Hijacker - zmena nastavenej domovskej strany

[Zolo]

Dobrý deň. Prosím Vás o pomoc o odstránenie Hijackeru, ktorý sposobuje zmenu nastavenej domovskej strany v IE a vo Firefoxu. PC som preskenoval programu Malwarebytes Anti-Malware ale nič nenašlo.

Log RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by PC at 2016-02-17 08:05:12
Microsoft Windows 8.1
System drive C: has 22 GB (30%) free of 75 GB
Total RAM: 7647 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:05:21, on 17. 2. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 210.249.144.166 we9stun.winning-eleven.net
O1 - Hosts: 217.112.88.118 pes6gate-ec.winning-eleven.net
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: wandoujia_helper.lnk = C:\Users\PC\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager v6.17.1 Final\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager v6.17.1 Final\IEExt.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10424 bytes

======Listing Processes======




c:\PROGRA~2\AVG\Av\avgrsa.exe /boot
C:\Program Files (x86)\AVG\Av\avgcsrva.exe /pipeName=44800c66-0200-0000-28c2-e11ebce49e68 /binaryPath="C:\Program Files (x86)\AVG\Av\\"

wininit.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\AVG\Av\avgfws.exe"

"C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe"
"C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe"
"C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"
"C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe"
"C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe"
"C:\Program Files (x86)\AVG\Av\avgnsa.exe"
"C:\Program Files (x86)\AVG\Av\avgemca.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
dashost.exe {0954c294-2e2d-432e-bb27622571990478}
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files (x86)\Stardock\Start8\Start8_64.exe" START
atieclxx
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
taskhostex.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
/fmw.trayonly
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
taskhost.exe $(Arg0)
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "http://esurf.biz/?ssid=1455633934&a=102 ... db81f37878"
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe41_ Global\UsGthrCtrlFltPipeMssGthrPipe41 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 576 580 588 65536 584
"d:\Users\PC\Desktop\SŤAHOVANIE\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\0415aviUpdateInfo.job - C:\ProgramData\Avg_Update_0415avi\0415avi_AVG-Secure-Search-Update.exe /SETINFO /CMPID=0415avi /INFORETRY=3
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\BGMTQ.job - C:\Users\PC\AppData\Roaming\BGMTQ.exe /infocmdline=b4RkOMZGNwmGueZkSZlfNWddAYnG54IZvGfkrmfSuUgfQMiX0G4gGarEyWnyF6vTii6i4EAQIQ1UsZiDDr3O3RT6U7JJE8TBB8SqwbllofBlJKlXxw7FNS7Ae3FYhb00TGOj+1wYwQOFTIXtv7kN9NSamUE3hNVLQAxK/4UYtTRWaNO1Pltyo0Lw4elWs/JG8Cx9qyN89xWysTogjKw4H4FLMc/Gi3jvfsuU8aXsjOaPAk1TFwpt/qj7PXoMT5sl1oqpIu5weTqfEC+jc7aPqEo7KIqff8HHxm5e+ujlWeObrZKdeEiWl/w7THIRnUOYYN+4asmJ5+CB+yp1i1Q3ohfWve6bo+qdYRlgx5QP0OXb1XAYADmaVHlH9YbfrFdUR7Snbh1dx6SQxYS1/FNcz04pQw8NG4HUNM2V/8XZOJKmEshir2QBlwybaKqXggvICqtU2J22xhHEgSe20V5yYeKyd0owevsyYIH69I4mKlJOLLWYFf+3Ooa3xpoPmWio
C:\WINDOWS\tasks\BPTOO.job - C:\Users\PC\AppData\Roaming\BPTOO.exe /infocmdline=B/kjeq1UStpPF2mogYsVJQNyRKLmQ8ohuGBV+ejoV6McfdBSzXmM2S5IdJiaJGF/w6YWUVudaWTLuudPCPU0qMk7lK6maDeEJw0S/ADzS7hbcAjwvJc1q7BuWL9gwX/I9X8Wpr7R2X8ilpsk25ev0iDK/dJmaNlUJvfrTZQKCRe7nG+o55aUEug5ZlYTbo3UmviL2L4i4jBqaP6EABTlxGt9UJgbZfh86C9erucKucsjxdnj5qzpWjcXTUpDd4w2/GRtZNtekwQBWS0oXGrYMn7b4JhQL5CBvJwoq7DM+sEAxIwX8Hj0+l0TMH3vx4jeqhyCdW92DRsnQq/3VYLMSwk+6j3i8Pz3LXRMxWkiHjT7YuK/4S7MZW6VTIeua62/Rlz8QBLOj7KGnxSvP0Y2SkricTcj+N+2W/HQZcYA8kfSN9GD88exjlx0Dy6IuIShaa8f58FT7Uttosjakbf2S1CNwSKNvIfpIZo+eotEZVXwsU9M6tZ1V+VGpFRUFgVx
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\HCN.job - C:\Users\PC\AppData\Roaming\HCN.exe /infocmdline=ORC/Kvp+pfCZrMQd9yfwcMSFI1cl1TkRFcNHPo8FP/F7Cr2qWcuK5qZT0Pe0ocgQd/FP5/o2153NucKUWahU5xGicgYupcVrjr4r5fZ64MysWhqeaSBezvUdYur9KliIL+/lZFLvwFlQSYMvcJi0XvL0qTxDxLVhsZIJ1YUtAAuprT/IN3Dj/GkIQjPl1qoMCEHofn5QGE6iw5oa7nfLoIUCnWE9J9CI/1EXaHUxwN94QjmzpWnIt340mQWGoFJPX3LkgV3PW2FuriH5fxg0k6L6+EqdPJ5KoL7Zx9VXHu0AsGsA+M3AVUoqpnsMlO2nVsXnSSn5aMhPKoWOYIAVRBSHZysHY0yGaAh2ruXahF+y3wEZ6wG9ahxI/vN++rAtdnmzr1wfY4hgNnNsubJd/ByJu248ch8BG2m7kNSgCFDEDgtVqXzOCP/De36oDliRPGuWWtaJ9DEgKxrdcbbnNR77Ce+cr8pcrFEvLLcSQxe8F44pOpcHXdve8aTODZdb
C:\WINDOWS\tasks\UTUI.job - C:\Users\PC\AppData\Roaming\UTUI.exe /infocmdline=jVFzwIaqedczK9jG7ApmeZp4uDke9FmZ2I2LcPIwUYscrHThivJ+l3US6xnEvB/EEOBhw0mEzmuncnD/afSLUfZNGsprK5MJYxTwAIV0RQLuvpWXoGsxYnD8d7VVue4rVwRtzcXDuhXFAcjOlz88rhjP3Z+EA4nTHnhVgnUZaMVkW9E0mrb5OsFY21nU7ac8BPofHc8hXJ1uQCkV1Qp4H7UtWax+yCT514JASEB1kUqG0kxFBpRIulluoJtXNFADcvmEQTuwTTvJ3iL2zUBJz0kZvMd6kzHcBrhJOLQHediGGz2/s+fDoLLi5hKw++tIFl/Qz451PxTG4knUkVZDYZ/K3JEVJtrAXoaO4mSW4d/speTKVFEQfIdBMtvvFPznQHl3JC8hwnPIrpeCqAlW98fuuaJjSlQ7R9V2+5hstuegZax3Ip9gvxPZ9JSF/ah6r1VAt5GgKysNP1cUJjvp2Hnvw9sR7v5aBOlPeuls3w5LLzUFxj/N+Uu50iLJrEN6

