a23537d2}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 4256 "\\.\pipe\gecko-crash-server-pipe.4256" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4256.12.191255086\177724834" -childID 3 -isForBrowser -intPrefs 6:50|7:-1|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|251:1|260:2000|277:4|281:0|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|149:1|150:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:1|181:0|182:1|184:1|186:0|188:1|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|219:0|220:1|221:0|222:1|225:0|226:0|229:1|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:0|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|224:4;high|278:38;{a3213ced-6714-4884-aec5-a6f8a23537d2}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 4256 "\\.\pipe\gecko-crash-server-pipe.4256" tab
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4256.18.638301034\694979438" -childID 4 -isForBrowser -intPrefs 6:50|7:-1|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|251:1|260:2000|277:4|281:0|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|149:1|150:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:1|181:0|182:1|184:1|186:0|188:1|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|219:0|220:1|221:0|222:1|225:0|226:0|229:1|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:0|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|224:4;high|278:38;{a3213ced-6714-4884-aec5-a6f8a23537d2}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 4256 "\\.\pipe\gecko-crash-server-pipe.4256" tab
C:\Windows\system32\msiexec.exe /V
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4256.24.1211057993\1450908181" -childID 5 -isForBrowser -intPrefs 6:50|7:-1|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|251:1|260:2000|277:4|281:0|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|149:1|150:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:1|181:0|182:1|184:1|186:0|188:1|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|219:0|220:1|221:0|222:1|225:0|226:0|229:1|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:0|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|224:4;high|278:38;{a3213ced-6714-4884-aec5-a6f8a23537d2}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 4256 "\\.\pipe\gecko-crash-server-pipe.4256" tab
"C:\Windows\system32\wuauclt.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskeng.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Sara\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

====== Scheduled tasks folder ======

C:\Windows\tasks\DriverDR Scheduled Scan.job - C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe --scan
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
C:\Windows\system32\tasks\DriverDR Scheduled Scan - C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe --scan
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
C:\Windows\system32\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
C:\Windows\system32\tasks\{D9B8AA59-214B-402F-8414-87902ECB5351} - C:\Windows\system32\pcalua.exe -a C:\Users\Sara\AppData\Local\Temp\Temp1_WLAN_GE781_Win7_32_Win7_64_Z801380.zip\Install_CD\setup.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-3555903808-2307568763-4169163906-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\2mtoz2pc.default

"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\progra~2\mcafee\msc\npmcsn~1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL


C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\2mtoz2pc.default\addons.json

C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\2mtoz2pc.default\extensions.json
Activity Stream - extension - activity-stream@mozilla.org -
Application Update Service Helper - extension - aushelper@mozilla.org -
Pocket - extension - firefox@getpocket.com -
Follow-on Search Telemetry - extension - followonsearch@mozilla.com -
Form Autofill - extension - formautofill@mozilla.org -
Photon onboarding - extension - onboarding@mozilla.org -
Firefox Screenshots - extension - screenshots@mozilla.org -
Shield Recipe Client - extension - shield-recipe-client@mozilla.org -
Web Compat - extension - webcompat@mozilla.org -
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} -
TLS 1.3 gradual roll-out - extension - tls13-rollout-bug1442042@mozilla.org -
McAfee WebAdvisor - extension - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} -

C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\2mtoz2pc.default\pluginreg.dat

=========Google Chrome=========


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"Path"=C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx


