cse google custom search, avast hlásí Win64:malware-gen

Zpráva

kladelko · #1 Příspěvek od **kladelko** » 09 lis 2016 23:33

Logfile of random's system information tool 1.14 (written by random/random)
Run by Ondra at 2016-11-08 23:27:46
Microsoft Windows 8.1
System drive C: has 28 GB (23%) free of 123 GB
Total RAM: 8157 MB (78% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:27:48, on 8. 11. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
C:\Users\Ondra\AppData\Roaming\Seznam.cz\szninstall.exe
C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Users\Ondra\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe
C:\Program Files\trend micro\Ondra_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12454
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.fusker.lv:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
O4 - HKLM\..\Run: [PlaysTV] "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Ondra\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Ondra\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O8 - Extra context menu item: Download with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dllink.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://sslvpn.cez.cz/dana-cached/sc/Ju ... Client.cab
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\Progsl\Origin\OriginClientService.exe
O23 - Service: Plays.tv Update Service (PlaysService) - Plays.tv, LLC - C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @oem6.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WUAUCLT - Unknown owner - C:\Users\Ondra\AppData\Roaming\nssm.exe

--
End of file - 11310 bytes

======Enumerating Processes======

C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\dwm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe"
C:\Windows\system32\dashost.exe
"C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe"
"C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=54.0.2840.87 --handshake-handle=0x114
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe"
"C:\Program Files\RogueKiller\RogueKiller64.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Control/AutofillCreditCardSigninPromo/Default/AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/ClientSideDetectionModel/Model0/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/StrictSecureCookies/Default/SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_14/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=5,14,15,16,17,19,33,59 --gpu-vendor-id=0x1002 --gpu-device-id=0x6811 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=21.19.160.512 --gpu-driver-date=11-3-2016 --mojo-application-channel-token=C30A522853C2EFB7EF2E286031B71DF0 --mojo-platform-channel-handle=1152 --ignored=" --type=renderer " /prefetch:2
"C:\Windows\System32\rundll32.exe" "C:\Program Files\TextEnhance\TextEnhance.dll",_
"C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/Control/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_14/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=BEC442C46EB4FEA85F174CED4ABDCCD2 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=BEC442C46EB4FEA85F174CED4ABDCCD2 --channel="3060.0.8347620\1591838731" --mojo-platform-channel-handle=2120 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/Control/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_14/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=9631B3A694E9902986066E85A1371E49 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=9631B3A694E9902986066E85A1371E49 --channel="3060.2.401053313\1802331538" --mojo-platform-channel-handle=2568 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/Control/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_14/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=5142A66E0EBF8C26B8E26B866FC1C7C0 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=5142A66E0EBF8C26B8E26B866FC1C7C0 --channel="3060.3.1016608143\1585923157" --mojo-platform-channel-handle=2648 /prefetch:1
"C:\Users\Ondra\AppData\Roaming\Seznam.cz\szninstall.exe" -c
C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
"C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
"C:\Users\Ondra\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
"C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe" -Embedding
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe" --log_to_file --from_stub --startup
C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\PROGRA~2\RAPTRI~1\Raptr\raptr_ep64.exe" 4776
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3083710393-1039411083-1544633742-10011_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3083710393-1039411083-1544633742-10011 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 536 560 572 65536 568
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/Control/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_14/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=659EBC1BF6BA87532E801B2C21F290C2 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=659EBC1BF6BA87532E801B2C21F290C2 --channel="3060.7.2098537568\1370536554" --mojo-platform-channel-handle=4392 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/Control/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_14/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=C0D8F17C255B9A6D775E4490FEFDCCF5 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=C0D8F17C255B9A6D775E4490FEFDCCF5 --channel="3060.8.2010484866\2085535503" --mojo-platform-channel-handle=4980 /prefetch:1
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Ondra\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe -check pepperplugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\AMD Updater - "C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe" /AUTOUPDATEIN
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1454524757 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1477250763 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1478153121 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\User_Feed_Synchronization-{817A01EA-6097-4DBA-843A-1B864A6F2B33} - C:\Windows\system32\msfeedssync.exe sync
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-3083710393-1039411083-1544633742-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\Windows\system32\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - rundll32.exe WSClient.dll,RefreshBannedAppsList
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime - %windir%\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeReminderTime
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime - %windir%\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeTime
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess - %windir%\system32\GWX\GWX.exe /tasklaunch
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent - %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader - %windir%\system32\WSqmCons.exe -u
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent /increment
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe %windir%\system32\invagent.dll,RunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs

=========Mozilla firefox=========

ProfilePath - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\2usg47ko.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.111.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\components\
IICAClient.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
CCMSDK.dll
cgpcfg.dll
CgpCore.dll
confmgr.dll
ctxlogging.dll
ctxmui.dll
ICAClObj.class
icafile.dll
icalogon.dll
npicaN.dll
nppdf32.dll
sslsdk_b.dll
TcpPServ.dll

C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\2usg47ko.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\2usg47ko.default\addons.json
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\2usg47ko.default\pluginreg.dat
Plugin - Adobe Acrobat - 15.20.20039.7108 - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
Plugin - VLC Web Plugin - 2.2.4.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
Plugin - Silverlight Plug-In - 5.1.50901.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll
Plugin - Shockwave for Director - 12.2.5.195 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll
Plugin - Shockwave Flash - 23.0.0.205 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll

=========Google Chrome=========

C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cnpniohnfphhjihaiiggeabnkjhpaldj 1 Image Downloader 2.2.4
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.60
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension eofcbnmajmjmplflapaojjnihcjkigck 2 Avast SafePrice 12.0.102
Extension fhoibnponjcgjgcnfacekaijdbbplhib 2 Ochrana Kaspersky 5.0.141.0
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 2 Dokumenty Google offline 1.4
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock 3.5.0
Extension gomekmidlodglbbmalcneegieacbdmki 2 Avast Online Security 12.0.124
Extension jmjjnhpacphpjmnnlnccpfmhkcloaade
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pafkbggdmjlpgkdkcbjmhmfcdpncadgh 1 Google Now 1.2.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5416.905.0.6
Homepage: http://www.seznam.cz/
default_search_provider.search_url:
C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-24 571456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-03 790552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-24 234560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-03 664848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2013-12-26 4689072]
"VIAxHCUtl"=C:\Program Files\VIA XHCI UASP Utility\usb3Monitor []
"rundll32"=C:\Program Files\TextEnhance\TextEnhance.dll [2015-05-11 2705920]
"StartCN"=C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [2016-10-04 8029064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-04-15 8698584]
"cz.seznam.software.autoupdate"=C:\Users\Ondra\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"Spotify Web Helper"=C:\Users\Ondra\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2016-09-05 1523312]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"ConnectionCenter"=C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2012-03-28 309184]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2015-02-24 311616]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-11-08 9044392]
"Raptr"=C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [2016-09-28 58584]
"PlaysTV"=C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [2016-03-25 71440]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22 587288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"ConsentPromptBehaviorAdmin"=0
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-11-08 23:18:07 ----D---- C:\rsit
2016-11-08 23:18:07 ----D---- C:\Program Files\trend micro
2016-11-08 23:16:46 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2016-11-08 23:16:28 ----D---- C:\Program Files\RogueKiller
2016-11-08 23:16:23 ----D---- C:\ProgramData\RogueKiller
2016-11-08 19:13:40 ----A---- C:\Windows\system32\aswBoot.exe
2016-11-07 23:17:05 ----A---- C:\Recovery.txt
2016-11-07 18:49:27 ----D---- C:\Users\Ondra\AppData\Roaming\Spyware Terminator
2016-11-07 18:49:27 ----D---- C:\ProgramData\Spyware Terminator
2016-11-07 18:49:24 ----D---- C:\Program Files (x86)\Spyware Terminator
2016-11-07 17:05:02 ----A---- C:\autoexec.bat
2016-11-06 23:10:29 ----A---- C:\Users\Ondra\AppData\Roaming\LogFile.txt
2016-11-06 23:09:59 ----D---- C:\Program Files\BDServices
2016-11-04 02:16:56 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2016-11-04 02:16:48 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2016-11-04 02:16:48 ----A---- C:\Windows\system32\atimpc64.dll
2016-11-04 02:16:46 ----A---- C:\Windows\system32\amdpcom64.dll
2016-11-04 02:16:44 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2016-11-04 02:16:44 ----A---- C:\Windows\system32\amdmiracast.dll
2016-11-04 02:16:42 ----A---- C:\Windows\system32\amdhcp64.dll
2016-11-04 02:16:40 ----A---- C:\Windows\SYSWOW64\amdhcp32.dll
2016-11-04 02:16:36 ----A---- C:\Windows\system32\amdave64.dll
2016-11-04 02:16:28 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2016-11-04 02:16:24 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2016-11-04 02:16:22 ----A---- C:\Windows\system32\atisamu64.dll
2016-11-04 02:16:20 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2016-11-04 02:16:20 ----A---- C:\Windows\SYSWOW64\atisamu32.dll
2016-11-04 02:16:20 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2016-11-04 02:16:20 ----A---- C:\Windows\system32\atiumd64.dll
2016-11-04 02:16:18 ----A---- C:\Windows\system32\atiu9p64.dll
2016-11-04 02:16:18 ----A---- C:\Windows\system32\amfrt64.dll
2016-11-04 02:16:16 ----A---- C:\Windows\SYSWOW64\amfrt32.dll
2016-11-04 02:16:12 ----A---- C:\Windows\system32\amdvlk64.dll
2016-11-04 02:16:08 ----A---- C:\Windows\system32\GameManager64.dll
2016-11-04 02:16:06 ----A---- C:\Windows\SYSWOW64\GameManager32.dll
2016-11-04 02:16:06 ----A---- C:\Windows\SYSWOW64\amdvlk32.dll
2016-11-04 02:16:04 ----A---- C:\Windows\system32\dgtrayicon.exe
2016-11-04 02:16:04 ----A---- C:\Windows\system32\detoured.dll
2016-11-04 02:16:02 ----A---- C:\Windows\SYSWOW64\detoured.dll
2016-11-04 02:16:02 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2016-11-04 02:16:02 ----A---- C:\Windows\system32\amduve64.dll
2016-11-04 02:16:00 ----A---- C:\Windows\SYSWOW64\amduve32.dll
2016-11-04 02:15:56 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2016-11-04 02:15:56 ----A---- C:\Windows\system32\atitmm64.dll
2016-11-04 02:15:56 ----A---- C:\Windows\system32\atimuixx.dll
2016-11-04 02:15:56 ----A---- C:\Windows\system32\amdmmcl6.dll
2016-11-04 02:15:54 ----A---- C:\Windows\SYSWOW64\amdmmcl.dll
2016-11-04 02:15:54 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2016-11-04 02:15:52 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2016-11-04 02:15:52 ----A---- C:\Windows\SYSWOW64\amdmcl32.dll
2016-11-04 02:15:52 ----A---- C:\Windows\system32\atiglpxx.dll
2016-11-04 02:15:52 ----A---- C:\Windows\system32\amdmcl64.dll
2016-11-04 02:15:50 ----A---- C:\Windows\system32\atig6txx.dll
2016-11-04 02:15:50 ----A---- C:\Windows\system32\atig6pxx.dll
2016-11-04 02:15:48 ----A---- C:\Windows\system32\atiesrxx.exe
2016-11-04 02:15:46 ----A---- C:\Windows\system32\atieclxx.exe
2016-11-04 02:15:46 ----A---- C:\Windows\system32\atieah64.exe
2016-11-04 02:15:44 ----A---- C:\Windows\SYSWOW64\atieah32.exe
2016-11-04 02:15:42 ----A---- C:\Windows\system32\atidemgy.dll
2016-11-04 02:15:40 ----A---- C:\Windows\SYSWOW64\mantleaxl32.dll
2016-11-04 02:15:40 ----A---- C:\Windows\system32\mantleaxl64.dll
2016-11-04 02:15:40 ----A---- C:\Windows\system32\aticalrt64.dll
2016-11-04 02:15:38 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2016-11-04 02:15:38 ----A---- C:\Windows\system32\mantle64.dll
2016-11-04 02:15:36 ----A---- C:\Windows\SYSWOW64\mantle32.dll
2016-11-04 02:15:34 ----A---- C:\Windows\system32\ATIODE.exe
2016-11-04 02:15:34 ----A---- C:\Windows\system32\ATIODCLI.exe
2016-11-04 02:15:34 ----A---- C:\Windows\system32\aticaldd64.dll
2016-11-04 02:15:28 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2016-11-04 02:15:26 ----A---- C:\Windows\system32\aticalcl64.dll
2016-11-04 02:15:24 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2016-11-04 02:15:24 ----A---- C:\Windows\system32\atiapfxx.exe
2016-11-04 02:15:22 ----A---- C:\Windows\SYSWOW64\atiadlxx.dll
2016-11-04 02:15:20 ----A---- C:\Windows\system32\atiadlxx.dll
2016-11-04 02:15:18 ----A---- C:\Windows\system32\hsa-thunk64.dll
2016-11-04 02:15:16 ----A---- C:\Windows\SYSWOW64\hsa-thunk.dll
2016-11-04 02:15:14 ----A---- C:\Windows\system32\OpenCL.dll
2016-11-04 02:15:14 ----A---- C:\Windows\system32\clinfo.exe
2016-11-04 02:15:12 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2016-11-04 02:15:12 ----A---- C:\Windows\system32\amdmantle64.dll
2016-11-04 02:15:06 ----A---- C:\Windows\SYSWOW64\amdmantle32.dll
2016-11-04 02:15:06 ----A---- C:\Windows\system32\amdgfxinfo64.dll
2016-11-04 02:15:04 ----A---- C:\Windows\SYSWOW64\amdgfxinfo32.dll
2016-11-04 02:15:04 ----A---- C:\Windows\system32\amdocl64.dll
2016-11-04 02:15:04 ----A---- C:\Windows\system32\amdlvr64.dll
2016-11-04 02:15:02 ----A---- C:\Windows\SYSWOW64\amdlvr32.dll
2016-11-04 02:15:02 ----A---- C:\Windows\system32\drivers\amdacpksd.sys
2016-11-04 02:14:58 ----A---- C:\Windows\system32\amdocl12cl64.dll
2016-11-04 02:14:38 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2016-11-04 02:14:24 ----A---- C:\Windows\system32\atio6axx.dll
2016-11-04 02:14:20 ----A---- C:\Windows\system32\amdhdl64.dll
2016-11-04 02:14:18 ----A---- C:\Windows\SYSWOW64\amdhdl32.dll
2016-11-04 02:13:32 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2016-11-04 00:32:03 ----D---- C:\Windows\LastGood.Tmp
2016-11-03 07:05:48 ----D---- C:\Users\Ondra\AppData\Roaming\AVAST Software
2016-10-31 23:15:08 ----D---- C:\Program Files (x86)\F-Secure
2016-10-26 22:21:47 ----D---- C:\ProgramData\F-Secure
2016-10-23 20:30:46 ----A---- C:\Windows\avastSS.scr
2016-10-23 20:21:35 ----ASH---- C:\pagefile.sys
2016-10-23 00:41:00 ----D---- C:\AdwCleaner
2016-10-22 23:57:04 ----D---- C:\ProgramData\Kaspersky Lab
2016-10-22 23:57:04 ----D---- C:\Program Files (x86)\Kaspersky Lab
2016-10-22 23:56:59 ----A---- C:\ProgramData\ntuser.dat
2016-10-21 19:22:38 ----A---- C:\Windows\system32\amde31a.dat
2016-10-21 19:22:10 ----A---- C:\Windows\system32\ativce03.dat
2016-10-21 18:00:40 ----A---- C:\Windows\system32\amde34a.dat
2016-10-21 18:00:10 ----A---- C:\Windows\system32\amde34b.dat
2016-10-20 19:49:38 ----D---- C:\ProgramData\Malwarebytes
2016-10-20 17:10:16 ----A---- C:\Windows\system32\ativce02.dat
2016-10-16 09:33:26 ----D---- C:\Program Files\Common Files\Microsoft
2016-10-16 09:33:26 ----D---- C:\Program Files\Adware-Removal-Tool
2016-10-12 22:03:41 ----D---- C:\ProgramData\Spybot - Search & Destroy
2016-10-12 22:03:38 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2