=========Mozilla firefox=========

ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\418m5zy5.default-1376846910790

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://atlas.centrum.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.0]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL


C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll

C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\418m5zy5.default-1376846910790\extensions\
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-02-10 16408320]
"LogMeIn GUI"=C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [2011-09-16 57928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2012-06-28 74752]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-07-04 766688]
"AvgUi"=C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [2016-01-12 179624]
"AVG_UI"=C:\Program Files (x86)\AVG\Av\avuirunnerx.exe [2016-02-01 25512]

C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
wandoujia_helper.lnk - C:\Users\PC\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StartMenuService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\str]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-02-17 08:05:13 ----D---- C:\Program Files\trend micro
2016-02-17 08:05:12 ----D---- C:\rsit
2016-02-10 21:29:50 ----D---- C:\WINDOWS\LastGood.Tmp
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\SRSWOW64.dll
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\SRSTSX64.dll
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\SRSTSH64.dll
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\SRSHP64.dll
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\RtPgEx64.dll
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\RtlCPAPI64.dll
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\drivers\RTKVHD64.sys
2016-02-10 21:29:31 ----A---- C:\WINDOWS\SYSWOW64\MBAPO32.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RtkCoLDR64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RtkCfg64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RtkApi64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RTEEP64A.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RTEEL64A.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RTEEG64A.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RTEED64A.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RtDataProc64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RTCOM64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RP3DHT64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RP3DAA64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RltkAPO64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RCoInstII64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\MBWrp64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\MBppld64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\MBPPCn64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\MBAPO64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\drivers\RTAIODAT.DAT
2016-02-10 21:29:30 ----A---- C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-02-10 21:29:30 ----A---- C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-02-10 21:29:29 ----A---- C:\WINDOWS\system32\FMAPO64.dll
2016-02-10 21:29:29 ----A---- C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-02-10 21:29:29 ----A---- C:\WINDOWS\system32\AERTAR64.dll
2016-02-10 21:29:29 ----A---- C:\WINDOWS\system32\AERTAC64.dll
2016-02-10 19:54:26 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-02-10 19:54:25 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-02-10 19:54:25 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2016-02-10 19:54:25 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-02-10 19:54:25 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-02-10 19:54:24 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-02-10 19:54:24 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-02-10 19:54:23 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-02-10 19:49:08 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\SYSWOW64\mtxoci.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\SYSWOW64\msorcl32.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\SYSWOW64\EncDec.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\SYSWOW64\cfgbkend.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\system32\mtxoci.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\system32\EncDec.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\system32\CPFilters.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2016-02-10 19:48:51 ----A---- C:\WINDOWS\system32\glcndFilter.dll
2016-02-10 19:48:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2016-02-10 19:48:50 ----A---- C:\WINDOWS\SYSWOW64\glcndFilter.dll
2016-02-10 19:48:50 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-10 19:48:27 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2016-02-10 19:48:27 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-02-10 19:48:27 ----A---- C:\WINDOWS\system32\kerberos.dll
2016-02-10 19:48:27 ----A---- C:\WINDOWS\system32\drivers\mrxsmb20.sys
2016-02-10 19:48:27 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys
2016-02-10 19:48:27 ----A---- C:\WINDOWS\system32\certcli.dll
2016-02-10 19:48:23 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2016-02-10 19:48:23 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2016-02-10 19:48:23 ----A---- C:\WINDOWS\system32\msv1_0.dll
2016-02-10 19:48:23 ----A---- C:\WINDOWS\system32\dpapisrv.dll
2016-02-10 19:48:18 ----A---- C:\WINDOWS\system32\win32k.sys
2016-02-10 19:47:30 ----A---- C:\WINDOWS\system32\drivers\mrxdav.sys
2016-02-10 19:47:29 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 19:47:28 ----A---- C:\WINDOWS\SYSWOW64\WinTypes.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\SYSWOW64\wincorlib.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\system32\WinTypes.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\system32\ntdll.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\system32\KernelBase.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\system32\combase.dll
2016-02-10 19:47:00 ----A---- C:\WINDOWS\SYSWOW64\WinSync.dll
2016-02-10 19:47:00 ----A---- C:\WINDOWS\system32\WinSync.dll
2016-02-10 19:46:54 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-02-10 19:46:52 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\hlink.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\wininet.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\webcheck.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\vbscript.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\msfeeds.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\jscript.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\inetcomm.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\hlink.dll
2016-02-10 19:46:39 ----A---- C:\WINDOWS\system32\rdpudd.dll
2016-02-10 19:46:39 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2016-02-04 11:37:05 ----A---- C:\WINDOWS\system32\shell32.dll
2016-02-04 11:37:04 ----A---- C:\WINDOWS\system32\twinui.dll
2016-02-04 11:37:03 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2016-02-04 11:37:03 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2016-02-04 11:37:02 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2016-02-04 11:37:02 ----A---- C:\WINDOWS\system32\authui.dll
2016-02-04 11:37:02 ----A---- C:\WINDOWS\system32\actxprxy.dll
2016-02-04 11:36:59 ----A---- C:\WINDOWS\system32\generaltel.dll
2016-02-04 11:36:59 ----A---- C:\WINDOWS\system32\appraiser.dll
2016-02-04 11:36:59 ----A---- C:\WINDOWS\system32\aeinv.dll
2016-02-04 11:36:58 ----A---- C:\WINDOWS\system32\invagent.dll
2016-02-04 11:36:58 ----A---- C:\WINDOWS\system32\devinv.dll
2016-02-04 11:36:58 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2016-02-04 11:36:58 ----A---- C:\WINDOWS\system32\acmigration.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\SYSWOW64\wuwebv.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\SYSWOW64\wudriver.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\SYSWOW64\wuapp.exe
2016-02-04 11:36:56 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wuwebv.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\WUSettingsProvider.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wudriver.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wucltux.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wuaueng.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wuauclt.exe
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wuapp.exe
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wuapi.dll
2016-02-01 15:51:11 ----A---- C:\WINDOWS\SYSWOW64\Windows.Globalization.dll
2016-02-01 15:51:11 ----A---- C:\WINDOWS\system32\Windows.Globalization.dll
2016-01-22 15:15:46 ----A---- C:\WINDOWS\system32\drivers\avgmfx64.sys