======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTer ... -SearchBox


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTer ... -SearchBox

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2016-02-12 296960]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2016-02-12 243912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2016-02-12 296960]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02 1089288]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2016-02-12 243912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-02-22 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-02-22 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-02-22 440600]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-16 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-16 932288]
"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2012-02-24 3331312]
"ASUSWebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [2011-07-29 737104]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2013-03-13 1532992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2018-04-03 17:42:46 ----D---- C:\Program Files\trend micro
2018-04-03 17:42:43 ----D---- C:\rsit
2018-04-03 01:02:31 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2018-04-03 01:02:31 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2018-04-03 01:02:31 ----A---- C:\Windows\system32\infocardapi.dll
2018-04-03 01:02:31 ----A---- C:\Windows\system32\icardagt.exe
2018-04-03 01:02:30 ----A---- C:\Windows\SYSWOW64\icardres.dll
2018-04-03 01:02:30 ----A---- C:\Windows\system32\icardres.dll
2018-04-03 01:02:11 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2018-04-03 01:02:11 ----A---- C:\Windows\system32\TsWpfWrp.exe
2018-04-03 00:58:16 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2018-04-03 00:58:16 ----A---- C:\Windows\system32\rdpcore.dll
2018-04-03 00:58:15 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2018-04-03 00:58:15 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2018-04-02 18:57:50 ----D---- C:\Users\Sara\AppData\Roaming\Macromedia
2018-04-01 20:01:44 ----D---- C:\Users\Sara\AppData\Roaming\Mozilla
2018-04-01 20:01:33 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-01 20:01:28 ----D---- C:\Program Files\Mozilla Firefox
2018-04-01 19:23:07 ----A---- C:\Windows\system32\drivers\HipShieldK.sys
2018-04-01 18:53:37 ----A---- C:\Windows\system32\wups2.dll
2018-04-01 18:53:37 ----A---- C:\Windows\system32\wucltux.dll
2018-04-01 18:53:37 ----A---- C:\Windows\system32\wuaueng.dll
2018-04-01 18:53:37 ----A---- C:\Windows\system32\wuauclt.exe
2018-04-01 18:53:15 ----A---- C:\Windows\SYSWOW64\wups.dll
2018-04-01 18:53:15 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2018-04-01 18:53:15 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2018-04-01 18:53:15 ----A---- C:\Windows\system32\wups.dll
2018-04-01 18:53:15 ----A---- C:\Windows\system32\wudriver.dll
2018-04-01 18:53:15 ----A---- C:\Windows\system32\wuapi.dll
2018-04-01 18:52:55 ----D---- C:\Users\Sara\AppData\Roaming\Adobe
2018-04-01 18:52:55 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2018-04-01 18:52:55 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2018-04-01 18:52:55 ----A---- C:\Windows\system32\wuwebv.dll
2018-04-01 18:52:55 ----A---- C:\Windows\system32\wuapp.exe
2018-04-01 18:45:16 ----D---- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
2018-04-01 18:42:28 ----D---- C:\ProgramData\Qualcomm Atheros
2018-04-01 18:37:05 ----A---- C:\Windows\system32\netr28x.sys
2018-04-01 18:36:34 ----D---- C:\ProgramData\Ralink
2018-04-01 18:15:39 ----D---- C:\Users\Sara\AppData\Roaming\DriverDR.com
2018-04-01 18:15:37 ----D---- C:\Program Files\DriverDR.com
2018-04-01 05:34:43 ----A---- C:\Windows\system32\drivers\IntelMEFWVer.dll
2018-04-01 05:34:39 ----A---- C:\Windows\SYSWOW64\log.txt
2018-04-01 05:34:38 ----D---- C:\ProgramData\Intel
2018-04-01 05:34:35 ----D---- C:\Program Files\Intel
2018-04-01 05:34:03 ----A---- C:\Windows\system32\drivers\HECIx64.sys
2018-04-01 05:34:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-04-01 05:34:00 ----D---- C:\ProgramData\InstallShield
2018-04-01 05:33:36 ----D---- C:\Windows\SYSWOW64\NV
2018-04-01 05:33:36 ----D---- C:\Windows\system32\NV
2018-04-01 05:32:23 ----D---- C:\ProgramData\NVIDIA
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nvvsvc.exe
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nvsvcr.dll
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nvsvc64.dll
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nvshext.dll
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nvmctray.dll
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nvcpl.dll
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nv3dappshextr.dll
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nv3dappshext.dll
2018-04-01 05:31:43 ----D---- C:\ProgramData\NVIDIA Corporation
2018-04-01 05:31:40 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2018-04-01 05:31:22 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2018-04-01 05:31:22 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2018-04-01 05:31:22 ----A---- C:\Windows\system32\nvwgf2umx.dll
2018-04-01 05:31:22 ----A---- C:\Windows\system32\nvumdshimx.dll
2018-04-01 05:31:22 ----A---- C:\Windows\system32\drivers\nvpciflt.sys
2018-04-01 05:31:21 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2018-04-01 05:31:21 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2018-04-01 05:31:21 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2018-04-01 05:31:21 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2018-04-01 05:31:21 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2018-04-01 05:31:21 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvoglv64.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvinitx.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvgenco64.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvdispco64.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvdecodemft.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvd3dumx.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvcuvid.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvcuvenc.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2018-04-01 05:31:20 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2018-04-01 05:31:20 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2018-04-01 05:31:20 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2018-04-01 05:31:20 ----A---- C:\Windows\system32\nvcuda.dll
2018-04-01 05:31:20 ----A---- C:\Windows\system32\nvcompiler.dll
2018-04-01 05:31:20 ----A---- C:\Windows\system32\nvapi64.dll
2018-04-01 05:31:03 ----D---- C:\Program Files\NVIDIA Corporation
2018-04-01 05:28:30 ----A---- C:\Windows\system32\OpenCL.dll
2018-04-01 05:28:30 ----A---- C:\Windows\system32\IntelOpenCL64.dll
2018-04-01 05:28:28 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2018-04-01 05:28:28 ----A---- C:\Windows\SYSWOW64\IntelOpenCL32.dll
2018-04-01 05:28:24 ----D---- C:\Program Files\Common Files\Intel
2018-04-01 05:23:38 ----D---- C:\Program Files (x86)\Intel
2018-04-01 05:23:38 ----A---- C:\Windows\SYSWOW64\CSVer.dll
2018-04-01 05:23:27 ----D---- C:\Intel
2018-04-01 05:17:34 ----A---- C:\Windows\SYSWOW64\ifsutil.dll
2018-04-01 05:17:34 ----A---- C:\Windows\system32\ifsutil.dll
2018-04-01 05:14:17 ----A---- C:\Windows\system32\drivers\ndis.sys
2018-04-01 05:10:06 ----D---- C:\Windows\SoftwareDistribution
2018-04-01 05:06:58 ----ASH---- C:\hiberfil.sys
2018-04-01 05:06:51 ----ASH---- C:\pagefile.sys
2018-04-01 05:05:01 ----SHD---- C:\System Volume Information
2018-04-01 05:05:01 ----A---- C:\Windows\AsToolCDVer.txt
2018-04-01 05:05:01 ----A---- C:\Windows\AsRunBar.txt
2018-04-01 05:04:39 ----D---- C:\eSupport
2018-03-31 20:46:28 ----N---- C:\Windows\system32\athrx.sys
2018-03-31 20:46:28 ----A---- C:\Windows\system32\drivers\athrx.sys
2018-03-31 20:46:27 ----D---- C:\Windows\system32\nn-NO
2018-03-31 20:46:27 ----A---- C:\Windows\system32\athihvui.dll
2018-03-31 20:46:27 ----A---- C:\Windows\system32\athihvs.dll
2018-03-31 20:46:04 ----D---- C:\ProgramData\Atheros
2018-03-31 20:46:03 ----D---- C:\Users\Sara\AppData\Roaming\InstallShield
2018-03-31 20:01:04 ----D---- C:\Users\Sara\AppData\Roaming\ASUS WebStorage
2018-03-31 19:54:47 ----D---- C:\Users\Sara\AppData\Roaming\Identities
2018-03-31 19:54:10 ----D---- C:\ProgramData\FolderView
2018-03-31 19:53:58 ----SD---- C:\Users\Sara\AppData\Roaming\Microsoft
2018-03-31 19:53:58 ----D---- C:\Users\Sara\AppData\Roaming\Media Center Programs