======List of files/folders modified in the last 1 month======

2016-11-08 23:27:15 ----D---- C:\Windows\Inf
2016-11-08 23:26:57 ----D---- C:\Windows\Temp
2016-11-08 23:26:49 ----D---- C:\Users\Ondra\AppData\Roaming\Raptr
2016-11-08 23:26:45 ----D---- C:\Windows\Prefetch
2016-11-08 23:25:25 ----RSD---- C:\Windows\Fonts
2016-11-08 23:24:43 ----SHD---- C:\Windows\Installer
2016-11-08 23:24:40 ----SHD---- C:\Config.Msi
2016-11-08 23:24:35 ----RSD---- C:\Windows\assembly
2016-11-08 23:24:35 ----D---- C:\Program Files (x86)\OpenOffice 4
2016-11-08 23:18:07 ----RD---- C:\Program Files
2016-11-08 23:16:46 ----D---- C:\Windows\system32\drivers
2016-11-08 23:16:23 ----HD---- C:\ProgramData
2016-11-08 23:00:39 ----D---- C:\Windows\System32
2016-11-08 23:00:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-11-08 23:00:00 ----D---- C:\Windows\system32\sru
2016-11-08 22:59:03 ----D---- C:\Users\Ondra\AppData\Roaming\Seznam.cz
2016-11-08 22:53:09 ----D---- C:\Windows
2016-11-08 21:41:17 ----D---- C:\Windows\SysWOW64
2016-11-08 21:41:11 ----D---- C:\Windows\system32\Macromed
2016-11-08 21:41:10 ----D---- C:\Windows\SYSWOW64\Macromed
2016-11-08 19:32:21 ----SHD---- C:\System Volume Information
2016-11-08 19:27:07 ----D---- C:\Windows\Microsoft.NET
2016-11-08 19:24:52 ----D---- C:\Windows\system32\config
2016-11-08 19:20:46 ----D---- C:\Windows\system32\Tasks
2016-11-08 19:19:27 ----D---- C:\Windows\Logs
2016-11-08 19:18:40 ----D---- C:\Windows\system32\catroot2
2016-11-08 19:17:14 ----D---- C:\Windows\SoftwareDistribution
2016-11-08 00:05:29 ----SD---- C:\Windows\SYSWOW64\GWX
2016-11-08 00:05:29 ----SD---- C:\Windows\system32\GWX
2016-11-08 00:05:29 ----SD---- C:\Windows\system32\CompatTel
2016-11-08 00:05:29 ----RSD---- C:\Windows\Media
2016-11-08 00:05:29 ----RD---- C:\Windows\ToastData
2016-11-08 00:05:29 ----D---- C:\Windows\WinSxS
2016-11-08 00:05:29 ----D---- C:\Windows\Tasks
2016-11-08 00:05:29 ----D---- C:\Windows\SYSWOW64\wbem
2016-11-08 00:05:29 ----D---- C:\Windows\SYSWOW64\migration
2016-11-08 00:05:29 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-11-08 00:05:29 ----D---- C:\Windows\system32\wbem
2016-11-08 00:05:29 ----D---- C:\Windows\system32\migration
2016-11-08 00:05:29 ----D---- C:\Windows\system32\drivers\etc
2016-11-08 00:05:29 ----D---- C:\Windows\system32\drivers\cs-CZ
2016-11-08 00:05:29 ----D---- C:\Windows\system32\cs-CZ
2016-11-08 00:05:29 ----D---- C:\Windows\system32\Boot
2016-11-08 00:05:29 ----D---- C:\Windows\system32\appraiser
2016-11-08 00:05:29 ----D---- C:\Windows\rescache
2016-11-08 00:05:29 ----D---- C:\Windows\PolicyDefinitions
2016-11-08 00:05:29 ----D---- C:\Windows\apppatch
2016-11-08 00:05:29 ----D---- C:\Program Files\Windows Media Player
2016-11-08 00:05:29 ----D---- C:\Program Files\Internet Explorer
2016-11-08 00:05:29 ----D---- C:\Program Files (x86)\Windows Media Player
2016-11-08 00:05:29 ----D---- C:\Program Files (x86)\Internet Explorer
2016-11-08 00:05:25 ----D---- C:\Windows\system32\CodeIntegrity
2016-11-08 00:05:25 ----D---- C:\Windows\system32\catroot
2016-11-08 00:05:24 ----D---- C:\Users\Ondra\AppData\Roaming\GHISLER
2016-11-08 00:05:19 ----D---- C:\Program Files\Microsoft Silverlight
2016-11-08 00:05:19 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-11-08 00:04:34 ----HD---- C:\Program Files\WindowsApps
2016-11-08 00:02:51 ----D---- C:\Windows\registration
2016-11-08 00:02:24 ----D---- C:\Windows\system32\Sysprep
2016-11-08 00:01:55 ----D---- C:\Windows\system32\DriverStore
2016-11-08 00:00:37 ----RD---- C:\Program Files (x86)
2016-11-08 00:00:36 ----D---- C:\Program Files (x86)\Common Files
2016-11-06 22:37:43 ----D---- C:\Windows\DigitalLocker
2016-11-04 22:39:15 ----D---- C:\Program Files (x86)\Google
2016-11-04 02:16:50 ----A---- C:\Windows\system32\atiumd6a.dll
2016-11-04 02:16:36 ----A---- C:\Windows\SYSWOW64\amdave32.dll
2016-11-04 02:16:28 ----A---- C:\Windows\system32\atiuxp64.dll
2016-11-04 02:16:06 ----A---- C:\Windows\system32\atidxx64.dll
2016-11-04 02:15:58 ----A---- C:\Windows\system32\aticfx64.dll
2016-11-04 02:15:52 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2016-11-04 02:15:22 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2016-11-04 02:15:08 ----A---- C:\Windows\system32\coinst_16.40.dll
2016-11-04 02:14:54 ----A---- C:\Windows\SYSWOW64\amdocl12cl.dll
2016-11-04 02:14:50 ----A---- C:\Windows\SYSWOW64\amdocl.dll
2016-11-04 00:50:22 ----D---- C:\Windows\debug
2016-11-04 00:49:44 ----D---- C:\Windows\CbsTemp
2016-11-04 00:31:15 ----D---- C:\Program Files\AMD
2016-11-04 00:30:03 ----D---- C:\AMD
2016-11-03 07:59:36 ----D---- C:\Windows\Migration
2016-11-03 07:59:36 ----D---- C:\Windows\Boot
2016-11-03 07:59:22 ----D---- C:\ProgramData\AVAST Software
2016-11-03 07:59:16 ----D---- C:\Program Files\AVAST Software
2016-11-03 07:59:09 ----D---- C:\Program Files (x86)\Combined Community Codec Pack
2016-11-03 07:51:45 ----SD---- C:\ProgramData\Microsoft
2016-11-03 07:51:24 ----D---- C:\Program Files\Common Files
2016-10-24 21:23:13 ----D---- C:\ProgramData\Oracle
2016-10-24 21:23:11 ----D---- C:\Program Files\Java
2016-10-24 21:22:45 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2016-10-23 20:21:54 ----D---- C:\ProgramData\HandSetService
2016-10-23 20:20:47 ----D---- C:\Windows\system32\drivers\UMDF
2016-10-23 20:20:47 ----D---- C:\Users\Ondra\AppData\Roaming\vlc
2016-10-23 20:20:38 ----D---- C:\Program Files\CCleaner
2016-10-23 20:20:34 ----D---- C:\Program Files (x86)\HiSuite
2016-10-23 20:20:34 ----D---- C:\movies
2016-10-23 20:20:30 ----HD---- C:\Windows\ELAMBKUP
2016-10-23 20:16:35 ----D---- C:\Program Files\Common Files\AV
2016-10-22 09:31:14 ----D---- C:\Windows\ModemLogs
2016-10-20 15:48:54 ----D---- C:\Windows\Minidump
2016-10-16 12:22:51 ----D---- C:\Windows\system32\NDF
2016-10-14 16:17:42 ----D---- C:\Windows\AppReadiness
2016-10-11 22:53:14 ----D---- C:\Program Files (x86)\Mozilla Firefox