======List of files/folders modified in the last 1 month======

2016-02-17 08:05:13 ----RD---- C:\Program Files
2016-02-17 08:04:58 ----D---- C:\WINDOWS\Prefetch
2016-02-17 08:02:00 ----D---- C:\WINDOWS\system32\sru
2016-02-17 08:01:39 ----D---- C:\WINDOWS\Temp
2016-02-17 07:27:44 ----D---- C:\ProgramData\MFAData
2016-02-17 07:21:38 ----D---- C:\ProgramData\LogMeIn
2016-02-16 22:07:15 ----D---- C:\Users\PC\AppData\Roaming\uTorrent
2016-02-16 22:00:17 ----RD---- C:\Program Files (x86)
2016-02-16 21:23:44 ----AD---- C:\ProgramData\Temp
2016-02-16 20:18:49 ----D---- C:\Users\PC\AppData\Roaming\Skype
2016-02-16 19:17:08 ----D---- C:\WINDOWS\system32\config
2016-02-16 19:15:07 ----D---- C:\WINDOWS\system32\DriverStore
2016-02-16 18:33:06 ----SHD---- C:\WINDOWS\Installer
2016-02-16 18:32:55 ----D---- C:\WINDOWS\SysWOW64
2016-02-16 16:34:26 ----D---- C:\WINDOWS\Microsoft.NET
2016-02-16 16:34:21 ----SHD---- C:\System Volume Information
2016-02-16 16:22:02 ----RD---- C:\WINDOWS\System32
2016-02-16 16:22:02 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-16 16:21:35 ----D---- C:\Windows
2016-02-16 15:45:21 ----D---- C:\Users\PC\AppData\Roaming\DAEMON Tools Lite
2016-02-16 14:39:20 ----HD---- C:\WINDOWS\ELAMBKUP
2016-02-16 14:39:20 ----D---- C:\WINDOWS\system32\drivers
2016-02-14 11:55:18 ----RSD---- C:\WINDOWS\assembly
2016-02-14 11:53:37 ----D---- C:\WINDOWS\rescache
2016-02-14 11:46:04 ----D---- C:\WINDOWS\Inf
2016-02-14 11:46:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-13 09:53:16 ----D---- C:\ProgramData\ProductData
2016-02-12 20:21:49 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-02-12 18:14:30 ----D---- C:\Program Files (x86)\Hard Disk Sentinel
2016-02-10 21:29:53 ----D---- C:\WINDOWS\SYSWOW64\RTCOM
2016-02-10 21:29:48 ----D---- C:\WINDOWS\system32\catroot
2016-02-10 21:25:22 ----D---- C:\WINDOWS\WinSxS
2016-02-10 21:21:33 ----D---- C:\Program Files\Windows Journal
2016-02-10 21:21:32 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-02-10 21:21:32 ----D---- C:\WINDOWS\system32\wbem
2016-02-10 21:21:32 ----D---- C:\WINDOWS\system32\cs-CZ
2016-02-10 21:21:32 ----D---- C:\Program Files\Internet Explorer
2016-02-10 21:21:32 ----D---- C:\Program Files (x86)\Internet Explorer
2016-02-10 20:13:39 ----D---- C:\WINDOWS\CbsTemp
2016-02-10 20:13:01 ----D---- C:\ProgramData\Microsoft Help
2016-02-10 20:12:43 ----A---- C:\WINDOWS\win.ini
2016-02-10 20:07:57 ----D---- C:\WINDOWS\system32\MRT
2016-02-10 19:58:34 ----A---- C:\WINDOWS\system32\MRT.exe
2016-02-10 19:56:37 ----D---- C:\WINDOWS\system32\catroot2
2016-02-10 12:59:50 ----HD---- C:\Program Files\WindowsApps
2016-02-10 12:59:50 ----D---- C:\WINDOWS\AppReadiness
2016-02-09 20:30:38 ----D---- C:\Users\PC\AppData\Roaming\vlc
2016-02-09 09:04:46 ----D---- C:\WINDOWS\system32\Tasks
2016-02-07 16:54:09 ----RD---- C:\WINDOWS\ToastData
2016-02-07 16:53:22 ----RSD---- C:\WINDOWS\Fonts
2016-02-04 11:38:08 ----D---- C:\WINDOWS\system32\appraiser
2016-02-04 11:38:07 ----D---- C:\WINDOWS\apppatch
2016-02-02 15:34:01 ----D---- C:\WINDOWS\Tasks
2016-02-02 03:37:41 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2016-02-01 15:44:23 ----D---- C:\Users\PC\AppData\Roaming\BSplayer Pro
2016-01-26 19:48:02 ----D---- C:\ProgramData\Skype
2016-01-26 11:15:50 ----HD---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide64;amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [2014-05-10 11944]
R0 AVGIDSHA;AVGIDSHA; C:\WINDOWS\system32\DRIVERS\avgidsha.sys [2016-01-08 272304]
R0 Avgloga;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avgloga.sys [2015-08-14 398256]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx64.sys [2016-01-22 260528]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx64.sys [2015-12-04 42416]
R0 Avguniva;AVG Universal Driver; C:\WINDOWS\system32\DRIVERS\avguniva.sys [2016-01-08 23472]
R0 speedfan;speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 AppleCharger;AppleCharger; C:\WINDOWS\system32\DRIVERS\AppleCharger.sys [2012-03-08 22128]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 59728]
R1 Avgdiska;AVG Disk Driver; C:\WINDOWS\system32\DRIVERS\avgdiska.sys [2015-11-06 184240]
R1 Avgfwfd;@oem80.inf,%AvgfwfdService_Desc%;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwd6a.sys [2015-08-29 97208]
R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdrivera.sys [2016-01-05 315312]
R1 Avgldx64;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx64.sys [2015-10-21 284080]
R1 Avgwfpa;AVG Firewall Driver; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [2015-12-16 315840]
R1 dtsoftbus01;@oem22.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2013-01-23 283200]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [2015-01-02 26528]
R1 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2011-09-16 11552]
R2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2013-09-20 59648]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2013-05-27 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2011-09-16 72216]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-11-13 21516800]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-11-13 483840]
R3 AtiHDAudioService;@oem159.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWB6.sys [2015-08-06 102912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2016-02-10 4705536]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2015-10-05 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2016-02-17 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2015-10-05 64216]
R3 RTL8168;@oem160.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2015-12-03 935168]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2012-06-18 57000]
S0 Avgboota;AVG Early Launch Anti-Malware Driver; C:\WINDOWS\system32\DRIVERS\avgboota.sys [2016-01-07 21632]
S3 dg_ssudbus;@oem1.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2014-05-17 25640]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2014-05-17 25640]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2014-05-17 30528]
S3 HTCAND64;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2013-01-24 82816]
S3 pwdrvio;pwdrvio; \??\C:\WINDOWS\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\WINDOWS\syswow64\pwdspio.sys []
S3 ssudmdm;@oem2.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2015-11-13 296448]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-07-04 344064]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\Av\avgfws.exe [2016-02-01 1580352]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2016-02-01 3881184]
R2 avgsvc;AVG Service; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-01-12 1048488]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2016-02-01 561104]
R2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-08-01 2909472]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2015-12-09 417288]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2015-12-09 507400]
R2 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2011-09-16 407424]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
R2 Start8;Stardock Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2014-06-12 143288]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-11 107848]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09 269504]
S3 AppleChargerSrv;AppleChargerSrv; C:\WINDOWS\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AvgAMPS;AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [2016-02-01 604144]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-11 107848]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-02-12 146888]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