====== List of files/folders modified in the last 1 month ======

2018-04-03 17:43:34 ----D---- C:\Windows\system32\catroot
2018-04-03 17:43:28 ----D---- C:\Windows\Temp
2018-04-03 17:43:27 ----D---- C:\Windows\system32\catroot2
2018-04-03 17:43:14 ----D---- C:\Windows\winsxs
2018-04-03 17:42:46 ----RD---- C:\Program Files
2018-04-03 17:39:32 ----D---- C:\Windows\Microsoft.NET
2018-04-03 17:39:31 ----RSD---- C:\Windows\assembly
2018-04-03 17:38:02 ----SHD---- C:\Windows\Installer
2018-04-03 17:33:41 ----D---- C:\Windows\System32
2018-04-03 17:33:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-04-03 17:33:39 ----D---- C:\Windows\inf
2018-04-03 17:30:32 ----D---- C:\Windows\Prefetch
2018-04-03 17:25:07 ----D---- C:\Windows\system32\config
2018-04-03 01:04:42 ----D---- C:\Windows\SysWOW64
2018-04-03 01:04:42 ----D---- C:\Windows\system32\drivers
2018-04-03 01:03:53 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-04-03 01:03:52 ----D---- C:\Windows\system32\cs-CZ
2018-04-02 23:04:25 ----D---- C:\Windows\system32\drivers\UMDF
2018-04-02 19:36:46 ----D---- C:\Program Files (x86)\McAfee
2018-04-02 18:53:22 ----D---- C:\Windows\rescache
2018-04-02 18:51:20 ----D---- C:\Windows
2018-04-02 18:50:49 ----D---- C:\Program Files\Common Files\mcafee
2018-04-02 18:48:45 ----D---- C:\Windows\system32\wdi
2018-04-02 18:47:37 ----D---- C:\Program Files\Windows Media Player
2018-04-02 18:47:37 ----D---- C:\Program Files\Windows Defender
2018-04-02 18:47:36 ----D---- C:\Windows\servicing
2018-04-02 18:47:36 ----D---- C:\Program Files (x86)\Windows Media Player
2018-04-02 18:47:36 ----D---- C:\Program Files (x86)\Windows Defender
2018-04-02 18:47:35 ----D---- C:\Windows\SYSWOW64\sr-Latn-CS
2018-04-02 18:47:35 ----D---- C:\Windows\SYSWOW64\en
2018-04-02 18:47:25 ----D---- C:\Windows\SYSWOW64\en-US
2018-04-02 18:47:25 ----D---- C:\Windows\SYSWOW64\drivers\en-US
2018-04-02 18:47:16 ----D---- C:\Windows\sr-Latn-CS
2018-04-02 18:47:15 ----D---- C:\Windows\system32\en
2018-04-02 18:47:15 ----D---- C:\Windows\en-US
2018-04-02 18:47:14 ----D---- C:\Windows\system32\sr-Latn-CS
2018-04-02 18:47:07 ----D---- C:\Windows\system32\en-US
2018-04-02 18:47:00 ----D---- C:\Windows\system32\drivers\en-US
2018-04-01 20:01:33 ----RD---- C:\Program Files (x86)
2018-04-01 19:23:23 ----D---- C:\ProgramData\McAfee
2018-04-01 19:23:07 ----D---- C:\Program Files\mcafee
2018-04-01 19:21:24 ----D---- C:\Windows\system32\DriverStore
2018-04-01 18:45:08 ----SD---- C:\ProgramData\Microsoft
2018-04-01 18:44:05 ----D---- C:\Windows\system32\NDF
2018-04-01 18:42:28 ----HD---- C:\ProgramData
2018-04-01 18:15:42 ----D---- C:\Windows\system32\Tasks
2018-04-01 18:15:41 ----D---- C:\Windows\Tasks
2018-04-01 08:34:46 ----D---- C:\Windows\system32\WCN
2018-04-01 08:34:46 ----D---- C:\Windows\system32\Dism
2018-04-01 08:34:45 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2018-04-01 08:33:10 ----D---- C:\Program Files\Windows Sidebar
2018-04-01 08:33:09 ----D---- C:\Windows\SYSWOW64\sl-SI
2018-04-01 08:33:09 ----D---- C:\Windows\SYSWOW64\migwiz
2018-04-01 08:33:09 ----D---- C:\Windows\SYSWOW64\drivers
2018-04-01 08:33:09 ----D---- C:\Windows\ehome
2018-04-01 08:33:09 ----D---- C:\Program Files\Windows Photo Viewer
2018-04-01 08:33:09 ----D---- C:\Program Files\Windows Mail
2018-04-01 08:33:09 ----D---- C:\Program Files\Windows Journal
2018-04-01 08:33:09 ----D---- C:\Program Files\Common Files\System
2018-04-01 08:33:09 ----D---- C:\Program Files (x86)\Windows Sidebar
2018-04-01 08:33:09 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2018-04-01 08:33:09 ----D---- C:\Program Files (x86)\Windows Mail
2018-04-01 08:33:07 ----D---- C:\Windows\SYSWOW64\WCN
2018-04-01 08:33:04 ----D---- C:\Windows\system32\sysprep
2018-04-01 08:33:04 ----D---- C:\Windows\system32\sl-SI
2018-04-01 08:33:04 ----D---- C:\Windows\system32\oobe
2018-04-01 08:33:04 ----D---- C:\Windows\system32\migwiz
2018-04-01 08:31:21 ----D---- C:\Windows\SYSWOW64\sk-SK
2018-04-01 08:31:19 ----D---- C:\Windows\system32\sk-SK
2018-04-01 08:29:25 ----D---- C:\Windows\SYSWOW64\ro-RO
2018-04-01 08:29:17 ----D---- C:\Windows\system32\ro-RO
2018-04-01 05:38:33 ----D---- C:\Windows\Panther
2018-04-01 05:34:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2018-04-01 05:34:08 ----D---- C:\Program Files (x86)\Common Files
2018-04-01 05:32:02 ----D---- C:\Windows\Help
2018-04-01 05:28:24 ----D---- C:\Program Files\Common Files
2018-04-01 05:04:41 ----D---- C:\Windows\ASUS
2018-04-01 01:52:27 ----D---- C:\Windows\SYSWOW64\XPSViewer
2018-04-01 01:52:27 ----D---- C:\Windows\SYSWOW64\winrm
2018-04-01 01:52:27 ----D---- C:\Windows\SYSWOW64\slmgr
2018-04-01 01:52:27 ----D---- C:\Windows\SYSWOW64\pl-PL
2018-04-01 01:52:27 ----D---- C:\Windows\SYSWOW64\migration
2018-04-01 01:52:27 ----D---- C:\Windows\SYSWOW64\DriverStore
2018-04-01 01:52:27 ----D---- C:\Windows\SYSWOW64\Dism
2018-04-01 01:52:20 ----D---- C:\Windows\SYSWOW64\Printing_Admin_Scripts
2018-04-01 01:52:20 ----D---- C:\Windows\SYSWOW64\com
2018-04-01 01:52:20 ----D---- C:\Windows\system32\winrm
2018-04-01 01:52:20 ----D---- C:\Windows\IME
2018-04-01 01:52:19 ----D---- C:\Windows\system32\slmgr
2018-04-01 01:52:19 ----D---- C:\Windows\system32\migration
2018-04-01 01:52:19 ----D---- C:\Windows\system32\Boot
2018-04-01 01:52:18 ----D---- C:\Windows\system32\pl-PL
2018-04-01 01:52:10 ----D---- C:\Windows\system32\com
2018-04-01 01:52:10 ----D---- C:\Windows\AppPatch
2018-04-01 01:51:56 ----D---- C:\Windows\SYSWOW64\MUI
2018-04-01 01:51:56 ----D---- C:\Windows\SYSWOW64\hu-HU
2018-04-01 01:51:48 ----D---- C:\Windows\system32\MUI
2018-04-01 01:51:47 ----D---- C:\Windows\system32\hu-HU
2018-04-01 01:51:38 ----D---- C:\Windows\SYSWOW64\lv-LV
2018-04-01 01:51:36 ----D---- C:\Windows\system32\lv-LV
2018-04-01 01:51:28 ----D---- C:\Windows\SYSWOW64\lt-LT
2018-04-01 01:51:23 ----D---- C:\Windows\system32\lt-LT
2018-04-01 01:51:11 ----D---- C:\Windows\SYSWOW64\hr-HR
2018-04-01 01:51:09 ----D---- C:\Windows\system32\hr-HR
2018-04-01 01:50:57 ----D---- C:\Windows\SYSWOW64\et-EE
2018-04-01 01:50:55 ----D---- C:\Windows\system32\et-EE
2018-04-01 01:50:45 ----D---- C:\Windows\SYSWOW64\bg-BG
2018-04-01 01:50:43 ----D---- C:\Windows\system32\bg-BG
2018-04-01 01:32:50 ----D---- C:\Program Files\DVD Maker
2018-04-01 01:29:41 ----D---- C:\Windows\system32\restore
2018-03-31 21:20:28 ----D---- C:\Windows\Logs
2018-03-31 21:01:12 ----D---- C:\Windows\system32\zh-TW
2018-03-31 21:01:12 ----D---- C:\Windows\system32\zh-CN
2018-03-31 21:01:12 ----D---- C:\Windows\system32\tr-TR
2018-03-31 21:01:12 ----D---- C:\Windows\system32\sv-SE
2018-03-31 21:01:12 ----D---- C:\Windows\system32\ru-RU
2018-03-31 21:01:12 ----D---- C:\Windows\system32\pt-PT
2018-03-31 21:01:12 ----D---- C:\Windows\system32\nl-NL
2018-03-31 21:01:12 ----D---- C:\Windows\system32\ko-KR
2018-03-31 21:01:11 ----D---- C:\Windows\system32\ja-JP
2018-03-31 21:01:11 ----D---- C:\Windows\system32\it-IT
2018-03-31 21:01:11 ----D---- C:\Windows\system32\fr-FR
2018-03-31 21:01:11 ----D---- C:\Windows\system32\fi-FI
2018-03-31 21:01:11 ----D---- C:\Windows\system32\es-ES
2018-03-31 21:01:11 ----D---- C:\Windows\system32\el-GR
2018-03-31 21:01:11 ----D---- C:\Windows\system32\de-DE
2018-03-31 21:01:11 ----D---- C:\Windows\system32\da-DK
2018-03-31 19:57:12 ----D---- C:\ProgramData\ChangeFolderView
2018-03-31 19:54:39 ----SHD---- C:\$Recycle.Bin
2018-03-31 19:54:32 ----D---- C:\Windows\Log
2018-03-31 19:53:58 ----RD---- C:\Users
2018-03-31 19:53:43 ----SHD---- C:\Recovery
2018-03-31 19:53:36 ----D---- C:\Windows\system32\Recovery