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\System32\drivers\amd_sata.sys [2013-06-28 80640]
R0 amd_xata;amd_xata; C:\Windows\System32\drivers\amd_xata.sys [2013-06-28 25344]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-10-23 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-11-03 293352]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2013-10-28 22240]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-10-23 37144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-10-23 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-11-03 969184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-11-03 513632]
R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2012-03-19 89536]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2013-03-04 40344]
R1 NEOFLTR_817_41041;Juniper Networks TDI Filter Driver (NEOFLTR_817_41041); \??\C:\Windows\system32\Drivers\NEOFLTR_817_41041.SYS [2015-12-18 108344]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2013-09-20 59648]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-10-23 108816]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-10-23 163416]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-11-04 26558976]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-11-04 520072]
R3 AtiHDAudioService;@oem48.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdWB6.sys [2016-08-09 118848]
R3 netr7364;@netr7364.inf,%General.Service.DispName%;RT73 USB - ovladač rozšiřitelné karty pro bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\netr7364.sys [2013-06-18 729152]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-06-21 816344]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2013-03-08 58536]
R3 VClone;VClone; C:\Windows\System32\drivers\VClone.sys [2013-07-24 34816]
R3 VIAHdAudAddService;@oem6.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2013-12-16 691888]
R3 VUSB3HUB;@oem9.inf,%VUSB3HUB.SVCDESC%;VIA USB 3 Root Hub Service; C:\Windows\System32\drivers\ViaHub3.sys [2013-08-12 227840]
S0 amdkmafd;@oem3.inf,%AMDKMAFD_svcdesc%;AMD Audio Bus Lower Filter; C:\Windows\System32\drivers\amdkmafd.sys [2012-09-23 21160]
S1 UsbCharger;UsbCharger; C:\Windows\system32\DRIVERS\UsbCharger.sys [2013-10-24 22240]
S3 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-10-23 37656]
S3 cpuz135;cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys []
S3 dg_ssudbus;@oem47.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2016-07-22 130688]
S3 ew_usbccgpfilter;@oem40.inf,%busupper.SVCDESC%;HwHandSet_CompositeFilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [2016-05-25 18816]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0; C:\Windows\system32\DRIVERS\libusb0.sys [2011-05-17 44480]
S3 ssudmdm;@oem46.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2016-07-22 164992]
S3 TrueSight;TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [2016-11-08 28272]
S3 WDC_SAM;@oem12.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam64.sys [2015-11-12 26880]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-11-04 289160]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-07-15 344064]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-10-23 197128]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 PlaysService;Plays.tv Update Service; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [2016-03-25 32528]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-10-13 743688]
R2 VIAKaraokeService;@oem6.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2012-12-11 27768]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-04 153752]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [2016-05-25 191688]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08 270016]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation;"ServiceDll"=%SystemRoot%\System32\BthHFSrv.dll
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-04 153752]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-09 114800]
S3 Origin Client Service;Origin Client Service; D:\Progsl\Origin\OriginClientService.exe [2016-02-04 2104840]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-06-15 1518672]

-----------------EOF-----------------

Avast hlásí infekci v procesu rundll32.exe a veškeré prohlížeče jsou "nakaženy" google custom search. Děkuji

#2 Příspěvek od **Márty84** » 10 lis 2016 02:33

Zdravim

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

kladelko · #3 Příspěvek od **kladelko** » 10 lis 2016 19:45

Zdravím, děkuji za reakci a posílám požadované logy. Ještě pro upřesnění, po restartu PC mi Avast detekoval následující:

js:Agent-DEZ (EXPL)
proces: c:\windows\system32\rundll32.exe
objekt: http://adunits.net/files/pounder/javascripts

Win64:Malware-gen
proces: c:\windows\system32\rundll32.exe
objekt: C:\User\AppData\Local\Temp\g7C6F.tmp.exe

# AdwCleaner v6.030 - Log soubor vytvořen 09/11/2016 na 16:27:19
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-10.1 [Server]
# Operační systém : Windows 8.1 (X64)
# Uživatelské jméno : Ondra - ONDRA-PC
# Beží od : C:\Users\Ondra\Desktop\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Adresáře ] *****

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupce ] *****

***** [ Plánovač úloh ] *****

***** [ Registry ] *****

***** [ Prohlížeče ] *****

---------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 9. 11. 2016
Čas skenování: 17:51
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.11.10.07
Databáze rootkitů: v2016.10.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Ondra

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 551633
Uplynulý čas: 1 hod, 43 min, 42 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 1
Trojan.Agent.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUCLT, , [d2cd239bb4e68babb8ab591d758d9c64],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
Trojan.Agent.Gen, C:\Users\Ondra\AppData\Roaming\nssm.exe, , [d2cd239bb4e68babb8ab591d758d9c64],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#4 Příspěvek od **Márty84** » 10 lis 2016 20:42

Vsechny nalezy nechte odstranit. Po odstraneni a restartu pc test s MBAM zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

Najdete tento soubor c:\windows\system32\rundll32.exe a otestujte ho na virustotal a jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846 Vysledky sem zkopirujte, nebo dejte odkaz.

kladelko · #5 Příspěvek od **kladelko** » 10 lis 2016 23:31

MBAM po restartu:

alwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 9. 11. 2016
Čas skenování: 21:40
Protokol: mbam1.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.11.10.10
Databáze rootkitů: v2016.10.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Ondra

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 552365
Uplynulý čas: 1 hod, 45 min, 10 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

....................................

https://virusscan.jotti.org/en-US/files ... 8bi11j5kb9

https://www.virustotal.com/cs/file/5cc2 ... /analysis/

#6 Příspěvek od **Márty84** » 11 lis 2016 16:31

Postupujte podle navodu kolegy

vyosek píše: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Ulozte nejlepe na plochu

Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu

Probehne vytvoreni zalohy a nasledne prohledavani

Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Postupujte podle navodu kolegy

vyosek píše: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Kód: Vybrat vše
autoclean;
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script

PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

kladelko · #7 Příspěvek od **kladelko** » 11 lis 2016 18:10

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 8.1 x64
Ran by Ondra (Administrator) on źt 10. 11. 2016 at 17:45:13,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 10. 11. 2016 at 17:47:42,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Ondra on źt 10. 11. 2016 at 17:49:00,52.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ondra\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10. 11. 2016 17:49:58 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\ASUS deleted successfully
C:\PROGRA~2\Extreme Picture Finder 3 deleted successfully
C:\PROGRA~3\Garmin deleted successfully
C:\Users\Ondra\AppData\Roaming\Spyware Terminator deleted successfully
C:\Users\Ondra\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Ondra\AppData\Local\EmieSiteList deleted successfully
C:\Users\Ondra\AppData\Local\EmieUserList deleted successfully
C:\Users\Ondra\AppData\Local\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\2usg47ko.default\prefs.js:
user_pref("browser.startup.homepage", "www.seznam.cz");

Added to C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\2usg47ko.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\ASUS not found
C:\PROGRA~2\Extreme Picture Finder 3 not found
C:\PROGRA~2\GUM10D.tmp deleted
C:\Users\Ondra\AppData\Roaming\libcurl.dll deleted
C:\Users\Ondra\AppData\Roaming\libeay32.dll deleted
C:\Users\Ondra\AppData\Roaming\libgcc_s_dw2-1.dll deleted
C:\Users\Ondra\AppData\Roaming\libidn-11.dll deleted
C:\Users\Ondra\AppData\Roaming\libpdcurses.dll deleted
C:\Users\Ondra\AppData\Roaming\pthreadGC2.dll deleted
C:\Users\Ondra\AppData\Roaming\ssleay32.dll deleted
C:\Users\Ondra\AppData\Roaming\zlib1.dll deleted
C:\Users\Ondra\AppData\Roaming\LogFile.txt deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\SET1DDE.tmp deleted
C:\Windows\Syswow64\SET29B3.tmp deleted
C:\Windows\Syswow64\SET3CCF.tmp deleted
C:\Windows\Syswow64\SET3D80.tmp deleted
C:\Windows\Syswow64\SET74AB.tmp deleted
C:\Windows\Syswow64\SET8066.tmp deleted
C:\Windows\Syswow64\SET8269.tmp deleted
C:\Windows\Syswow64\SET8C6D.tmp deleted
C:\Windows\Syswow64\SET8CC2.tmp deleted
C:\Windows\Syswow64\SETC9E5.tmp deleted
C:\Windows\Syswow64\SETCDE3.tmp deleted
C:\Windows\Syswow64\SETD199.tmp deleted
C:\Windows\Syswow64\SETD413.tmp deleted
C:\Windows\Syswow64\SETD519.tmp deleted
C:\Windows\Syswow64\SETDDBA.tmp deleted
C:\Windows\Syswow64\SETE042.tmp deleted
C:\Windows\Syswow64\SETE054.tmp deleted
C:\Windows\Syswow64\SETF3AD.tmp deleted

==== Orphaned Tasks deleted from Registry ======================

avast Emergency Update deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\2usg47ko.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [08. 11. 2016 19:13]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [08. 11. 2016 19:13]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\2usg47ko.default
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\2usg47ko.default
86C2467018027DFF6ED94F50D9CF1145 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll - Shockwave for Director / Shockwave for Director

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]

Image Downloader - Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj
Chrome Media Router - Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully
C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/?clid=12454"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/?clid=12454"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02
HKCU\SearchScopes\{216802DF-3815-4B72-B3FF-A0671838C9BB} - http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
HKCU\SearchScopes\{4425733E-5E13-4D82-9BF7-467E2308A3EA} - http://tv.seznam.cz/hledej?w={searchTer ... arch_12454
HKCU\SearchScopes\{44AB4B62-DE03-401A-A1CB-72005C824131} - http://www.mapy.cz/?query={searchTerms} ... arch_12454
HKCU\SearchScopes\{5D3B2134-E3E7-43B4-8978-19455D478CE1} - http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
HKCU\SearchScopes\{75E08126-F883-40DA-97C4-5688BFF174B0} - http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
HKCU\SearchScopes\{7EE61E0C-7AA4-4682-BB01-00D93683D279} - http://www.firmy.cz/?q={searchTerms}&so ... arch_12454
HKCU\SearchScopes\{9AC7E74E-68E1-4891-8628-8EDC7386AF7A} - http://www.novinky.cz/hledej?w={searchT ... arch_12454
HKCU\SearchScopes\{A7610EDE-C176-4B02-A2AB-9BDF61E5D723} - http://encyklopedie.seznam.cz/search?q= ... arch_12454

==== Reset Google Chrome ======================

C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Ondra\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Ondra\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Ondra\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Ondra\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=57 folders=45 241288773 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Ondra\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Ondra\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on źt 10. 11. 2016 at 18:08:19,38 ======================

kladelko · #8 Příspěvek od **kladelko** » 11 lis 2016 19:37

avast opět nahlásil hrozbu rundll32.exe, JS:Agent-DEZ (expl)

cse google custom search je stále součásti prohlížeče chrome

#9 Příspěvek od **Márty84** » 12 lis 2016 09:09

Chrome preinstalujte.