-----------------EOF-----------------

[JaRon]

ahoj
toto:
O1 - Hosts: 210.249.144.166 we9stun.winning-eleven.net
O1 - Hosts: 217.112.88.118 pes6gate-ec.winning-eleven.net
tam mas umyselne
+
odinstaluj vsetko od IOBit

[Zolo]

Zdravím a vďaka za odpoveď.
Program od IOBit odinštalovaný a tie 01 - Hosts neviem načo sú.
Na doplnenie:
Nastavené domovské stránky (v IE: www.seznam.cz a vo Firefoxu: www.atlas.cz) po ich otvorení sa menia na http://esurf.biz/?ssid=1455633934&a=102 ... db81f37878. A teraz sa už začínajú vyskakovať rozličné stránky, ktoré ani nechcem otvoriť.

[JaRon]

pouzi navod kolegu - oba kroky http://forum.viry.cz/viewtopic.php?f=13 ... e#p1436908

[Zolo]

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by PC on st 17. 02. 2016 at 9:55:18,04.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: d:\Users\PC\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

17. 2. 2016 9:56:03 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\AVAST Software deleted successfully
C:\PROGRA~3\HTC deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\Users\PC\AppData\Roaming\EurekaLog deleted successfully
C:\Users\PC\AppData\Roaming\HTC deleted successfully
C:\Users\PC\AppData\Roaming\Mediatronic deleted successfully
C:\Users\PC\AppData\Roaming\PhotoScape deleted successfully
C:\Users\PC\AppData\Local\cache deleted successfully
C:\Users\PC\AppData\Local\CRE deleted successfully
C:\Users\PC\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\PC\AppData\Local\EmieSiteList deleted successfully
C:\Users\PC\AppData\Local\EmieUserList deleted successfully
C:\Users\PC\AppData\Local\GHISLER deleted successfully
C:\Users\PC\AppData\Local\MediaShow deleted successfully
C:\Users\PC\AppData\Local\Skype deleted successfully
C:\Users\PC\AppData\Local\StartIsBack deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3425968361-187619154-1894566756-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} deleted successfully
HKEY_USERS\S-1-5-21-3425968361-187619154-1894566756-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully
HKEY_USERS\S-1-5-21-3425968361-187619154-1894566756-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34BCAE2A-9EF-4EF1-8F56-CE1EE87A4642} deleted successfully
HKEY_USERS\S-1-5-21-3425968361-187619154-1894566756-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{523B87DD-F153-4CA5-98D0-C204A5E17DB} deleted successfully
HKEY_USERS\S-1-5-21-3425968361-187619154-1894566756-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A6F8F31-778D-4ED4-AEA2-C3726C5A78F9} deleted successfully
HKEY_USERS\S-1-5-21-3425968361-187619154-1894566756-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67737c48-786b-4e24-9eb4-0504b92ec3c1} deleted successfully
HKEY_USERS\S-1-5-21-3425968361-187619154-1894566756-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFFE4FBE-F955-4DA7-BB5B-B9E03CD6E732} deleted successfully
HKEY_USERS\S-1-5-21-3425968361-187619154-1894566756-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D924AD34-1A5C-46EB-8B80-25D2304AE4E} deleted successfully
HKEY_USERS\S-1-5-21-3425968361-187619154-1894566756-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully
HKEY_USERS\S-1-5-21-3425968361-187619154-1894566756-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e594ab1c-66de-43cf-8239-39e2645b5d37} deleted successfully
HKEY_USERS\S-1-5-21-3425968361-187619154-1894566756-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF40B900-AA3-45B9-AD9F-3B89EEFF6C6} deleted successfully
HKEY_USERS\S-1-5-21-3425968361-187619154-1894566756-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF478A54-2218-49DA-BC51-9BA949EC03D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67737c48-786b-4e24-9eb4-0504b92ec3c1} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e594ab1c-66de-43cf-8239-39e2645b5d37} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3425968361-187619154-1894566756-1001\Software\Mozilla\Firefox\Extensions\mozilla_cc@internetdownloadmanager.com deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\418m5zy5.default-1376846910790\prefs.js:
user_pref("browser.startup.homepage", "http://atlas.centrum.cz/");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\418m5zy5.default-1376846910790\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\418m5zy5.default-1376846910790