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-12-23 568600]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2013-02-19 771536]
R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-06-24 29032]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2012-11-26 2811904]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2012-02-24 80384]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2013-02-19 70112]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-02-22 14692224]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-02-20 331264]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-03 62784]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2013-02-19 179280]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2013-02-19 309840]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-02-24 552960]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-14 48488]
S3 HipShieldK;McAfee Inc. HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-06-27 129856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-17 277824]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2016-02-12 154856]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R2 McOobeSv;McAfee OOBE Service; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2013-02-19 241456]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [2013-02-19 182752]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-06-24 890216]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-24 2458984]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-02-22 276248]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-05-14 1492840]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
S3 McAWFwk;McAfee Activation Service; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
S3 McODS;McAfee Scanner; C:\Program Files\mcafee\VirusScan\mcods.exe [2013-02-25 384048]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-03-23 194512]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118198
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu

#3 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

aktij
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 186
Registrován: 25 lis 2007 09:17
Bydliště: Praha

Re: Prosím o kontrolu

#4 Příspěvek od aktij »

Zde je log :

# AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 03 17:03:30 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-04-03.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118198
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu

#5 Příspěvek od Rudy »

Toto je OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Program Files (x86)\Microsoft\BingBar

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]/64

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

aktij
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 186
Registrován: 25 lis 2007 09:17
Bydliště: Praha

Re: Prosím o kontrolu

#6 Příspěvek od aktij »

Zde je nový RSIT :

Logfile of random's system information tool 1.16 (written by random/random)
Run by Sara at 2018-04-03 20:28:15
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 641 GB (93%) free of 689 GB
Total RAM: 3980 MB (6% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:28:34, on 3.4.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\trend micro\Sara_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3555903808-2307568763-4169163906-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3555903808-2307568763-4169163906-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: McAfee Application Installer Cleanup (0179411522779933) (0179411522779933mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\017941~1.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bing Bar Update Service (BBSvc) - Unknown owner - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service (McOobeSv) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SeaPort - Unknown owner - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10817 bytes

====== Enumerating Processes ======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\WLANExt.exe 29055680
\??\C:\Windows\system32\conhost.exe "183589168810047094711724324310871833226-1017633651291588166-15665288501831528325
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe"
"C:\Windows\system32\mfevtps.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\McAfee\MSC\McAPExe.exe"
"C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\04032018_201937.log
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4760.0.1411328210\1605395976" -childID 1 -isForBrowser -intPrefs 6:50|7:-1|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|251:1|260:2000|277:4|281:0|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|149:1|150:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:1|181:0|182:1|184:1|186:0|188:1|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|219:0|220:1|221:0|222:1|225:0|226:0|229:1|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:0|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|224:4;high|278:38;{a3213ced-6714-4884-aec5-a6f8a23537d2}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 4760 "\\.\pipe\gecko-crash-server-pipe.4760" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4760.6.1548206679\1750100582" -childID 2 -isForBrowser -intPrefs 6:50|7:-1|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|251:1|260:2000|277:4|281:0|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|149:1|150:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:1|181:0|182:1|184:1|186:0|188:1|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|219:0|220:1|221:0|222:1|225:0|226:0|229:1|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:0|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|224:4;high|278:38;{a3213ced-6714-4884-aec5-a6f8a23537d2}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 4760 "\\.\pipe\gecko-crash-server-pipe.4760" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4760.18.387009125\418417337" -childID 4 -isForBrowser -intPrefs 6:50|7:-1|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|251:1|260:2000|277:4|281:0|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|149:1|150:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:1|181:0|182:1|184:1|186:0|188:1|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|219:0|220:1|221:0|222:1|225:0|226:0|229:1|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:0|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|224:4;high|278:38;{a3213ced-6714-4884-aec5-a6f8a23537d2}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 4760 "\\.\pipe\gecko-crash-server-pipe.4760" tab
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Sara\Downloads\RSITx64.exe"