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

kladelko · #10 Příspěvek od **kladelko** » 12 lis 2016 13:58

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Ondra (administrator) on ONDRA-PC (11-11-2016 13:53:59)
Running from C:\Users\Ondra\Desktop
Loaded Profiles: Ondra (Available Profiles: Ondra)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Ondra\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [rundll32] => C:\Windows\system32\rundll32.exe "C:\Program Files\TextEnhance\TextEnhance.dll",_
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029064 2016-10-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9044392 2016-11-08] (AVAST Software)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-03-25] (Plays.tv, LLC)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Ondra\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\Run: [Spotify Web Helper] => C:\Users\Ondra\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-09-05] (Spotify Ltd)
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\MountPoints2: {277f2be3-a584-11e4-824e-806e6f6e6963} - "E:\setup.exe"
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\MountPoints2: {632c186c-a735-11e4-825b-fcaa140e8b57} - "H:\setup.exe"
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\MountPoints2: {d8c8005b-5c77-11e6-829b-fcaa140e8b57} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\MountPoints2: {d8c80081-5c77-11e6-829b-fcaa140e8b57} - "F:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-23] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3083710393-1039411083-1544633742-1001] => www.fusker.lv:80
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7F0FCF88-397D-41B8-B8DB-7ECB45A936C6}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {216802DF-3815-4B72-B3FF-A0671838C9BB} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {4425733E-5E13-4D82-9BF7-467E2308A3EA} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {44AB4B62-DE03-401A-A1CB-72005C824131} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {5D3B2134-E3E7-43B4-8978-19455D478CE1} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {75E08126-F883-40DA-97C4-5688BFF174B0} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {7EE61E0C-7AA4-4682-BB01-00D93683D279} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {9AC7E74E-68E1-4891-8628-8EDC7386AF7A} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {A7610EDE-C176-4B02-A2AB-9BDF61E5D723} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-24] (Oracle Corporation)
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\PROGRA~2\SPYWAR~1\STINTE~2.DLL => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-03] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-03] (AVAST Software)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://sslvpn.cez.cz/dana-cached/sc/JuniperSetupClient.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: 2usg47ko.default
FF ProfilePath: C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\2usg47ko.default [2016-11-11]
FF NewTab: Mozilla\Firefox\Profiles\2usg47ko.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\2usg47ko.default -> about:home
FF Extension: (Seznam lištička) - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\2usg47ko.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-09-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-08]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2012-03-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\all-gemius.js [2016-04-24]