user.js not found
---- Lines illoxum removed from prefs.js ----
user_pref("extensions.illoxum.aul", "1396428279234");
user_pref("extensions.illoxum.irl", true);
user_pref("extensions.illoxum.is", "mgp1ixcz");
user_pref("extensions.illoxum.ug", "9B68743E-07B9-4796-A414-E28BD55E0D11");
---- Lines aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311 removed from prefs.js ----
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.comaa338c5448f
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.comaa338c5448f
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.comasyncdb_dbW
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.comasyncdb_dbW
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.comasyncintern
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.comasyncintern
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.active", true);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.addressbar", "NA");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.addressbarenhanced", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.asyncdb.was_copied", "true");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.asyncinternaldb.was_copied", "true");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.backgroundver", 2);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.certdomaininstaller", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.au.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.au.value", "%222014-9-13%22");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.cnt.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.cnt.value", "%22CZ%22");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.first_run.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.first_run.value", "%221%22");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.install.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100")
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.install.value", "%222014-9-11%22");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 G
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.InstallationTime.value", "%221410437605%22");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GM
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001823%2
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.testingGaq.expiration", "Fri Feb 01 2030 00:00:00 GMT+010
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.testingGaq.value", "%22http%3A//extclickmedia-maynemyltf.
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.description", "The must-have App extensions for Television fans
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.domain", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.enablesearch", false);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.homepage", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.changeprevious", false);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.iframe", false);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.InstallationThankYouPage", true);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.InstallationTime", 1410437605);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.__defualt_browser__.value", "%22ie%22");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb._installer_additional_info.expiration", "Fri Feb 01 2
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%220018
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%2
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 0
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installe
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin__disable_bi_pixel_.expiration", "
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin__disable_bi_pixel_.value", "true"
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_last_executable_request.expiratio
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_last_executable_request.value", "
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_regBundledWithSoftware.expiration
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_regBundledWithSoftware.value", "%
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_appVer.value", "58");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 0
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_nextCheck.expiration", "Sat Sep 13 2014 15:
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.lastDailyReport", "1410594835937");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.lastUpdate", "1410594835618");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.manifesturl", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.name", "TheTorntvs V10 1.1");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.newtab", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.opensearch", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.pluginsurl", "http://js.newclientgenservice.com/plugin/apps/6331
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.pluginsversion", 53);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.publisher", "Joseph CM");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.searchstatus", 0);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.setnewtab", false);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.thankyou", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.updateinterval", 360);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.ver", 58);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.apps", "63311");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.bic", "14864a393a60fb140411a4579ff59177");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.cid", 63311);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.firstrun", false);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.hadappinstalled", true);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.installationdate", 1410437715);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.installerAdditionalInfo", "{\"asw\":[67108865, -2080374779, 0],\"brows
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.modetype", "production");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.reportInstall", true);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.statsDailyCounter", 5);
---- Lines searchengine removed from prefs.js ----
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "obw");
user_pref("browser.search.searchengine.uid", "WDCXWD10EZEX-00ZF5A0_WD-WMC1S171717217172");
---- Lines Sweet removed from prefs.js ----
user_pref("extensions.JRwMvqHpJJJT6ZDd.url", "http://veterances.org/sync2/?q=hfZ9ofV9 ... IC7n0rjkEr
---- Lines extensions.4xcIXnoql33LN6mc removed from prefs.js ----
user_pref("extensions.4xcIXnoql33LN6mc.epoch", "1420296029");
user_pref("extensions.4xcIXnoql33LN6mc.url", "http://firsttshare.us/sync2/?q=hfZ9oflK ... 9rjgFrihIC
---- Lines extensions.JRwMvqHpJJJT6ZDd removed from prefs.js ----
user_pref("extensions.JRwMvqHpJJJT6ZDd.epoch", "1420296029");
---- FireFox user.js and prefs.js backups ----

prefs_201617.02._1015_.backup



Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 x64
Ran by PC (Administrator) on st 17. 02. 2016 at 11:20:13,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 17. 02. 2016 at 11:22:44,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[JaRon]

napis, ci su este nejake problemy ? prip. vloz aktualny log RSIT

[Zolo]

Problémy pokračujú, otvára sa stránka esurf.biz, vyskakujú nevyžiadane stránky. Momentálne spustený program ESET Online Scanner.
Nový RSIT log

Logfile of random's system information tool 1.10 (written by random/random)
Run by PC at 2016-02-17 12:37:58
Microsoft Windows 8.1
System drive C: has 22 GB (30%) free of 75 GB
Total RAM: 7647 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:03, on 17. 2. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\trend micro\PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager v6.17.1 Final\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager v6.17.1 Final\IEExt.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - Unknown owner - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10125 bytes

======Listing Processes======




c:\PROGRA~2\AVG\Av\avgrsa.exe /boot
C:\Program Files (x86)\AVG\Av\avgcsrva.exe /pipeName=44800c66-0200-0000-6b6e-b90370ffed02 /binaryPath="C:\Program Files (x86)\AVG\Av\\"

wininit.exe

winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\AVG\Av\avgfws.exe"

"C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe"
"C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe"
"C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe"
"C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe"
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe"
"C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
"C:\Program Files (x86)\AVG\Av\avgnsa.exe"
"C:\Program Files (x86)\AVG\Av\avgemca.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
dashost.exe {44d16047-89e7-49c2-8c468ad6fd141c6b}
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "http://esurf.biz/?ssid=1455633934&a=102 ... db81f37878"
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe" lng=1029
"C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe" "/base-dir=C:\Program Files (x86)\ESET\ESET Online Scanner" /lang=1029 /as
\??\C:\WINDOWS\system32\conhost.exe 0x4