====== Scheduled tasks folder ======

C:\Windows\tasks\DriverDR Scheduled Scan.job - C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe --scan
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
C:\Windows\system32\tasks\DriverDR Scheduled Scan - C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe --scan
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
C:\Windows\system32\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
C:\Windows\system32\tasks\{D9B8AA59-214B-402F-8414-87902ECB5351} - C:\Windows\system32\pcalua.exe -a C:\Users\Sara\AppData\Local\Temp\Temp1_WLAN_GE781_Win7_32_Win7_64_Z801380.zip\Install_CD\setup.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-3555903808-2307568763-4169163906-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\2mtoz2pc.default

"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL


C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\2mtoz2pc.default\addons.json

C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\2mtoz2pc.default\extensions.json
Activity Stream - extension - activity-stream@mozilla.org -
Application Update Service Helper - extension - aushelper@mozilla.org -
Pocket - extension - firefox@getpocket.com -
Follow-on Search Telemetry - extension - followonsearch@mozilla.com -
Form Autofill - extension - formautofill@mozilla.org -
Photon onboarding - extension - onboarding@mozilla.org -
Firefox Screenshots - extension - screenshots@mozilla.org -
Shield Recipe Client - extension - shield-recipe-client@mozilla.org -
Web Compat - extension - webcompat@mozilla.org -
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} -
TLS 1.3 gradual roll-out - extension - tls13-rollout-bug1442042@mozilla.org -
McAfee® WebAdvisor - webextension - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} -

C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\2mtoz2pc.default\pluginreg.dat

=========Google Chrome=========


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"Path"=C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx


======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2016-10-03 2969352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2016-10-03 2554120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2016-10-03 2969352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-02-22 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-02-22 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-02-22 440600]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-16 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-16 932288]
"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2012-02-24 3331312]
"ASUSWebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [2011-07-29 737104]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2014-04-25 537992]
"mcpltui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2014-04-25 537992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2018-04-03 20:19:37 ----D---- C:\_OTM
2018-04-03 19:47:19 ----A---- C:\Windows\system32\drivers\HipShieldK.sys
2018-04-03 19:01:33 ----D---- C:\AdwCleaner
2018-04-03 17:42:46 ----D---- C:\Program Files\trend micro
2018-04-03 17:42:43 ----D---- C:\rsit
2018-04-03 01:02:31 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2018-04-03 01:02:31 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2018-04-03 01:02:31 ----A---- C:\Windows\system32\infocardapi.dll
2018-04-03 01:02:31 ----A---- C:\Windows\system32\icardagt.exe
2018-04-03 01:02:30 ----A---- C:\Windows\SYSWOW64\icardres.dll
2018-04-03 01:02:30 ----A---- C:\Windows\system32\icardres.dll
2018-04-03 01:02:11 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2018-04-03 01:02:11 ----A---- C:\Windows\system32\TsWpfWrp.exe
2018-04-03 00:58:16 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2018-04-03 00:58:16 ----A---- C:\Windows\system32\rdpcore.dll
2018-04-03 00:58:15 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2018-04-03 00:58:15 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2018-04-02 18:57:50 ----D---- C:\Users\Sara\AppData\Roaming\Macromedia
2018-04-01 20:01:44 ----D---- C:\Users\Sara\AppData\Roaming\Mozilla
2018-04-01 20:01:33 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-01 20:01:28 ----D---- C:\Program Files\Mozilla Firefox
2018-04-01 18:53:37 ----A---- C:\Windows\system32\wups2.dll
2018-04-01 18:53:37 ----A---- C:\Windows\system32\wucltux.dll
2018-04-01 18:53:37 ----A---- C:\Windows\system32\wuaueng.dll
2018-04-01 18:53:37 ----A---- C:\Windows\system32\wuauclt.exe
2018-04-01 18:53:15 ----A---- C:\Windows\SYSWOW64\wups.dll
2018-04-01 18:53:15 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2018-04-01 18:53:15 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2018-04-01 18:53:15 ----A---- C:\Windows\system32\wups.dll
2018-04-01 18:53:15 ----A---- C:\Windows\system32\wudriver.dll
2018-04-01 18:53:15 ----A---- C:\Windows\system32\wuapi.dll
2018-04-01 18:52:55 ----D---- C:\Users\Sara\AppData\Roaming\Adobe
2018-04-01 18:52:55 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2018-04-01 18:52:55 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2018-04-01 18:52:55 ----A---- C:\Windows\system32\wuwebv.dll
2018-04-01 18:52:55 ----A---- C:\Windows\system32\wuapp.exe
2018-04-01 18:45:16 ----D---- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
2018-04-01 18:42:28 ----D---- C:\ProgramData\Qualcomm Atheros
2018-04-01 18:37:05 ----A---- C:\Windows\system32\netr28x.sys
2018-04-01 18:36:34 ----D---- C:\ProgramData\Ralink
2018-04-01 18:15:39 ----D---- C:\Users\Sara\AppData\Roaming\DriverDR.com
2018-04-01 18:15:37 ----D---- C:\Program Files\DriverDR.com
2018-04-01 05:34:43 ----A---- C:\Windows\system32\drivers\IntelMEFWVer.dll
2018-04-01 05:34:39 ----A---- C:\Windows\SYSWOW64\log.txt
2018-04-01 05:34:38 ----D---- C:\ProgramData\Intel
2018-04-01 05:34:35 ----D---- C:\Program Files\Intel
2018-04-01 05:34:03 ----A---- C:\Windows\system32\drivers\HECIx64.sys
2018-04-01 05:34:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-04-01 05:34:00 ----D---- C:\ProgramData\InstallShield
2018-04-01 05:33:36 ----D---- C:\Windows\SYSWOW64\NV
2018-04-01 05:33:36 ----D---- C:\Windows\system32\NV
2018-04-01 05:32:23 ----D---- C:\ProgramData\NVIDIA
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nvvsvc.exe
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nvsvcr.dll
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nvsvc64.dll
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nvshext.dll
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nvmctray.dll
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nvcpl.dll
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nv3dappshextr.dll
2018-04-01 05:32:09 ----A---- C:\Windows\system32\nv3dappshext.dll
2018-04-01 05:31:43 ----D---- C:\ProgramData\NVIDIA Corporation
2018-04-01 05:31:40 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2018-04-01 05:31:22 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2018-04-01 05:31:22 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2018-04-01 05:31:22 ----A---- C:\Windows\system32\nvwgf2umx.dll
2018-04-01 05:31:22 ----A---- C:\Windows\system32\nvumdshimx.dll
2018-04-01 05:31:22 ----A---- C:\Windows\system32\drivers\nvpciflt.sys
2018-04-01 05:31:21 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2018-04-01 05:31:21 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2018-04-01 05:31:21 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2018-04-01 05:31:21 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2018-04-01 05:31:21 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2018-04-01 05:31:21 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvoglv64.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvinitx.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvgenco64.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvdispco64.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvdecodemft.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvd3dumx.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvcuvid.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\nvcuvenc.dll
2018-04-01 05:31:21 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2018-04-01 05:31:20 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2018-04-01 05:31:20 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2018-04-01 05:31:20 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2018-04-01 05:31:20 ----A---- C:\Windows\system32\nvcuda.dll
2018-04-01 05:31:20 ----A---- C:\Windows\system32\nvcompiler.dll
2018-04-01 05:31:20 ----A---- C:\Windows\system32\nvapi64.dll
2018-04-01 05:31:03 ----D---- C:\Program Files\NVIDIA Corporation
2018-04-01 05:28:30 ----A---- C:\Windows\system32\OpenCL.dll
2018-04-01 05:28:30 ----A---- C:\Windows\system32\IntelOpenCL64.dll
2018-04-01 05:28:28 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2018-04-01 05:28:28 ----A---- C:\Windows\SYSWOW64\IntelOpenCL32.dll
2018-04-01 05:28:24 ----D---- C:\Program Files\Common Files\Intel
2018-04-01 05:23:38 ----D---- C:\Program Files (x86)\Intel
2018-04-01 05:23:38 ----A---- C:\Windows\SYSWOW64\CSVer.dll
2018-04-01 05:23:27 ----D---- C:\Intel
2018-04-01 05:17:34 ----A---- C:\Windows\SYSWOW64\ifsutil.dll
2018-04-01 05:17:34 ----A---- C:\Windows\system32\ifsutil.dll
2018-04-01 05:14:17 ----A---- C:\Windows\system32\drivers\ndis.sys
2018-04-01 05:10:06 ----D---- C:\Windows\SoftwareDistribution
2018-04-01 05:06:58 ----ASH---- C:\hiberfil.sys
2018-04-01 05:06:51 ----ASH---- C:\pagefile.sys
2018-04-01 05:05:01 ----SHD---- C:\System Volume Information
2018-04-01 05:05:01 ----A---- C:\Windows\AsToolCDVer.txt
2018-04-01 05:05:01 ----A---- C:\Windows\AsRunBar.txt
2018-04-01 05:04:39 ----D---- C:\eSupport
2018-03-31 20:46:28 ----N---- C:\Windows\system32\athrx.sys
2018-03-31 20:46:28 ----A---- C:\Windows\system32\drivers\athrx.sys
2018-03-31 20:46:27 ----D---- C:\Windows\system32\nn-NO
2018-03-31 20:46:27 ----A---- C:\Windows\system32\athihvui.dll
2018-03-31 20:46:27 ----A---- C:\Windows\system32\athihvs.dll
2018-03-31 20:46:04 ----D---- C:\ProgramData\Atheros
2018-03-31 20:46:03 ----D---- C:\Users\Sara\AppData\Roaming\InstallShield
2018-03-31 20:01:04 ----D---- C:\Users\Sara\AppData\Roaming\ASUS WebStorage
2018-03-31 19:54:47 ----D---- C:\Users\Sara\AppData\Roaming\Identities
2018-03-31 19:54:10 ----D---- C:\ProgramData\FolderView
2018-03-31 19:53:58 ----SD---- C:\Users\Sara\AppData\Roaming\Microsoft
2018-03-31 19:53:58 ----D---- C:\Users\Sara\AppData\Roaming\Media Center Programs