Chrome:
=======
CHR Profile: C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default [2016-11-11]
CHR Extension: (Prezentace Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-11]
CHR Extension: (Dokumenty Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-11]
CHR Extension: (Disk Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-11]
CHR Extension: (YouTube) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-11]
CHR Extension: (Avast SafePrice) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-11]
CHR Extension: (Tabulky Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-11]
CHR Extension: (Gmail) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-11]
CHR Extension: (Chrome Media Router) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-23] (AVAST Software)
S2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [191688 2016-05-25] () [File not signed]
S3 Origin Client Service; D:\Progsl\Origin\OriginClientService.exe [2104840 2016-02-04] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-03-25] (Plays.tv, LLC)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ST2012_Svc; "C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-10-23] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-10-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-10-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-11-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-11-03] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-10-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-03] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18816 2016-05-25] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R1 NEOFLTR_817_41041; C:\Windows\system32\Drivers\NEOFLTR_817_41041.SYS [108344 2015-12-18] (Pulse Secure, LLC)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2013-08-12] (VIA Technologies, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [295424 2013-08-12] (VIA Technologies, Inc.)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-11 13:53 - 2016-11-11 13:54 - 00024368 _____ C:\Users\Ondra\Desktop\FRST.txt
2016-11-11 13:53 - 2016-11-11 13:53 - 00000000 ____D C:\FRST
2016-11-11 13:52 - 2016-11-11 13:52 - 00112640 _____ (forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe
2016-11-11 13:51 - 2016-11-11 13:51 - 02411520 _____ (Farbar) C:\Users\Ondra\Desktop\FRST64.exe
2016-11-11 13:51 - 2016-11-11 13:51 - 00112640 _____ (forum.viry.cz) C:\Users\Ondra\Downloads\Nepotvrzeno 738277.crdownload
2016-11-11 13:50 - 2016-11-11 13:51 - 02411520 _____ (Farbar) C:\Users\Ondra\Downloads\FRST64.exe
2016-11-11 13:49 - 2016-11-11 13:54 - 00000968 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-11 13:49 - 2016-11-11 13:54 - 00000964 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-11 13:49 - 2016-11-11 13:49 - 00003940 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-11 13:49 - 2016-11-11 13:49 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-11 13:49 - 2016-11-11 13:49 - 00002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-11 13:49 - 2016-11-11 13:49 - 00002285 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-11 10:40 - 2016-11-11 10:43 - 00002334 _____ C:\Windows\wininit.ini
2016-11-11 00:34 - 2016-11-11 00:34 - 00001060 _____ C:\Users\Public\Desktop\Spyware Terminator 2015.lnk
2016-11-11 00:33 - 2016-11-11 00:33 - 01115112 _____ (Crawler Group ) C:\Users\Ondra\Downloads\SpywareTerminatorSetup.exe
2016-11-11 00:25 - 2016-11-11 00:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ondra\Downloads\spybot-2.4 (1).exe
2016-11-10 18:09 - 2016-11-10 18:09 - 00011723 _____ C:\Users\Ondra\Desktop\zoek-results.txt
2016-11-10 18:06 - 2016-11-10 17:48 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-11-10 17:48 - 2016-11-10 18:04 - 00000000 ____D C:\zoek_backup
2016-11-10 17:48 - 2016-11-10 17:48 - 01309184 _____ C:\Users\Ondra\Downloads\zoek.exe
2016-11-10 17:48 - 2016-11-10 17:48 - 01309184 _____ C:\Users\Ondra\Desktop\zoek.exe
2016-11-10 17:45 - 2016-11-10 17:44 - 01631928 _____ (Malwarebytes) C:\Users\Ondra\Desktop\JRT.exe
2016-11-10 17:44 - 2016-11-10 17:44 - 01631928 _____ (Malwarebytes) C:\Users\Ondra\Downloads\JRT.exe
2016-11-09 23:29 - 2016-11-09 23:29 - 00001147 _____ C:\Users\Ondra\Desktop\mbam1.txt
2016-11-09 22:42 - 2016-11-09 22:42 - 00000000 _____ C:\Users\Ondra\Desktop\Nový textový dokument.txt
2016-11-09 19:37 - 2016-11-09 19:37 - 00001277 _____ C:\Users\Ondra\Desktop\mbam.txt
2016-11-09 16:35 - 2016-11-09 21:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-09 16:34 - 2016-11-09 16:34 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-09 16:34 - 2016-11-09 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-09 16:34 - 2016-11-09 16:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-09 16:34 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-09 16:34 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-09 16:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-09 16:33 - 2016-11-09 19:25 - 00001509 _____ C:\Users\Ondra\Desktop\AdwCleaner[C3].txt
2016-11-09 16:33 - 2016-11-09 16:40 - 00888832 _____ (Malwarebytes ) C:\Users\Ondra\Downloads\Nepotvrzeno 81265.crdownload
2016-11-09 16:24 - 2016-11-09 16:24 - 03910208 _____ C:\Users\Ondra\Downloads\adwcleaner_6.030.exe
2016-11-09 16:24 - 2016-11-09 16:24 - 03910208 _____ C:\Users\Ondra\Desktop\adwcleaner_6.030.exe
2016-11-09 16:23 - 2016-11-09 16:25 - 03037292 _____ C:\Users\Ondra\Downloads\Nepotvrzeno 915671.crdownload
2016-11-08 23:46 - 2016-11-11 00:15 - 00000000 ____D C:\Users\Ondra\AppData\Local\CrashDumps
2016-11-08 23:18 - 2016-11-08 23:27 - 00000000 ____D C:\Program Files\trend micro
2016-11-08 23:18 - 2016-11-08 23:23 - 00000000 ____D C:\rsit
2016-11-08 23:17 - 2016-11-08 23:17 - 01323520 _____ C:\Users\Ondra\Downloads\RSITx64.exe
2016-11-08 23:16 - 2016-11-08 23:38 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-08 23:16 - 2016-11-08 23:16 - 00000876 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-11-08 23:16 - 2016-11-08 23:16 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-08 23:16 - 2016-11-08 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-08 23:16 - 2016-11-08 23:16 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-08 23:15 - 2016-11-08 23:16 - 34114800 _____ (Adlice Software ) C:\Users\Ondra\Downloads\setup.exe
2016-11-08 19:13 - 2016-10-23 20:30 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-11-07 23:17 - 2016-11-07 23:17 - 00000000 _____ C:\Recovery.txt
2016-11-07 18:49 - 2016-11-11 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2016-11-07 18:49 - 2016-11-07 23:37 - 00000000 ____D C:\Users\Ondra\AppData\LocalLow\Spyware Terminator
2016-11-07 17:05 - 2016-11-07 17:05 - 00000000 _____ C:\autoexec.bat
2016-11-06 23:09 - 2016-11-08 00:05 - 00000000 ____D C:\Program Files\BDServices
2016-11-04 22:44 - 2016-11-04 22:44 - 03910208 _____ C:\Users\Ondra\Downloads\AdwCleaner.exe
2016-11-04 22:38 - 2016-11-04 22:38 - 00000000 _____ C:\Users\Ondra\Downloads\iExplore_exe.gi5f6k4.partial
2016-11-04 20:34 - 2016-11-04 00:44 - 00002310 _____ C:\Users\Ondra\Desktop\Rkill.txt
2016-11-04 02:16 - 2016-11-04 02:16 - 09981352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 09926536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 09111520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 08847888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 08065928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 07213248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 02481032 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 02163592 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00462080 _____ C:\Windows\system32\amdmiracast.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00281992 _____ C:\Windows\system32\dgtrayicon.exe
2016-11-04 02:16 - 2016-11-04 02:16 - 00275336 _____ C:\Windows\system32\GameManager64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00240008 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00155016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00145400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00139720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00136584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00134536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00123776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00117640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00059784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00020360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00020360 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 48824712 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 15728008 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 14318984 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 09311624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 07363976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 01333128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 01279400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00998280 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00842120 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00677256 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00525704 _____ (AMD) C:\Windows\system32\atieclxx.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00520072 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2016-11-04 02:15 - 2016-11-04 02:15 - 00458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00402312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00305544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2016-11-04 02:15 - 2016-11-04 02:15 - 00289160 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00286600 _____ (AMD) C:\Windows\system32\atitmm64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00269192 _____ C:\Windows\system32\clinfo.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00267656 _____ C:\Windows\system32\hsa-thunk64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00248200 _____ C:\Windows\system32\amdgfxinfo64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00233352 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00230280 _____ C:\Windows\system32\atieah64.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00221064 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00208264 _____ C:\Windows\SysWOW64\atieah32.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00201608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00160136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00129416 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00122760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00112520 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00110472 _____ (AMD) C:\Windows\system32\atimuixx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00108936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00103304 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00082824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00078728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00072072 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00068488 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00066952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00066440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00065416 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00054664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2016-11-04 02:14 - 2016-11-04 02:14 - 33241992 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2016-11-04 02:14 - 2016-11-04 02:14 - 27489672 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-11-04 02:14 - 2016-11-04 02:14 - 27292040 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2016-11-04 02:14 - 2016-11-04 02:14 - 00200584 _____ C:\Windows\system32\amdhdl64.dll
2016-11-04 02:14 - 2016-11-04 02:14 - 00180616 _____ C:\Windows\SysWOW64\amdhdl32.dll
2016-11-04 02:13 - 2016-11-04 02:13 - 26558976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2016-11-04 01:47 - 2016-11-04 01:47 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2016-11-04 01:43 - 2016-11-04 01:43 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2016-11-04 01:23 - 2016-11-04 01:23 - 00759128 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-11-04 01:23 - 2016-11-04 01:23 - 00759128 _____ C:\Windows\system32\atiapfxx.blb
2016-11-04 00:32 - 2016-11-08 00:01 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-11-03 07:05 - 2016-11-08 19:20 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1478153121
2016-11-03 07:05 - 2016-11-03 07:05 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\AVAST Software
2016-10-31 23:22 - 2016-10-31 23:22 - 00000000 ____D C:\Users\Ondra\AppData\LocalLow\F-Secure
2016-10-31 23:15 - 2016-11-03 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure
2016-10-31 23:15 - 2016-10-31 23:15 - 00000000 ____D C:\Program Files (x86)\F-Secure
2016-10-28 01:11 - 2016-10-28 01:11 - 00001874 _____ C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2016-10-26 22:21 - 2016-11-03 07:51 - 00000000 ____D C:\ProgramData\F-Secure
2016-10-26 22:21 - 2016-10-31 23:35 - 00000000 ____D C:\Users\Ondra\AppData\Local\F-Secure
2016-10-26 22:21 - 2016-10-26 22:21 - 00863712 _____ (F-Secure Corporation) C:\Users\Ondra\Downloads\F-Secure-Safe-Network-Installer.exe
2016-10-23 20:30 - 2016-10-23 20:30 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-10-23 20:26 - 2016-11-08 19:20 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 1 Browser.lnk
2016-10-23 20:26 - 2016-10-25 15:57 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1477250763
2016-10-23 00:49 - 2016-11-10 17:48 - 00000553 _____ C:\Users\Ondra\Desktop\JRT.txt
2016-10-23 00:41 - 2016-11-11 00:29 - 00000000 ____D C:\AdwCleaner
2016-10-22 23:57 - 2016-10-23 20:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-10-22 23:57 - 2016-10-22 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-10-22 23:57 - 2016-10-22 23:57 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-10-21 19:22 - 2016-10-21 19:22 - 00177280 _____ C:\Windows\system32\ativce03.dat
2016-10-21 19:22 - 2016-10-21 19:22 - 00175584 _____ C:\Windows\system32\amde31a.dat
2016-10-21 18:00 - 2016-10-21 18:00 - 00166560 _____ C:\Windows\system32\amde34b.dat
2016-10-21 18:00 - 2016-10-21 18:00 - 00166560 _____ C:\Windows\system32\amde34a.dat
2016-10-21 15:11 - 2016-10-21 15:31 - 1970917509 _____ C:\Users\Ondra\Downloads\Teorie.tygra.2016.1080p.WEBRip.XviD.AC3.CZ.mkv
2016-10-20 23:11 - 2016-10-21 02:40 - 1939696254 _____ C:\Users\Ondra\Downloads\Ganster-Ka------cz-2015.avi
2016-10-20 22:34 - 2016-10-20 23:08 - 917744569 _____ C:\Users\Ondra\Downloads\firo896.mkv
2016-10-20 22:30 - 2016-10-20 22:47 - 1430293464 _____ C:\Users\Ondra\Downloads\Ganster-ka-Afričan-cz-dabing.avi
2016-10-20 19:49 - 2016-10-20 19:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-20 19:47 - 2016-10-20 20:01 - 1131028014 _____ C:\Users\Ondra\Downloads\Okresní-přebor-_-Poslední-zápas-Pepika-Hnátka-2012CZ.avi
2016-10-20 17:10 - 2016-10-20 17:10 - 00100832 _____ C:\Windows\system32\ativce02.dat
2016-10-20 16:48 - 2016-10-20 17:06 - 1439502082 _____ C:\Users\Ondra\Downloads\Spotlight---Sledovačka-2015,-CZ-tit.avi
2016-10-20 16:45 - 2016-10-20 16:54 - 786749320 _____ C:\Users\Ondra\Downloads\Danska_divka_-The_Danish_Girl-(2015)CZ.avi
2016-10-18 22:44 - 2016-10-18 22:44 - 00045568 _____ C:\Users\Ondra\Downloads\rozvrh_v_hale_a_tělocv_2016-17_stav_11.10.2016.xls
2016-10-16 09:33 - 2016-10-16 09:33 - 00000000 ____D C:\Program Files\Adware-Removal-Tool
2016-10-14 20:36 - 2016-10-14 20:36 - 00118320 _____ C:\Windows\system32\kapp_ci.sbin
2016-10-12 23:18 - 2015-07-28 16:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-10-12 22:03 - 2016-11-11 10:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-10-12 22:03 - 2016-11-11 10:40 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-10-12 22:03 - 2016-10-12 22:03 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-10-12 22:02 - 2016-10-12 22:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ondra\Downloads\spybot-2.4.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-11 13:49 - 2015-07-09 21:25 - 00000000 ____D C:\Users\Ondra\AppData\Local\Deployment
2016-11-11 13:49 - 2015-01-26 19:26 - 00000000 ____D C:\Users\Ondra\AppData\Local\Google
2016-11-11 13:49 - 2015-01-26 19:26 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-11 13:41 - 2015-01-26 19:43 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-11 10:55 - 2015-01-26 19:02 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3083710393-1039411083-1544633742-1001
2016-11-11 10:51 - 2014-03-18 16:33 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-11 10:51 - 2014-03-18 15:54 - 00738682 _____ C:\Windows\system32\perfh005.dat
2016-11-11 10:51 - 2014-03-18 15:54 - 00151404 _____ C:\Windows\system32\perfc005.dat
2016-11-11 10:51 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-11-11 10:49 - 2016-05-29 19:34 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\Seznam.cz
2016-11-11 10:45 - 2015-01-26 13:46 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\Raptr
2016-11-11 10:44 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-11 10:43 - 2016-08-07 09:18 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-11-11 10:43 - 2015-01-26 19:25 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{817A01EA-6097-4DBA-843A-1B864A6F2B33}
2016-11-11 00:30 - 2016-04-25 19:20 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-11 00:17 - 2016-04-25 19:20 - 00003922 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-11 00:17 - 2015-01-26 19:43 - 00003802 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-11 00:17 - 2015-01-26 19:41 - 00000000 ____D C:\Users\Ondra\AppData\Local\Adobe
2016-11-11 00:17 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-11 00:17 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-10 18:07 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-11-10 18:04 - 2016-05-29 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-10 18:04 - 2016-05-29 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-11-10 18:03 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-08 23:37 - 2015-01-26 12:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-08 23:25 - 2013-08-22 15:44 - 00337768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-08 23:24 - 2015-01-26 18:56 - 00000000 ____D C:\Users\Ondra
2016-11-08 23:24 - 2015-01-26 13:41 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-11-08 19:20 - 2015-06-23 22:02 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-08 19:15 - 2015-05-08 21:58 - 00001944 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-08 19:14 - 2015-04-16 22:06 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-08 00:05 - 2016-10-06 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-11-08 00:05 - 2015-12-03 23:03 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-11-08 00:05 - 2015-10-20 15:21 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-11-08 00:05 - 2015-10-20 15:21 - 00000000 ___SD C:\Windows\system32\GWX
2016-11-08 00:05 - 2015-01-27 21:38 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\GHISLER
2016-11-08 00:05 - 2015-01-26 14:07 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-11-08 00:05 - 2015-01-26 14:07 - 00000000 ____D C:\Windows\system32\appraiser
2016-11-08 00:05 - 2015-01-26 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-11-08 00:05 - 2015-01-26 12:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-11-08 00:05 - 2015-01-26 12:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-11-08 00:05 - 2013-08-22 16:36 - 00000000 __RSD C:\Windows\Media
2016-11-08 00:05 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2016-11-08 00:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2016-11-08 00:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-11-08 00:04 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-08 00:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\registration
2016-11-08 00:02 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Sysprep
2016-11-06 22:37 - 2013-08-22 16:43 - 00000000 ____D C:\Windows\DigitalLocker
2016-11-04 02:16 - 2016-04-04 05:15 - 10977392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2016-11-04 02:16 - 2014-11-21 03:09 - 00124776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2016-11-04 02:16 - 2014-07-21 22:04 - 10959864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2016-11-04 02:16 - 2014-07-21 22:04 - 00170072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2016-11-04 02:15 - 2016-10-05 03:18 - 00892296 _____ (AMD) C:\Windows\system32\coinst_16.40.dll
2016-11-04 02:15 - 2014-11-21 03:09 - 00998280 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2016-11-04 02:15 - 2014-11-21 03:08 - 00175496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2016-11-04 02:15 - 2014-07-21 22:04 - 01559048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2016-11-04 02:14 - 2015-07-16 02:57 - 21640584 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-11-04 02:14 - 2014-11-21 03:32 - 38268808 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-11-04 00:49 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-11-04 00:34 - 2016-10-06 20:12 - 00000000 ____D C:\Users\Ondra\AppData\LocalLow\AMD
2016-11-04 00:31 - 2015-01-26 19:03 - 00000000 ____D C:\Program Files\AMD
2016-11-04 00:30 - 2015-01-26 19:03 - 00000000 ____D C:\AMD
2016-11-03 20:42 - 2015-11-09 23:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-03 07:59 - 2015-04-16 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-11-03 07:59 - 2015-04-16 22:03 - 00000000 ____D C:\Program Files\AVAST Software
2016-11-03 07:59 - 2015-01-27 22:45 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-03 07:59 - 2015-01-26 19:42 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2016-11-03 07:51 - 2015-01-26 13:36 - 00000000 ____D C:\Users\Ondra\AppData\Local\Mozilla
2016-11-03 07:05 - 2016-02-03 19:39 - 00001065 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-11-03 07:05 - 2015-04-16 22:05 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-11-03 07:05 - 2015-04-16 22:05 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-11-03 07:05 - 2015-04-16 22:05 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-11-03 07:04 - 2015-04-16 22:05 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.147815310253110
2016-11-03 07:04 - 2015-04-16 22:05 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.147815310485912
2016-11-03 07:03 - 2015-04-16 22:05 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.147815310062507
2016-10-24 21:23 - 2015-08-19 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-24 21:23 - 2015-08-19 20:06 - 00000000 ____D C:\Program Files\Java
2016-10-24 21:23 - 2015-01-26 19:38 - 00000000 ____D C:\ProgramData\Oracle
2016-10-24 21:22 - 2015-08-19 20:06 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-10-23 20:30 - 2016-02-03 19:37 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-10-23 20:30 - 2015-04-16 22:05 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.147725109082807
2016-10-23 20:30 - 2015-04-16 22:05 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.147725109120310
2016-10-23 20:30 - 2015-04-16 22:05 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.147725109228112
2016-10-23 20:30 - 2015-04-16 22:05 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-10-23 20:30 - 2015-04-16 22:05 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-10-23 20:30 - 2015-04-16 22:05 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-10-23 20:30 - 2015-04-16 22:05 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-10-23 20:30 - 2015-04-16 22:05 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-10-23 20:21 - 2016-08-14 22:21 - 00000000 ____D C:\ProgramData\HandSetService
2016-10-23 20:20 - 2016-08-14 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2016-10-23 20:20 - 2016-08-14 22:21 - 00000000 ____D C:\Program Files (x86)\HiSuite
2016-10-23 20:20 - 2016-03-25 01:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-23 20:20 - 2016-03-25 01:03 - 00000000 ____D C:\Program Files\CCleaner
2016-10-23 20:20 - 2015-07-10 09:23 - 00000000 ____D C:\movies
2016-10-23 20:20 - 2015-01-27 22:55 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\vlc
2016-10-23 20:20 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-10-23 20:17 - 2016-08-14 22:20 - 00000000 ____D C:\Users\Ondra\AppData\Local\Hisuite
2016-10-23 20:16 - 2015-12-03 23:03 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-22 23:57 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-10-22 09:31 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\ModemLogs
2016-10-20 15:48 - 2015-04-19 21:26 - 00000000 ____D C:\Windows\Minidump
2016-10-16 12:22 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2016-10-14 16:20 - 2015-04-29 22:45 - 00000000 ____D C:\Users\Ondra\Downloads\a
2016-10-14 16:17 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness

==================== Files in the root of some directories =======

Some files in TEMP:
====================
C:\Users\Ondra\AppData\Local\Temp\gA162.tmp.exe
C:\Users\Ondra\AppData\Local\Temp\libeay32.dll
C:\Users\Ondra\AppData\Local\Temp\msvcr120.dll
C:\Users\Ondra\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-10 18:18

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (SYSTEM) (Fixed) (Total:119.77 GB) (Free:24.78 GB) NTFS
Drive d: (DATA) (Fixed) (Total:811.39 GB) (Free:472.21 GB) NTFS

Available physical RAM: 5863.36 MB
Total physical RAM: 8156.64 MB
Percentage of memory in use: 28%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 92E5FE1D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=811.4 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Ondra\Desktop" je 1712 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

kladelko · #11 Příspěvek od **kladelko** » 12 lis 2016 13:59

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Ondra (administrator) on ONDRA-PC (11-11-2016 13:53:59)
Running from C:\Users\Ondra\Desktop
Loaded Profiles: Ondra (Available Profiles: Ondra)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Ondra\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [rundll32] => C:\Windows\system32\rundll32.exe "C:\Program Files\TextEnhance\TextEnhance.dll",_
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029064 2016-10-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9044392 2016-11-08] (AVAST Software)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-03-25] (Plays.tv, LLC)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Ondra\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\Run: [Spotify Web Helper] => C:\Users\Ondra\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-09-05] (Spotify Ltd)
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\MountPoints2: {277f2be3-a584-11e4-824e-806e6f6e6963} - "E:\setup.exe"
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\MountPoints2: {632c186c-a735-11e4-825b-fcaa140e8b57} - "H:\setup.exe"
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\MountPoints2: {d8c8005b-5c77-11e6-829b-fcaa140e8b57} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\MountPoints2: {d8c80081-5c77-11e6-829b-fcaa140e8b57} - "F:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-23] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3083710393-1039411083-1544633742-1001] => www.fusker.lv:80
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7F0FCF88-397D-41B8-B8DB-7ECB45A936C6}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {216802DF-3815-4B72-B3FF-A0671838C9BB} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {4425733E-5E13-4D82-9BF7-467E2308A3EA} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {44AB4B62-DE03-401A-A1CB-72005C824131} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {5D3B2134-E3E7-43B4-8978-19455D478CE1} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {75E08126-F883-40DA-97C4-5688BFF174B0} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {7EE61E0C-7AA4-4682-BB01-00D93683D279} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {9AC7E74E-68E1-4891-8628-8EDC7386AF7A} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3083710393-1039411083-1544633742-1001 -> {A7610EDE-C176-4B02-A2AB-9BDF61E5D723} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-24] (Oracle Corporation)
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\PROGRA~2\SPYWAR~1\STINTE~2.DLL => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-03] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-03] (AVAST Software)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://sslvpn.cez.cz/dana-cached/sc/JuniperSetupClient.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: 2usg47ko.default
FF ProfilePath: C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\2usg47ko.default [2016-11-11]
FF NewTab: Mozilla\Firefox\Profiles\2usg47ko.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\2usg47ko.default -> about:home
FF Extension: (Seznam lištička) - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\2usg47ko.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-09-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-08]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2012-03-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\all-gemius.js [2016-04-24]