taskeng.exe {A0D6398F-9336-425F-99AB-8B9822876DFC}
"d:\Users\PC\Desktop\SŤAHOVANIE\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\BGMTQ.job - C:\Users\PC\AppData\Roaming\BGMTQ.exe /infocmdline=b4RkOMZGNwmGueZkSZlfNWddAYnG54IZvGfkrmfSuUgfQMiX0G4gGarEyWnyF6vTii6i4EAQIQ1UsZiDDr3O3RT6U7JJE8TBB8SqwbllofBlJKlXxw7FNS7Ae3FYhb00TGOj+1wYwQOFTIXtv7kN9NSamUE3hNVLQAxK/4UYtTRWaNO1Pltyo0Lw4elWs/JG8Cx9qyN89xWysTogjKw4H4FLMc/Gi3jvfsuU8aXsjOaPAk1TFwpt/qj7PXoMT5sl1oqpIu5weTqfEC+jc7aPqEo7KIqff8HHxm5e+ujlWeObrZKdeEiWl/w7THIRnUOYYN+4asmJ5+CB+yp1i1Q3ohfWve6bo+qdYRlgx5QP0OXb1XAYADmaVHlH9YbfrFdUR7Snbh1dx6SQxYS1/FNcz04pQw8NG4HUNM2V/8XZOJKmEshir2QBlwybaKqXggvICqtU2J22xhHEgSe20V5yYeKyd0owevsyYIH69I4mKlJOLLWYFf+3Ooa3xpoPmWio
C:\WINDOWS\tasks\BPTOO.job - C:\Users\PC\AppData\Roaming\BPTOO.exe /infocmdline=B/kjeq1UStpPF2mogYsVJQNyRKLmQ8ohuGBV+ejoV6McfdBSzXmM2S5IdJiaJGF/w6YWUVudaWTLuudPCPU0qMk7lK6maDeEJw0S/ADzS7hbcAjwvJc1q7BuWL9gwX/I9X8Wpr7R2X8ilpsk25ev0iDK/dJmaNlUJvfrTZQKCRe7nG+o55aUEug5ZlYTbo3UmviL2L4i4jBqaP6EABTlxGt9UJgbZfh86C9erucKucsjxdnj5qzpWjcXTUpDd4w2/GRtZNtekwQBWS0oXGrYMn7b4JhQL5CBvJwoq7DM+sEAxIwX8Hj0+l0TMH3vx4jeqhyCdW92DRsnQq/3VYLMSwk+6j3i8Pz3LXRMxWkiHjT7YuK/4S7MZW6VTIeua62/Rlz8QBLOj7KGnxSvP0Y2SkricTcj+N+2W/HQZcYA8kfSN9GD88exjlx0Dy6IuIShaa8f58FT7Uttosjakbf2S1CNwSKNvIfpIZo+eotEZVXwsU9M6tZ1V+VGpFRUFgVx
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\HCN.job - C:\Users\PC\AppData\Roaming\HCN.exe /infocmdline=ORC/Kvp+pfCZrMQd9yfwcMSFI1cl1TkRFcNHPo8FP/F7Cr2qWcuK5qZT0Pe0ocgQd/FP5/o2153NucKUWahU5xGicgYupcVrjr4r5fZ64MysWhqeaSBezvUdYur9KliIL+/lZFLvwFlQSYMvcJi0XvL0qTxDxLVhsZIJ1YUtAAuprT/IN3Dj/GkIQjPl1qoMCEHofn5QGE6iw5oa7nfLoIUCnWE9J9CI/1EXaHUxwN94QjmzpWnIt340mQWGoFJPX3LkgV3PW2FuriH5fxg0k6L6+EqdPJ5KoL7Zx9VXHu0AsGsA+M3AVUoqpnsMlO2nVsXnSSn5aMhPKoWOYIAVRBSHZysHY0yGaAh2ruXahF+y3wEZ6wG9ahxI/vN++rAtdnmzr1wfY4hgNnNsubJd/ByJu248ch8BG2m7kNSgCFDEDgtVqXzOCP/De36oDliRPGuWWtaJ9DEgKxrdcbbnNR77Ce+cr8pcrFEvLLcSQxe8F44pOpcHXdve8aTODZdb
C:\WINDOWS\tasks\UTUI.job - C:\Users\PC\AppData\Roaming\UTUI.exe /infocmdline=jVFzwIaqedczK9jG7ApmeZp4uDke9FmZ2I2LcPIwUYscrHThivJ+l3US6xnEvB/EEOBhw0mEzmuncnD/afSLUfZNGsprK5MJYxTwAIV0RQLuvpWXoGsxYnD8d7VVue4rVwRtzcXDuhXFAcjOlz88rhjP3Z+EA4nTHnhVgnUZaMVkW9E0mrb5OsFY21nU7ac8BPofHc8hXJ1uQCkV1Qp4H7UtWax+yCT514JASEB1kUqG0kxFBpRIulluoJtXNFADcvmEQTuwTTvJ3iL2zUBJz0kZvMd6kzHcBrhJOLQHediGGz2/s+fDoLLi5hKw++tIFl/Qz451PxTG4knUkVZDYZ/K3JEVJtrAXoaO4mSW4d/speTKVFEQfIdBMtvvFPznQHl3JC8hwnPIrpeCqAlW98fuuaJjSlQ7R9V2+5hstuegZax3Ip9gvxPZ9JSF/ah6r1VAt5GgKysNP1cUJjvp2Hnvw9sR7v5aBOlPeuls3w5LLzUFxj/N+Uu50iLJrEN6

=========Mozilla firefox=========

ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\418m5zy5.default-1376846910790

prefs.js - "browser.startup.homepage" - "http://atlas.centrum.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.0]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL


C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll

C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\418m5zy5.default-1376846910790\extensions\
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-02-10 16408320]
"LogMeIn GUI"=C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [2011-09-16 57928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2012-06-28 74752]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-07-04 766688]
"AvgUi"=C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [2016-01-12 179624]
"AVG_UI"=C:\Program Files (x86)\AVG\Av\avuirunnerx.exe [2016-02-01 25512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StartMenuService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\str]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-02-17 11:56:46 ----D---- C:\Program Files (x86)\ESET
2016-02-17 10:54:33 ----SHD---- C:\$RECYCLE.BIN
2016-02-17 09:55:00 ----D---- C:\zoek_backup
2016-02-17 08:05:13 ----D---- C:\Program Files\trend micro
2016-02-17 08:05:12 ----D---- C:\rsit
2016-02-10 21:29:50 ----D---- C:\WINDOWS\LastGood.Tmp
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\SRSWOW64.dll
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\SRSTSX64.dll
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\SRSTSH64.dll
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\SRSHP64.dll
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\RtPgEx64.dll
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\RtlCPAPI64.dll
2016-02-10 21:29:32 ----A---- C:\WINDOWS\system32\drivers\RTKVHD64.sys
2016-02-10 21:29:31 ----A---- C:\WINDOWS\SYSWOW64\MBAPO32.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RtkCoLDR64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RtkCfg64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RtkApi64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RTEEP64A.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RTEEL64A.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RTEEG64A.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RTEED64A.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RtDataProc64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RTCOM64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RP3DHT64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RP3DAA64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RltkAPO64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\RCoInstII64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\MBWrp64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\MBppld64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\MBPPCn64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\MBAPO64.dll
2016-02-10 21:29:31 ----A---- C:\WINDOWS\system32\drivers\RTAIODAT.DAT
2016-02-10 21:29:30 ----A---- C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-02-10 21:29:30 ----A---- C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-02-10 21:29:29 ----A---- C:\WINDOWS\system32\FMAPO64.dll
2016-02-10 21:29:29 ----A---- C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-02-10 21:29:29 ----A---- C:\WINDOWS\system32\AERTAR64.dll
2016-02-10 21:29:29 ----A---- C:\WINDOWS\system32\AERTAC64.dll
2016-02-10 19:54:26 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-02-10 19:54:25 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-02-10 19:54:25 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2016-02-10 19:54:25 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-02-10 19:54:25 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-02-10 19:54:24 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-02-10 19:54:24 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-02-10 19:54:23 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-02-10 19:49:08 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\SYSWOW64\mtxoci.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\SYSWOW64\msorcl32.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\SYSWOW64\EncDec.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\SYSWOW64\cfgbkend.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\system32\mtxoci.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\system32\EncDec.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\system32\CPFilters.dll
2016-02-10 19:49:04 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2016-02-10 19:48:51 ----A---- C:\WINDOWS\system32\glcndFilter.dll
2016-02-10 19:48:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2016-02-10 19:48:50 ----A---- C:\WINDOWS\SYSWOW64\glcndFilter.dll
2016-02-10 19:48:50 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-10 19:48:27 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2016-02-10 19:48:27 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-02-10 19:48:27 ----A---- C:\WINDOWS\system32\kerberos.dll
2016-02-10 19:48:27 ----A---- C:\WINDOWS\system32\drivers\mrxsmb20.sys
2016-02-10 19:48:27 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys
2016-02-10 19:48:27 ----A---- C:\WINDOWS\system32\certcli.dll
2016-02-10 19:48:23 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2016-02-10 19:48:23 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2016-02-10 19:48:23 ----A---- C:\WINDOWS\system32\msv1_0.dll
2016-02-10 19:48:23 ----A---- C:\WINDOWS\system32\dpapisrv.dll
2016-02-10 19:48:18 ----A---- C:\WINDOWS\system32\win32k.sys
2016-02-10 19:47:30 ----A---- C:\WINDOWS\system32\drivers\mrxdav.sys
2016-02-10 19:47:29 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 19:47:28 ----A---- C:\WINDOWS\SYSWOW64\WinTypes.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\SYSWOW64\wincorlib.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\system32\WinTypes.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\system32\ntdll.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\system32\KernelBase.dll
2016-02-10 19:47:28 ----A---- C:\WINDOWS\system32\combase.dll
2016-02-10 19:47:00 ----A---- C:\WINDOWS\SYSWOW64\WinSync.dll
2016-02-10 19:47:00 ----A---- C:\WINDOWS\system32\WinSync.dll
2016-02-10 19:46:54 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-02-10 19:46:52 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\SYSWOW64\hlink.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\wininet.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\webcheck.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\vbscript.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\msfeeds.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\jscript.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\inetcomm.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2016-02-10 19:46:51 ----A---- C:\WINDOWS\system32\hlink.dll
2016-02-10 19:46:39 ----A---- C:\WINDOWS\system32\rdpudd.dll
2016-02-10 19:46:39 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2016-02-04 11:37:05 ----A---- C:\WINDOWS\system32\shell32.dll
2016-02-04 11:37:04 ----A---- C:\WINDOWS\system32\twinui.dll
2016-02-04 11:37:03 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2016-02-04 11:37:03 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2016-02-04 11:37:02 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2016-02-04 11:37:02 ----A---- C:\WINDOWS\system32\authui.dll
2016-02-04 11:37:02 ----A---- C:\WINDOWS\system32\actxprxy.dll
2016-02-04 11:36:59 ----A---- C:\WINDOWS\system32\generaltel.dll
2016-02-04 11:36:59 ----A---- C:\WINDOWS\system32\appraiser.dll
2016-02-04 11:36:59 ----A---- C:\WINDOWS\system32\aeinv.dll
2016-02-04 11:36:58 ----A---- C:\WINDOWS\system32\invagent.dll
2016-02-04 11:36:58 ----A---- C:\WINDOWS\system32\devinv.dll
2016-02-04 11:36:58 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2016-02-04 11:36:58 ----A---- C:\WINDOWS\system32\acmigration.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\SYSWOW64\wuwebv.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\SYSWOW64\wudriver.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\SYSWOW64\wuapp.exe
2016-02-04 11:36:56 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wuwebv.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\WUSettingsProvider.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wudriver.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wucltux.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wuaueng.dll
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wuauclt.exe
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wuapp.exe
2016-02-04 11:36:56 ----A---- C:\WINDOWS\system32\wuapi.dll
2016-02-01 15:51:11 ----A---- C:\WINDOWS\SYSWOW64\Windows.Globalization.dll
2016-02-01 15:51:11 ----A---- C:\WINDOWS\system32\Windows.Globalization.dll
2016-01-22 15:15:46 ----A---- C:\WINDOWS\system32\drivers\avgmfx64.sys