====== List of files/folders modified in the last 1 month ======

2018-04-03 20:27:26 ----D---- C:\Windows\Temp
2018-04-03 20:24:46 ----D---- C:\Program Files\mcafee
2018-04-03 20:24:14 ----D---- C:\Windows\system32\config
2018-04-03 20:23:45 ----D---- C:\Program Files\Common Files\mcafee
2018-04-03 20:23:44 ----D---- C:\Windows\System32
2018-04-03 20:20:01 ----D---- C:\Program Files (x86)\Microsoft
2018-04-03 20:01:00 ----RSD---- C:\Windows\assembly
2018-04-03 20:01:00 ----D---- C:\Windows\Microsoft.NET
2018-04-03 19:48:13 ----D---- C:\Windows\system32\catroot
2018-04-03 19:48:12 ----D---- C:\Windows\system32\drivers
2018-04-03 19:46:49 ----D---- C:\ProgramData\McAfee
2018-04-03 19:46:01 ----D---- C:\Windows\system32\catroot2
2018-04-03 19:41:00 ----D---- C:\Program Files (x86)\McAfee
2018-04-03 18:40:52 ----D---- C:\Windows\winsxs
2018-04-03 17:42:46 ----RD---- C:\Program Files
2018-04-03 17:38:02 ----SHD---- C:\Windows\Installer
2018-04-03 17:33:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-04-03 17:33:39 ----D---- C:\Windows\inf
2018-04-03 17:30:32 ----D---- C:\Windows\Prefetch
2018-04-03 01:04:42 ----D---- C:\Windows\SysWOW64
2018-04-03 01:03:53 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-04-03 01:03:52 ----D---- C:\Windows\system32\cs-CZ
2018-04-02 23:04:25 ----D---- C:\Windows\system32\drivers\UMDF
2018-04-02 18:53:22 ----D---- C:\Windows\rescache
2018-04-02 18:51:20 ----D---- C:\Windows
2018-04-02 18:48:45 ----D---- C:\Windows\system32\wdi
2018-04-02 18:47:37 ----D---- C:\Program Files\Windows Media Player
2018-04-02 18:47:37 ----D---- C:\Program Files\Windows Defender
2018-04-02 18:47:36 ----D---- C:\Windows\servicing
2018-04-02 18:47:36 ----D---- C:\Program Files (x86)\Windows Media Player
2018-04-02 18:47:36 ----D---- C:\Program Files (x86)\Windows Defender
2018-04-02 18:47:35 ----D---- C:\Windows\SYSWOW64\winrm
2018-04-02 18:47:35 ----D---- C:\Windows\SYSWOW64\sr-Latn-CS
2018-04-02 18:47:35 ----D---- C:\Windows\SYSWOW64\slmgr
2018-04-02 18:47:35 ----D---- C:\Windows\SYSWOW64\en
2018-04-02 18:47:25 ----D---- C:\Windows\SYSWOW64\en-US
2018-04-02 18:47:25 ----D---- C:\Windows\SYSWOW64\drivers\en-US
2018-04-02 18:47:17 ----D---- C:\Windows\SYSWOW64\Printing_Admin_Scripts
2018-04-02 18:47:16 ----D---- C:\Windows\sr-Latn-CS
2018-04-02 18:47:15 ----D---- C:\Windows\system32\winrm
2018-04-02 18:47:15 ----D---- C:\Windows\system32\slmgr
2018-04-02 18:47:15 ----D---- C:\Windows\system32\en
2018-04-02 18:47:15 ----D---- C:\Windows\en-US
2018-04-02 18:47:14 ----D---- C:\Windows\system32\sr-Latn-CS
2018-04-02 18:47:07 ----D---- C:\Windows\system32\en-US
2018-04-02 18:47:00 ----D---- C:\Windows\system32\drivers\en-US
2018-04-02 18:46:59 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2018-04-01 20:01:33 ----RD---- C:\Program Files (x86)
2018-04-01 19:21:24 ----D---- C:\Windows\system32\DriverStore
2018-04-01 18:45:08 ----SD---- C:\ProgramData\Microsoft
2018-04-01 18:44:05 ----D---- C:\Windows\system32\NDF
2018-04-01 18:42:28 ----HD---- C:\ProgramData
2018-04-01 18:15:42 ----D---- C:\Windows\system32\Tasks
2018-04-01 18:15:41 ----D---- C:\Windows\Tasks
2018-04-01 08:34:46 ----D---- C:\Windows\system32\WCN
2018-04-01 08:34:46 ----D---- C:\Windows\system32\Dism
2018-04-01 08:33:10 ----D---- C:\Program Files\Windows Sidebar
2018-04-01 08:33:09 ----D---- C:\Windows\SYSWOW64\sl-SI
2018-04-01 08:33:09 ----D---- C:\Windows\SYSWOW64\migwiz
2018-04-01 08:33:09 ----D---- C:\Windows\SYSWOW64\drivers
2018-04-01 08:33:09 ----D---- C:\Windows\ehome
2018-04-01 08:33:09 ----D---- C:\Program Files\Windows Photo Viewer
2018-04-01 08:33:09 ----D---- C:\Program Files\Windows Mail
2018-04-01 08:33:09 ----D---- C:\Program Files\Windows Journal
2018-04-01 08:33:09 ----D---- C:\Program Files\Common Files\System
2018-04-01 08:33:09 ----D---- C:\Program Files (x86)\Windows Sidebar
2018-04-01 08:33:09 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2018-04-01 08:33:09 ----D---- C:\Program Files (x86)\Windows Mail
2018-04-01 08:33:07 ----D---- C:\Windows\SYSWOW64\WCN
2018-04-01 08:33:04 ----D---- C:\Windows\system32\sysprep
2018-04-01 08:33:04 ----D---- C:\Windows\system32\sl-SI
2018-04-01 08:33:04 ----D---- C:\Windows\system32\oobe
2018-04-01 08:33:04 ----D---- C:\Windows\system32\migwiz
2018-04-01 08:31:21 ----D---- C:\Windows\SYSWOW64\sk-SK
2018-04-01 08:31:19 ----D---- C:\Windows\system32\sk-SK
2018-04-01 08:29:25 ----D---- C:\Windows\SYSWOW64\ro-RO
2018-04-01 08:29:17 ----D---- C:\Windows\system32\ro-RO
2018-04-01 05:38:33 ----D---- C:\Windows\Panther
2018-04-01 05:34:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2018-04-01 05:34:08 ----D---- C:\Program Files (x86)\Common Files
2018-04-01 05:32:02 ----D---- C:\Windows\Help
2018-04-01 05:28:24 ----D---- C:\Program Files\Common Files
2018-04-01 05:04:41 ----D---- C:\Windows\ASUS
2018-04-01 01:52:27 ----D---- C:\Windows\SYSWOW64\XPSViewer
2018-04-01 01:52:27 ----D---- C:\Windows\SYSWOW64\pl-PL
2018-04-01 01:52:27 ----D---- C:\Windows\SYSWOW64\MUI
2018-04-01 01:52:27 ----D---- C:\Windows\SYSWOW64\migration
2018-04-01 01:52:27 ----D---- C:\Windows\SYSWOW64\DriverStore
2018-04-01 01:52:27 ----D---- C:\Windows\SYSWOW64\Dism
2018-04-01 01:52:20 ----D---- C:\Windows\SYSWOW64\com
2018-04-01 01:52:20 ----D---- C:\Windows\IME
2018-04-01 01:52:19 ----D---- C:\Windows\system32\MUI
2018-04-01 01:52:19 ----D---- C:\Windows\system32\migration
2018-04-01 01:52:19 ----D---- C:\Windows\system32\Boot
2018-04-01 01:52:18 ----D---- C:\Windows\system32\pl-PL
2018-04-01 01:52:10 ----D---- C:\Windows\system32\com
2018-04-01 01:52:10 ----D---- C:\Windows\AppPatch
2018-04-01 01:51:56 ----D---- C:\Windows\SYSWOW64\hu-HU
2018-04-01 01:51:47 ----D---- C:\Windows\system32\hu-HU
2018-04-01 01:51:38 ----D---- C:\Windows\SYSWOW64\lv-LV
2018-04-01 01:51:36 ----D---- C:\Windows\system32\lv-LV
2018-04-01 01:51:28 ----D---- C:\Windows\SYSWOW64\lt-LT
2018-04-01 01:51:23 ----D---- C:\Windows\system32\lt-LT
2018-04-01 01:51:11 ----D---- C:\Windows\SYSWOW64\hr-HR
2018-04-01 01:51:09 ----D---- C:\Windows\system32\hr-HR
2018-04-01 01:50:57 ----D---- C:\Windows\SYSWOW64\et-EE
2018-04-01 01:50:55 ----D---- C:\Windows\system32\et-EE
2018-04-01 01:50:45 ----D---- C:\Windows\SYSWOW64\bg-BG
2018-04-01 01:50:43 ----D---- C:\Windows\system32\bg-BG
2018-04-01 01:32:50 ----D---- C:\Program Files\DVD Maker
2018-04-01 01:29:41 ----D---- C:\Windows\system32\restore
2018-03-31 21:20:28 ----D---- C:\Windows\Logs
2018-03-31 21:01:12 ----D---- C:\Windows\system32\zh-TW
2018-03-31 21:01:12 ----D---- C:\Windows\system32\zh-CN
2018-03-31 21:01:12 ----D---- C:\Windows\system32\tr-TR
2018-03-31 21:01:12 ----D---- C:\Windows\system32\sv-SE
2018-03-31 21:01:12 ----D---- C:\Windows\system32\ru-RU
2018-03-31 21:01:12 ----D---- C:\Windows\system32\pt-PT
2018-03-31 21:01:12 ----D---- C:\Windows\system32\nl-NL
2018-03-31 21:01:12 ----D---- C:\Windows\system32\ko-KR
2018-03-31 21:01:11 ----D---- C:\Windows\system32\ja-JP
2018-03-31 21:01:11 ----D---- C:\Windows\system32\it-IT
2018-03-31 21:01:11 ----D---- C:\Windows\system32\fr-FR
2018-03-31 21:01:11 ----D---- C:\Windows\system32\fi-FI
2018-03-31 21:01:11 ----D---- C:\Windows\system32\es-ES
2018-03-31 21:01:11 ----D---- C:\Windows\system32\el-GR
2018-03-31 21:01:11 ----D---- C:\Windows\system32\de-DE
2018-03-31 21:01:11 ----D---- C:\Windows\system32\da-DK
2018-03-31 19:57:12 ----D---- C:\ProgramData\ChangeFolderView
2018-03-31 19:54:39 ----SHD---- C:\$Recycle.Bin
2018-03-31 19:54:32 ----D---- C:\Windows\Log
2018-03-31 19:53:58 ----RD---- C:\Users
2018-03-31 19:53:43 ----SHD---- C:\Recovery
2018-03-31 19:53:36 ----D---- C:\Windows\system32\Recovery