======List of files/folders modified in the last 1 month======

2016-02-17 12:35:16 ----D---- C:\WINDOWS\Temp
2016-02-17 12:13:58 ----D---- C:\WINDOWS\Prefetch
2016-02-17 12:12:37 ----D---- C:\ProgramData\MFAData
2016-02-17 12:00:02 ----D---- C:\WINDOWS\system32\sru
2016-02-17 11:56:46 ----RD---- C:\Program Files (x86)
2016-02-17 11:21:10 ----SHD---- C:\System Volume Information
2016-02-17 11:02:26 ----D---- C:\WINDOWS\system32\drivers\etc
2016-02-17 11:00:53 ----D---- C:\WINDOWS\SysWOW64
2016-02-17 10:57:35 ----D---- C:\ProgramData\IObit
2016-02-17 10:57:26 ----D---- C:\Users\PC\AppData\Roaming\IObit
2016-02-17 10:57:14 ----D---- C:\WINDOWS\system32\Tasks
2016-02-17 10:39:18 ----D---- C:\WINDOWS\system32\config
2016-02-17 10:15:46 ----HD---- C:\ProgramData
2016-02-17 10:15:46 ----D---- C:\WINDOWS\Tasks
2016-02-17 09:54:07 ----D---- C:\Users\PC\AppData\Roaming\uTorrent
2016-02-17 09:34:08 ----AD---- C:\ProgramData\Temp
2016-02-17 08:05:13 ----RD---- C:\Program Files
2016-02-17 07:21:38 ----D---- C:\ProgramData\LogMeIn
2016-02-16 20:18:49 ----D---- C:\Users\PC\AppData\Roaming\Skype
2016-02-16 19:15:07 ----D---- C:\WINDOWS\system32\DriverStore
2016-02-16 18:33:06 ----SHD---- C:\WINDOWS\Installer
2016-02-16 16:34:26 ----D---- C:\WINDOWS\Microsoft.NET
2016-02-16 16:22:02 ----RD---- C:\WINDOWS\System32
2016-02-16 16:22:02 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-16 16:21:35 ----D---- C:\Windows
2016-02-16 15:45:21 ----D---- C:\Users\PC\AppData\Roaming\DAEMON Tools Lite
2016-02-16 14:39:20 ----HD---- C:\WINDOWS\ELAMBKUP
2016-02-16 14:39:20 ----D---- C:\WINDOWS\system32\drivers
2016-02-14 11:55:18 ----RSD---- C:\WINDOWS\assembly
2016-02-14 11:53:37 ----D---- C:\WINDOWS\rescache
2016-02-14 11:46:04 ----D---- C:\WINDOWS\Inf
2016-02-14 11:46:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-12 20:21:49 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-02-12 18:14:30 ----D---- C:\Program Files (x86)\Hard Disk Sentinel
2016-02-10 21:29:53 ----D---- C:\WINDOWS\SYSWOW64\RTCOM
2016-02-10 21:29:48 ----D---- C:\WINDOWS\system32\catroot
2016-02-10 21:25:22 ----D---- C:\WINDOWS\WinSxS
2016-02-10 21:21:33 ----D---- C:\Program Files\Windows Journal
2016-02-10 21:21:32 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-02-10 21:21:32 ----D---- C:\WINDOWS\system32\wbem
2016-02-10 21:21:32 ----D---- C:\WINDOWS\system32\cs-CZ
2016-02-10 21:21:32 ----D---- C:\Program Files\Internet Explorer
2016-02-10 21:21:32 ----D---- C:\Program Files (x86)\Internet Explorer
2016-02-10 20:13:39 ----D---- C:\WINDOWS\CbsTemp
2016-02-10 20:13:01 ----D---- C:\ProgramData\Microsoft Help
2016-02-10 20:12:43 ----A---- C:\WINDOWS\win.ini
2016-02-10 20:07:57 ----D---- C:\WINDOWS\system32\MRT
2016-02-10 19:58:34 ----A---- C:\WINDOWS\system32\MRT.exe
2016-02-10 19:56:37 ----D---- C:\WINDOWS\system32\catroot2
2016-02-10 12:59:50 ----HD---- C:\Program Files\WindowsApps
2016-02-10 12:59:50 ----D---- C:\WINDOWS\AppReadiness
2016-02-09 20:30:38 ----D---- C:\Users\PC\AppData\Roaming\vlc
2016-02-07 16:54:09 ----RD---- C:\WINDOWS\ToastData
2016-02-07 16:53:22 ----RSD---- C:\WINDOWS\Fonts
2016-02-04 11:38:08 ----D---- C:\WINDOWS\system32\appraiser
2016-02-04 11:38:07 ----D---- C:\WINDOWS\apppatch
2016-02-02 03:37:41 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2016-02-01 15:44:23 ----D---- C:\Users\PC\AppData\Roaming\BSplayer Pro
2016-01-26 19:48:02 ----D---- C:\ProgramData\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide64;amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [2014-05-10 11944]
R0 AVGIDSHA;AVGIDSHA; C:\WINDOWS\system32\DRIVERS\avgidsha.sys [2016-01-08 272304]
R0 Avgloga;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avgloga.sys [2015-08-14 398256]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx64.sys [2016-01-22 260528]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx64.sys [2015-12-04 42416]
R0 Avguniva;AVG Universal Driver; C:\WINDOWS\system32\DRIVERS\avguniva.sys [2016-01-08 23472]
R0 speedfan;speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 AppleCharger;AppleCharger; C:\WINDOWS\system32\DRIVERS\AppleCharger.sys [2012-03-08 22128]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 59728]
R1 Avgdiska;AVG Disk Driver; C:\WINDOWS\system32\DRIVERS\avgdiska.sys [2015-11-06 184240]
R1 Avgfwfd;@oem80.inf,%AvgfwfdService_Desc%;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwd6a.sys [2015-08-29 97208]
R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdrivera.sys [2016-01-05 315312]
R1 Avgldx64;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx64.sys [2015-10-21 284080]
R1 Avgwfpa;AVG Firewall Driver; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [2015-12-16 315840]
R1 dtsoftbus01;@oem22.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2013-01-23 283200]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [2015-01-02 26528]
R1 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2011-09-16 11552]
R2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2013-09-20 59648]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2013-05-27 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2011-09-16 72216]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-11-13 21516800]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-11-13 483840]
R3 AtiHDAudioService;@oem159.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWB6.sys [2015-08-06 102912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2016-02-10 4705536]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2015-10-05 25816]
R3 RTL8168;@oem160.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2015-12-03 935168]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2012-06-18 57000]
S0 Avgboota;AVG Early Launch Anti-Malware Driver; C:\WINDOWS\system32\DRIVERS\avgboota.sys [2016-01-07 21632]
S3 dg_ssudbus;@oem1.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2014-05-17 25640]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2014-05-17 25640]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2014-05-17 30528]
S3 HTCAND64;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2016-02-17 192216]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2015-10-05 64216]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2013-01-24 82816]
S3 pwdrvio;pwdrvio; \??\C:\WINDOWS\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\WINDOWS\syswow64\pwdspio.sys []
S3 ssudmdm;@oem2.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2015-11-13 296448]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-07-04 344064]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\Av\avgfws.exe [2016-02-01 1580352]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2016-02-01 3881184]
R2 avgsvc;AVG Service; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-01-12 1048488]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2016-02-01 561104]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2015-12-09 417288]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2015-12-09 507400]
R2 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2011-09-16 407424]
R2 Start8;Stardock Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2014-06-12 143288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-11 107848]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe []
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09 269504]
S3 AppleChargerSrv;AppleChargerSrv; C:\WINDOWS\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AvgAMPS;AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [2016-02-01 604144]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-11 107848]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-02-12 146888]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S4 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]

-----------------EOF-----------------

[JaRon]

ZMAZ vsetky subory v adresari C:\WINDOWS\tasks
+
restart

[Zolo]

Vážený JaRon, ďakujem!!!

Momentálny stav:
- program ESET Online Scanner našiel a vymazal 11 potencionálnych hrozieb
- pustil som program (ospravedlňujem sa, ale bez Vášho povolenia) AdwCleaner 5.034 - viď. logfile
- vymazal súbory v adresári C:\WINDOWS\tasks + restart
A všetko je OK, nastavené domovské stránky (v IE: www.seznam.cz a vo Firefoxu: www.atlas.cz) po ich otvorení sa NEMENIA

Ešte raz Vám pekne ďakujem za ochotu pomocť a za rady!!

# AdwCleaner v5.034 - Logfile created 17/02/2016 at 13:17:12
# Updated 16/02/2016 by Xplode
# Database : 2016-02-16.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : PC - PC-01
# Running from : d:\Users\PC\Desktop\SŤAHOVANIE\adwcleaner_5.034.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut Disinfected : d:\Users\PC\Desktop\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [TheTorntv V10-bg.exe]
[-] Key Deleted : HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4844 bytes] ##########

[JaRon]

vsetky kroky boli namieste rad som pomohol