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-12-23 568600]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2014-06-20 786296]
R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2014-06-20 348552]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-06-24 29032]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2012-11-26 2811904]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2012-02-24 80384]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2014-06-20 72128]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-02-22 14692224]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-02-20 331264]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-03 62784]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2014-06-20 181704]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2014-06-20 313544]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2014-06-20 523792]
R3 mfencbdc;McAfee Inc. mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [2014-08-20 445512]
R3 mfesapsn;McAfee Process Start Notification Service; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2016-06-06 46240]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-02-24 552960]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-14 48488]
S3 HipShieldK;McAfee Inc. HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [2013-09-23 197704]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 mfencrk;McAfee Inc. mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [2014-08-20 96592]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 HomeNetSvc;McAfee Home Network; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-06-27 129856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-17 277824]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2016-10-03 166152]
R2 McAPExe;McAfee AP Service; C:\Program Files\McAfee\MSC\McAPExe.exe [2014-04-25 178528]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]
R2 mcpltsvc;McAfee Platform Services; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]
R2 mfecore;McAfee Anti-Malware Core; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-08-20 1041192]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2014-06-20 219752]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [2014-06-20 189912]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-06-24 890216]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-24 2458984]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096]
S2 0179411522779933mcinstcleanup;McAfee Application Installer Cleanup (0179411522779933); C:\Windows\TEMP\017941~1.EXE [2018-04-03 1031928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
S2 McOobeSv;McAfee OOBE Service; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE []
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-02-22 276248]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-05-14 1492840]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
S3 McAWFwk;McAfee Activation Service; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
S3 McODS;McAfee Scanner; C:\Program Files\mcafee\VirusScan\mcods.exe [2014-10-08 603424]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-03-23 194512]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118198
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu

#7 Příspěvek od Rudy »

OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

aktij
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 186
Registrován: 25 lis 2007 09:17
Bydliště: Praha

Re: Prosím o kontrolu

#8 Příspěvek od aktij »

No, je to trochu lepší, ale vzhledem k tomu, že tu nemám nic, tak se načítají stránky trochu pomaleji ...

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118198
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu

#9 Příspěvek od Rudy »

Zkusíme ještě vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/ .
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

a

2. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize



autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

aktij
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 186
Registrován: 25 lis 2007 09:17
Bydliště: Praha

Re: Prosím o kontrolu

#10 Příspěvek od aktij »

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Sara (Administrator) on Łt 03.04.2018 at 22:01:00,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Windows\system32\Tasks\DriverDR Scheduled Scan (Task)
Successfully deleted: C:\Windows\Tasks\DriverDR Scheduled Scan.job (Task)
Successfully deleted: C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B3XKE81 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2J4TJNC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIFMOBAW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B3XKE81 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2J4TJNC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIFMOBAW (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0179411522779933mcinstcleanup (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 03.04.2018 at 22:04:09,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

aktij
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 186
Registrován: 25 lis 2007 09:17
Bydliště: Praha

Re: Prosím o kontrolu

#11 Příspěvek od aktij »

Zoek.exe v5.0.0.2 Updated 29-March-2018(online version)
Tool run by Sara on Łt 03.04.2018 at 22:07:26,24.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sara\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3.4.2018 22:09:46 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3555903808-2307568763-4169163906-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_USERS\S-1-5-21-3555903808-2307568763-4169163906-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_USERS\S-1-5-21-3555903808-2307568763-4169163906-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-3555903808-2307568763-4169163906-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

==== Deleting CLSID Registry Values ======================


==== FireFox Fix ======================

Deleted from C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\2mtoz2pc.default\prefs.js:

Added to C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\2mtoz2pc.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\2mtoz2pc.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi" [09.02.2018 11:15]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi" [09.02.2018 11:15]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Sara\AppData\Local\Mozilla\Firefox\Profiles\2mtoz2pc.default\cache2 emptied successfully
C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\2mtoz2pc.default\storage\default\https+++www.facebook.com\cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Sara\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118198
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu

#12 Příspěvek od Rudy »

Změnilo se něco nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

aktij
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 186
Registrován: 25 lis 2007 09:17
Bydliště: Praha

Re: Prosím o kontrolu

#13 Příspěvek od aktij »

Zdravím,
teď jsem akorát 2 hodiny šílela, protože se údajně nepodařilo nakonfigurovat hafo win aktualizací (cca 180), které se mi včera při zavírání NTB natahovaly a probíhalo vracení .... :( :(

už jsem ani nedoufala, že se NTB spustí. Nakonec ano :)

Zdá se mi, že už je to mnohem lepší. Jen nevím, zda to s něčím souvisí - při psaní mi přesmkakuje kurzor a vlítne mi zpět mezi již napsaná slova, takže musím psát pomalu písmenko po písmenku a sledovat, zda zase někam neskočím zpátky a tudíž zda nepíšu hausnumera. :?:

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118198
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu

#14 Příspěvek od Rudy »

Čištění prohlížečů nemá nic společného s přeskakováním kurzoru. To se projevilo kdy?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

aktij
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 186
Registrován: 25 lis 2007 09:17
Bydliště: Praha

Re: Prosím o kontrolu

#15 Příspěvek od aktij »

Promiňte mou nevědomost :88:
Asi tak je to cca týden ... :?:

Zamčeno