Chrome:
=======
CHR Profile: C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default [2016-11-11]
CHR Extension: (Prezentace Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-11]
CHR Extension: (Dokumenty Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-11]
CHR Extension: (Disk Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-11]
CHR Extension: (YouTube) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-11]
CHR Extension: (Avast SafePrice) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-11]
CHR Extension: (Tabulky Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-11]
CHR Extension: (Gmail) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-11]
CHR Extension: (Chrome Media Router) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-23] (AVAST Software)
S2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [191688 2016-05-25] () [File not signed]
S3 Origin Client Service; D:\Progsl\Origin\OriginClientService.exe [2104840 2016-02-04] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-03-25] (Plays.tv, LLC)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ST2012_Svc; "C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-10-23] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-10-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-10-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-11-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-11-03] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-10-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-03] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18816 2016-05-25] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R1 NEOFLTR_817_41041; C:\Windows\system32\Drivers\NEOFLTR_817_41041.SYS [108344 2015-12-18] (Pulse Secure, LLC)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2013-08-12] (VIA Technologies, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [295424 2013-08-12] (VIA Technologies, Inc.)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-11 13:53 - 2016-11-11 13:54 - 00024368 _____ C:\Users\Ondra\Desktop\FRST.txt
2016-11-11 13:53 - 2016-11-11 13:53 - 00000000 ____D C:\FRST
2016-11-11 13:52 - 2016-11-11 13:52 - 00112640 _____ (forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe
2016-11-11 13:51 - 2016-11-11 13:51 - 02411520 _____ (Farbar) C:\Users\Ondra\Desktop\FRST64.exe
2016-11-11 13:51 - 2016-11-11 13:51 - 00112640 _____ (forum.viry.cz) C:\Users\Ondra\Downloads\Nepotvrzeno 738277.crdownload
2016-11-11 13:50 - 2016-11-11 13:51 - 02411520 _____ (Farbar) C:\Users\Ondra\Downloads\FRST64.exe
2016-11-11 13:49 - 2016-11-11 13:54 - 00000968 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-11 13:49 - 2016-11-11 13:54 - 00000964 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-11 13:49 - 2016-11-11 13:49 - 00003940 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-11 13:49 - 2016-11-11 13:49 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-11 13:49 - 2016-11-11 13:49 - 00002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-11 13:49 - 2016-11-11 13:49 - 00002285 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-11 10:40 - 2016-11-11 10:43 - 00002334 _____ C:\Windows\wininit.ini
2016-11-11 00:34 - 2016-11-11 00:34 - 00001060 _____ C:\Users\Public\Desktop\Spyware Terminator 2015.lnk
2016-11-11 00:33 - 2016-11-11 00:33 - 01115112 _____ (Crawler Group ) C:\Users\Ondra\Downloads\SpywareTerminatorSetup.exe
2016-11-11 00:25 - 2016-11-11 00:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ondra\Downloads\spybot-2.4 (1).exe
2016-11-10 18:09 - 2016-11-10 18:09 - 00011723 _____ C:\Users\Ondra\Desktop\zoek-results.txt
2016-11-10 18:06 - 2016-11-10 17:48 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-11-10 17:48 - 2016-11-10 18:04 - 00000000 ____D C:\zoek_backup
2016-11-10 17:48 - 2016-11-10 17:48 - 01309184 _____ C:\Users\Ondra\Downloads\zoek.exe
2016-11-10 17:48 - 2016-11-10 17:48 - 01309184 _____ C:\Users\Ondra\Desktop\zoek.exe
2016-11-10 17:45 - 2016-11-10 17:44 - 01631928 _____ (Malwarebytes) C:\Users\Ondra\Desktop\JRT.exe
2016-11-10 17:44 - 2016-11-10 17:44 - 01631928 _____ (Malwarebytes) C:\Users\Ondra\Downloads\JRT.exe
2016-11-09 23:29 - 2016-11-09 23:29 - 00001147 _____ C:\Users\Ondra\Desktop\mbam1.txt
2016-11-09 22:42 - 2016-11-09 22:42 - 00000000 _____ C:\Users\Ondra\Desktop\Nový textový dokument.txt
2016-11-09 19:37 - 2016-11-09 19:37 - 00001277 _____ C:\Users\Ondra\Desktop\mbam.txt
2016-11-09 16:35 - 2016-11-09 21:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-09 16:34 - 2016-11-09 16:34 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-09 16:34 - 2016-11-09 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-09 16:34 - 2016-11-09 16:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-09 16:34 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-09 16:34 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-09 16:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-09 16:33 - 2016-11-09 19:25 - 00001509 _____ C:\Users\Ondra\Desktop\AdwCleaner[C3].txt
2016-11-09 16:33 - 2016-11-09 16:40 - 00888832 _____ (Malwarebytes ) C:\Users\Ondra\Downloads\Nepotvrzeno 81265.crdownload
2016-11-09 16:24 - 2016-11-09 16:24 - 03910208 _____ C:\Users\Ondra\Downloads\adwcleaner_6.030.exe
2016-11-09 16:24 - 2016-11-09 16:24 - 03910208 _____ C:\Users\Ondra\Desktop\adwcleaner_6.030.exe
2016-11-09 16:23 - 2016-11-09 16:25 - 03037292 _____ C:\Users\Ondra\Downloads\Nepotvrzeno 915671.crdownload
2016-11-08 23:46 - 2016-11-11 00:15 - 00000000 ____D C:\Users\Ondra\AppData\Local\CrashDumps
2016-11-08 23:18 - 2016-11-08 23:27 - 00000000 ____D C:\Program Files\trend micro
2016-11-08 23:18 - 2016-11-08 23:23 - 00000000 ____D C:\rsit
2016-11-08 23:17 - 2016-11-08 23:17 - 01323520 _____ C:\Users\Ondra\Downloads\RSITx64.exe
2016-11-08 23:16 - 2016-11-08 23:38 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-08 23:16 - 2016-11-08 23:16 - 00000876 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-11-08 23:16 - 2016-11-08 23:16 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-08 23:16 - 2016-11-08 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-08 23:16 - 2016-11-08 23:16 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-08 23:15 - 2016-11-08 23:16 - 34114800 _____ (Adlice Software ) C:\Users\Ondra\Downloads\setup.exe
2016-11-08 19:13 - 2016-10-23 20:30 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-11-07 23:17 - 2016-11-07 23:17 - 00000000 _____ C:\Recovery.txt
2016-11-07 18:49 - 2016-11-11 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2016-11-07 18:49 - 2016-11-07 23:37 - 00000000 ____D C:\Users\Ondra\AppData\LocalLow\Spyware Terminator
2016-11-07 17:05 - 2016-11-07 17:05 - 00000000 _____ C:\autoexec.bat
2016-11-06 23:09 - 2016-11-08 00:05 - 00000000 ____D C:\Program Files\BDServices
2016-11-04 22:44 - 2016-11-04 22:44 - 03910208 _____ C:\Users\Ondra\Downloads\AdwCleaner.exe
2016-11-04 22:38 - 2016-11-04 22:38 - 00000000 _____ C:\Users\Ondra\Downloads\iExplore_exe.gi5f6k4.partial
2016-11-04 20:34 - 2016-11-04 00:44 - 00002310 _____ C:\Users\Ondra\Desktop\Rkill.txt
2016-11-04 02:16 - 2016-11-04 02:16 - 09981352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 09926536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 09111520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 08847888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 08065928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 07213248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 02481032 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 02163592 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00462080 _____ C:\Windows\system32\amdmiracast.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00281992 _____ C:\Windows\system32\dgtrayicon.exe
2016-11-04 02:16 - 2016-11-04 02:16 - 00275336 _____ C:\Windows\system32\GameManager64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00240008 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00155016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00145400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00139720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00136584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00134536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00123776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00117640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00059784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00020360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2016-11-04 02:16 - 2016-11-04 02:16 - 00020360 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 48824712 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 15728008 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 14318984 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 09311624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 07363976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 01333128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 01279400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00998280 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00842120 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00677256 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00525704 _____ (AMD) C:\Windows\system32\atieclxx.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00520072 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2016-11-04 02:15 - 2016-11-04 02:15 - 00458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00402312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00305544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2016-11-04 02:15 - 2016-11-04 02:15 - 00289160 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00286600 _____ (AMD) C:\Windows\system32\atitmm64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00269192 _____ C:\Windows\system32\clinfo.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00267656 _____ C:\Windows\system32\hsa-thunk64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00248200 _____ C:\Windows\system32\amdgfxinfo64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00233352 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00230280 _____ C:\Windows\system32\atieah64.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00221064 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00208264 _____ C:\Windows\SysWOW64\atieah32.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00201608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00160136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00129416 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00122760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00112520 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00110472 _____ (AMD) C:\Windows\system32\atimuixx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00108936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00103304 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00082824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00078728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00072072 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00068488 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2016-11-04 02:15 - 2016-11-04 02:15 - 00066952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00066440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00065416 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2016-11-04 02:15 - 2016-11-04 02:15 - 00054664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2016-11-04 02:14 - 2016-11-04 02:14 - 33241992 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2016-11-04 02:14 - 2016-11-04 02:14 - 27489672 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-11-04 02:14 - 2016-11-04 02:14 - 27292040 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2016-11-04 02:14 - 2016-11-04 02:14 - 00200584 _____ C:\Windows\system32\amdhdl64.dll
2016-11-04 02:14 - 2016-11-04 02:14 - 00180616 _____ C:\Windows\SysWOW64\amdhdl32.dll
2016-11-04 02:13 - 2016-11-04 02:13 - 26558976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2016-11-04 01:47 - 2016-11-04 01:47 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2016-11-04 01:43 - 2016-11-04 01:43 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2016-11-04 01:23 - 2016-11-04 01:23 - 00759128 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-11-04 01:23 - 2016-11-04 01:23 - 00759128 _____ C:\Windows\system32\atiapfxx.blb
2016-11-04 00:32 - 2016-11-08 00:01 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-11-03 07:05 - 2016-11-08 19:20 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1478153121
2016-11-03 07:05 - 2016-11-03 07:05 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\AVAST Software
2016-10-31 23:22 - 2016-10-31 23:22 - 00000000 ____D C:\Users\Ondra\AppData\LocalLow\F-Secure
2016-10-31 23:15 - 2016-11-03 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure
2016-10-31 23:15 - 2016-10-31 23:15 - 00000000 ____D C:\Program Files (x86)\F-Secure
2016-10-28 01:11 - 2016-10-28 01:11 - 00001874 _____ C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2016-10-26 22:21 - 2016-11-03 07:51 - 00000000 ____D C:\ProgramData\F-Secure
2016-10-26 22:21 - 2016-10-31 23:35 - 00000000 ____D C:\Users\Ondra\AppData\Local\F-Secure
2016-10-26 22:21 - 2016-10-26 22:21 - 00863712 _____ (F-Secure Corporation) C:\Users\Ondra\Downloads\F-Secure-Safe-Network-Installer.exe
2016-10-23 20:30 - 2016-10-23 20:30 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-10-23 20:26 - 2016-11-08 19:20 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 1 Browser.lnk
2016-10-23 20:26 - 2016-10-25 15:57 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1477250763
2016-10-23 00:49 - 2016-11-10 17:48 - 00000553 _____ C:\Users\Ondra\Desktop\JRT.txt
2016-10-23 00:41 - 2016-11-11 00:29 - 00000000 ____D C:\AdwCleaner
2016-10-22 23:57 - 2016-10-23 20:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-10-22 23:57 - 2016-10-22 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-10-22 23:57 - 2016-10-22 23:57 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-10-21 19:22 - 2016-10-21 19:22 - 00177280 _____ C:\Windows\system32\ativce03.dat
2016-10-21 19:22 - 2016-10-21 19:22 - 00175584 _____ C:\Windows\system32\amde31a.dat
2016-10-21 18:00 - 2016-10-21 18:00 - 00166560 _____ C:\Windows\system32\amde34b.dat
2016-10-21 18:00 - 2016-10-21 18:00 - 00166560 _____ C:\Windows\system32\amde34a.dat
2016-10-21 15:11 - 2016-10-21 15:31 - 1970917509 _____ C:\Users\Ondra\Downloads\Teorie.tygra.2016.1080p.WEBRip.XviD.AC3.CZ.mkv
2016-10-20 23:11 - 2016-10-21 02:40 - 1939696254 _____ C:\Users\Ondra\Downloads\Ganster-Ka------cz-2015.avi
2016-10-20 22:34 - 2016-10-20 23:08 - 917744569 _____ C:\Users\Ondra\Downloads\firo896.mkv
2016-10-20 22:30 - 2016-10-20 22:47 - 1430293464 _____ C:\Users\Ondra\Downloads\Ganster-ka-Afričan-cz-dabing.avi
2016-10-20 19:49 - 2016-10-20 19:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-20 19:47 - 2016-10-20 20:01 - 1131028014 _____ C:\Users\Ondra\Downloads\Okresní-přebor-_-Poslední-zápas-Pepika-Hnátka-2012CZ.avi
2016-10-20 17:10 - 2016-10-20 17:10 - 00100832 _____ C:\Windows\system32\ativce02.dat
2016-10-20 16:48 - 2016-10-20 17:06 - 1439502082 _____ C:\Users\Ondra\Downloads\Spotlight---Sledovačka-2015,-CZ-tit.avi
2016-10-20 16:45 - 2016-10-20 16:54 - 786749320 _____ C:\Users\Ondra\Downloads\Danska_divka_-The_Danish_Girl-(2015)CZ.avi
2016-10-18 22:44 - 2016-10-18 22:44 - 00045568 _____ C:\Users\Ondra\Downloads\rozvrh_v_hale_a_tělocv_2016-17_stav_11.10.2016.xls
2016-10-16 09:33 - 2016-10-16 09:33 - 00000000 ____D C:\Program Files\Adware-Removal-Tool
2016-10-14 20:36 - 2016-10-14 20:36 - 00118320 _____ C:\Windows\system32\kapp_ci.sbin
2016-10-12 23:18 - 2015-07-28 16:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-10-12 22:03 - 2016-11-11 10:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-10-12 22:03 - 2016-11-11 10:40 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-10-12 22:03 - 2016-10-12 22:03 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-10-12 22:02 - 2016-10-12 22:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ondra\Downloads\spybot-2.4.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-11 13:49 - 2015-07-09 21:25 - 00000000 ____D C:\Users\Ondra\AppData\Local\Deployment
2016-11-11 13:49 - 2015-01-26 19:26 - 00000000 ____D C:\Users\Ondra\AppData\Local\Google
2016-11-11 13:49 - 2015-01-26 19:26 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-11 13:41 - 2015-01-26 19:43 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-11 10:55 - 2015-01-26 19:02 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3083710393-1039411083-1544633742-1001
2016-11-11 10:51 - 2014-03-18 16:33 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-11 10:51 - 2014-03-18 15:54 - 00738682 _____ C:\Windows\system32\perfh005.dat
2016-11-11 10:51 - 2014-03-18 15:54 - 00151404 _____ C:\Windows\system32\perfc005.dat
2016-11-11 10:51 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-11-11 10:49 - 2016-05-29 19:34 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\Seznam.cz
2016-11-11 10:45 - 2015-01-26 13:46 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\Raptr
2016-11-11 10:44 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-11 10:43 - 2016-08-07 09:18 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-11-11 10:43 - 2015-01-26 19:25 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{817A01EA-6097-4DBA-843A-1B864A6F2B33}
2016-11-11 00:30 - 2016-04-25 19:20 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-11 00:17 - 2016-04-25 19:20 - 00003922 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-11 00:17 - 2015-01-26 19:43 - 00003802 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-11 00:17 - 2015-01-26 19:41 - 00000000 ____D C:\Users\Ondra\AppData\Local\Adobe
2016-11-11 00:17 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-11 00:17 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-10 18:07 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-11-10 18:04 - 2016-05-29 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-10 18:04 - 2016-05-29 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-11-10 18:03 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-08 23:37 - 2015-01-26 12:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-08 23:25 - 2013-08-22 15:44 - 00337768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-08 23:24 - 2015-01-26 18:56 - 00000000 ____D C:\Users\Ondra
2016-11-08 23:24 - 2015-01-26 13:41 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-11-08 19:20 - 2015-06-23 22:02 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-08 19:15 - 2015-05-08 21:58 - 00001944 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-08 19:14 - 2015-04-16 22:06 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-08 00:05 - 2016-10-06 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-11-08 00:05 - 2015-12-03 23:03 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-11-08 00:05 - 2015-10-20 15:21 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-11-08 00:05 - 2015-10-20 15:21 - 00000000 ___SD C:\Windows\system32\GWX
2016-11-08 00:05 - 2015-01-27 21:38 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\GHISLER
2016-11-08 00:05 - 2015-01-26 14:07 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-11-08 00:05 - 2015-01-26 14:07 - 00000000 ____D C:\Windows\system32\appraiser
2016-11-08 00:05 - 2015-01-26 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-11-08 00:05 - 2015-01-26 12:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-11-08 00:05 - 2015-01-26 12:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-11-08 00:05 - 2013-08-22 16:36 - 00000000 __RSD C:\Windows\Media
2016-11-08 00:05 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2016-11-08 00:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2016-11-08 00:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-11-08 00:04 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-08 00:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\registration
2016-11-08 00:02 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Sysprep
2016-11-06 22:37 - 2013-08-22 16:43 - 00000000 ____D C:\Windows\DigitalLocker
2016-11-04 02:16 - 2016-04-04 05:15 - 10977392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2016-11-04 02:16 - 2014-11-21 03:09 - 00124776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2016-11-04 02:16 - 2014-07-21 22:04 - 10959864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2016-11-04 02:16 - 2014-07-21 22:04 - 00170072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2016-11-04 02:15 - 2016-10-05 03:18 - 00892296 _____ (AMD) C:\Windows\system32\coinst_16.40.dll
2016-11-04 02:15 - 2014-11-21 03:09 - 00998280 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2016-11-04 02:15 - 2014-11-21 03:08 - 00175496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2016-11-04 02:15 - 2014-07-21 22:04 - 01559048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2016-11-04 02:14 - 2015-07-16 02:57 - 21640584 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-11-04 02:14 - 2014-11-21 03:32 - 38268808 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-11-04 00:49 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-11-04 00:34 - 2016-10-06 20:12 - 00000000 ____D C:\Users\Ondra\AppData\LocalLow\AMD
2016-11-04 00:31 - 2015-01-26 19:03 - 00000000 ____D C:\Program Files\AMD
2016-11-04 00:30 - 2015-01-26 19:03 - 00000000 ____D C:\AMD
2016-11-03 20:42 - 2015-11-09 23:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-03 07:59 - 2015-04-16 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-11-03 07:59 - 2015-04-16 22:03 - 00000000 ____D C:\Program Files\AVAST Software
2016-11-03 07:59 - 2015-01-27 22:45 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-03 07:59 - 2015-01-26 19:42 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2016-11-03 07:51 - 2015-01-26 13:36 - 00000000 ____D C:\Users\Ondra\AppData\Local\Mozilla
2016-11-03 07:05 - 2016-02-03 19:39 - 00001065 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-11-03 07:05 - 2015-04-16 22:05 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-11-03 07:05 - 2015-04-16 22:05 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-11-03 07:05 - 2015-04-16 22:05 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-11-03 07:04 - 2015-04-16 22:05 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.147815310253110
2016-11-03 07:04 - 2015-04-16 22:05 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.147815310485912
2016-11-03 07:03 - 2015-04-16 22:05 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.147815310062507
2016-10-24 21:23 - 2015-08-19 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-24 21:23 - 2015-08-19 20:06 - 00000000 ____D C:\Program Files\Java
2016-10-24 21:23 - 2015-01-26 19:38 - 00000000 ____D C:\ProgramData\Oracle
2016-10-24 21:22 - 2015-08-19 20:06 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-10-23 20:30 - 2016-02-03 19:37 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-10-23 20:30 - 2015-04-16 22:05 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.147725109082807
2016-10-23 20:30 - 2015-04-16 22:05 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.147725109120310
2016-10-23 20:30 - 2015-04-16 22:05 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.147725109228112
2016-10-23 20:30 - 2015-04-16 22:05 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-10-23 20:30 - 2015-04-16 22:05 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-10-23 20:30 - 2015-04-16 22:05 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-10-23 20:30 - 2015-04-16 22:05 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-10-23 20:30 - 2015-04-16 22:05 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-10-23 20:21 - 2016-08-14 22:21 - 00000000 ____D C:\ProgramData\HandSetService
2016-10-23 20:20 - 2016-08-14 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2016-10-23 20:20 - 2016-08-14 22:21 - 00000000 ____D C:\Program Files (x86)\HiSuite
2016-10-23 20:20 - 2016-03-25 01:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-23 20:20 - 2016-03-25 01:03 - 00000000 ____D C:\Program Files\CCleaner
2016-10-23 20:20 - 2015-07-10 09:23 - 00000000 ____D C:\movies
2016-10-23 20:20 - 2015-01-27 22:55 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\vlc
2016-10-23 20:20 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-10-23 20:17 - 2016-08-14 22:20 - 00000000 ____D C:\Users\Ondra\AppData\Local\Hisuite
2016-10-23 20:16 - 2015-12-03 23:03 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-22 23:57 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-10-22 09:31 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\ModemLogs
2016-10-20 15:48 - 2015-04-19 21:26 - 00000000 ____D C:\Windows\Minidump
2016-10-16 12:22 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2016-10-14 16:20 - 2015-04-29 22:45 - 00000000 ____D C:\Users\Ondra\Downloads\a
2016-10-14 16:17 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness

==================== Files in the root of some directories =======

Some files in TEMP:
====================
C:\Users\Ondra\AppData\Local\Temp\gA162.tmp.exe
C:\Users\Ondra\AppData\Local\Temp\libeay32.dll
C:\Users\Ondra\AppData\Local\Temp\msvcr120.dll
C:\Users\Ondra\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-10 18:18

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (SYSTEM) (Fixed) (Total:119.77 GB) (Free:24.78 GB) NTFS
Drive d: (DATA) (Fixed) (Total:811.39 GB) (Free:472.21 GB) NTFS

Available physical RAM: 5863.36 MB
Total physical RAM: 8156.64 MB
Percentage of memory in use: 28%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 92E5FE1D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=811.4 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Ondra\Desktop" je 1712 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#12 Příspěvek od **Márty84** » 12 lis 2016 17:23

Odinstalujte Spyware Terminatora, muze byt v kolizi s Avastem.

Pokud nepouzivate, odinstalujte Seznam Software.

Dal jste dva stejne logy, dejte sem jeste ten druhy, co FRST vytvoril

kladelko · #13 Příspěvek od **kladelko** » 12 lis 2016 20:03

Spyware Terminator a Seznam software odinstalovány, níže posílám druhý log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Ondra (11-11-2016 13:54:33)
Running from C:\Users\Ondra\Desktop
Windows 8.1 (Update) (X64) (2015-01-26 17:56:15)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3083710393-1039411083-1544633742-500 - Administrator - Disabled)
Guest (S-1-5-21-3083710393-1039411083-1544633742-501 - Limited - Disabled)
Ondra (S-1-5-21-3083710393-1039411083-1544633742-1001 - Administrator - Enabled) => C:\Users\Ondra

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Botanicula (HKLM-x32\...\GOGPACKBOTANICULA_is1) (Version: 2.0.0.9 - GOG.com)
Call of Juarez Gunslinger (HKLM\...\Steam App 204450) (Version: - Techland)
Call of Juarez® Gunslinger Czech (HKLM-x32\...\{C68D6AF3-D89B-4FA2-A13F-034758AB42BD}_is1) (Version: - )
Catalyst Control Center Next Localization BR (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Dream Pinball 3D (HKLM-x32\...\Dream Pinball 3D) (Version: 1.00 - TopWare Interactive Inc.)
Dying Light (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
Everybodys Gone to the Rapture (HKLM-x32\...\Everybodys Gone to the Rapture_is1) (Version: - )
Firewatch (HKLM-x32\...\Firewatch_is1) (Version: - )
Firewatch version 1.2 (HKLM-x32\...\{37D1CEB1-9427-4128-AABB-F07B7C14957D}_is1) (Version: 1.2 - CODEX)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version: - Team Bondi)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 cs)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.9.0-r111025-release - Plays.tv, LLC)
Pulse Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 8.1.7.41041 - Pulse Secure, LLC)
Pulse Secure Citrix Services Client (HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\Juniper_Citrix_Services) (Version: 8.1.7.41041 - Pulse Secure, LLC)
Pulse Secure Setup Client (HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\Juniper_Setup_Client) (Version: 8.1.7.61533 - Pulse Secure, LLC)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Rayman Origins (HKLM-x32\...\Uplay Install 80) (Version: - Ubisoft)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
RogueKiller verze 12.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.0.0 - Adlice Software)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SDÍLEJ.CZ Manager (HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\69f070f18ade444c) (Version: 0.0.1.42 - SDÍLEJ.CZ)
Seznam Software (HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\SeznamInstall) (Version: - Seznam.cz)
Spotify (HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\{0F659036-14C7-4622-9505-35A0DC93526A}) (Version: 6.1.3.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{C0B7EDBE-72FF-4ECA-A565-0858FCEE6797}) (Version: 6.1.6.0 - Husdawg, LLC)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft)
The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version: - )
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51 - Ghisler Software GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 19.1 - Ubisoft)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-3) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {131509BB-CF04-4A3A-9A94-116DEF2C3631} - System32\Tasks\SafeZone scheduled Autoupdate 1478153121 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {16ABE0D5-5934-42EF-9986-83BE5D085ECE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {24F867E1-629E-494D-A669-A7B4E2470AAC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-11] (Adobe Systems Incorporated)
Task: {287ED299-07B9-4DA1-A290-1CEFBB006B8D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-11] (Adobe Systems Incorporated)
Task: {46178938-5791-406E-8BE5-DF0B225C99F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-11] (Google Inc.)
Task: {5D912AF5-DDE5-49C2-8603-FC3197B06F14} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {7E590461-405C-470E-A74D-BEDC48D86E87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-11] (Google Inc.)
Task: {8CFF1F15-7FE7-4177-B4E8-47E74615FA97} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {C4C9F2B0-9166-4F44-8936-CFCD3B7E473C} - System32\Tasks\SafeZone scheduled Autoupdate 1454524757 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {C97CB153-F49A-430A-9737-2BC2E5293D47} - System32\Tasks\SafeZone scheduled Autoupdate 1477250763 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {EECB27A2-C25F-46BC-837F-831CB636FACF} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-11-03] (Advanced Micro Devices, Inc.)
Task: {FB3BB1D6-D00C-4F30-962F-3A44837D6742} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-23] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-29 19:34 - 2015-05-26 12:35 - 00079872 _____ () C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\6060libfoxloader-x64.dll
2015-07-15 20:39 - 2015-07-15 20:39 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-07-15 20:38 - 2015-07-15 20:38 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-26 13:07 - 2012-11-14 08:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-01-26 13:06 - 2012-11-14 08:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2016-09-18 09:20 - 2015-05-11 14:18 - 02705920 _____ () C:\Program Files\TextEnhance\TextEnhance.dll
2016-09-13 20:51 - 2016-09-13 20:51 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 20:51 - 2016-09-13 20:51 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 20:51 - 2016-09-13 20:51 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 20:51 - 2016-09-13 20:51 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 20:48 - 2016-09-13 20:48 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 20:48 - 2016-09-13 20:48 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-04-15 19:07 - 2016-04-15 19:07 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-05-29 19:34 - 2015-05-26 12:38 - 00457384 _____ () C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2016-05-29 19:34 - 2015-05-26 12:36 - 00073896 _____ () C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2016-05-29 19:34 - 2015-05-26 12:36 - 02483912 _____ () C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\libfoxcub-x64.dll
2016-11-10 18:11 - 2016-11-11 10:47 - 05111808 _____ () C:\Users\Ondra\AppData\Local\Temp\gE812.tmp
2016-11-11 13:49 - 2016-11-08 22:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-11 13:49 - 2016-11-08 22:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-10-23 20:30 - 2016-10-23 20:30 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-11 00:12 - 2016-11-11 00:12 - 03130832 _____ () C:\Program Files\AVAST Software\Avast\defs\16111100\algo.dll
2016-10-23 20:30 - 2016-10-23 20:30 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-11 13:52 - 2016-11-11 13:52 - 03130832 _____ () C:\Program Files\AVAST Software\Avast\defs\16111200\algo.dll
2015-11-24 21:48 - 2015-11-24 21:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 21:46 - 2015-11-24 21:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 21:48 - 2015-11-24 21:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 21:48 - 2015-11-24 21:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 21:43 - 2015-11-24 21:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 21:48 - 2015-11-24 21:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 21:48 - 2015-11-24 21:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 21:48 - 2015-11-24 21:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 21:43 - 2015-11-24 21:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 21:43 - 2015-11-24 21:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 21:43 - 2015-11-24 21:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 21:46 - 2015-11-24 21:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 21:48 - 2015-11-24 21:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 21:47 - 2015-11-24 21:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 21:57 - 2015-12-07 21:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 21:47 - 2015-11-24 21:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 21:47 - 2015-11-24 21:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 21:47 - 2015-11-24 21:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 21:43 - 2015-11-24 21:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2016-05-29 19:34 - 2015-05-26 12:37 - 00078504 _____ () C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\6056libfoxloader.dll
2016-05-29 19:34 - 2015-05-26 12:38 - 00862888 _____ () C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2016-05-29 19:34 - 2015-05-26 12:39 - 01778376 _____ () C:\Users\Ondra\AppData\Roaming\Seznam.cz\bin\libfoxcub.dll
2016-10-23 20:30 - 2016-10-23 20:30 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-21 21:29 - 2015-10-21 21:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-21 21:29 - 2015-10-21 21:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd
2015-06-27 00:09 - 2015-06-27 00:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-19 18:08 - 2016-04-19 18:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2016-11-10 18:11 - 2016-11-11 10:47 - 06428160 _____ () C:\Users\Ondra\AppData\Local\Temp\gA019.tmp

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-11-10 17:50 - 00000753 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3083710393-1039411083-1544633742-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{560CA221-25B1-48C5-8645-4CFF6186532D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{142CBB65-3AD6-4A3F-8993-76F44BBC960A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{82BC5AEF-4332-4981-AC23-31F25C3C6146}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0C13ED5A-4715-4FA2-9988-57319AED328A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DE32C883-008D-4047-9C26-4F6512DC33F9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7FBF3A02-1EB4-42E7-BA53-74FEB1652DE8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3BEFB1F2-2131-46B2-8E6A-3F5645DF447A}] => (Allow) D:\Games\steamapps\common\L.A.Noire\LANLauncher.exe
FirewallRules: [{7B8E41AF-72CB-436D-B2DA-54F425304D3A}] => (Allow) D:\Games\steamapps\common\L.A.Noire\LANLauncher.exe
FirewallRules: [{88B4CCE7-678D-45D3-A9A5-5FEEA3C9A965}] => (Allow) D:\Games\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{D0813D43-D831-40DA-85CA-2BCCA3A556D1}] => (Allow) D:\Games\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [TCP Query User{A5BDFC5D-487A-43B2-AA3E-589F33A7A872}D:\games\gta5\gta5.exe] => (Allow) D:\games\gta5\gta5.exe
FirewallRules: [UDP Query User{E342F207-BAC6-451C-A7C3-CBCCF296FF30}D:\games\gta5\gta5.exe] => (Allow) D:\games\gta5\gta5.exe
FirewallRules: [TCP Query User{C43CB602-740D-44AA-A225-7ED515675204}C:\users\ondra\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ondra\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{C0857FA4-8F6E-40CD-8C7C-CB511FE5460A}C:\users\ondra\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ondra\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{DC7B5C83-5333-493A-B0BB-094DDB54558C}C:\users\ondra\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ondra\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0E0B53E2-6553-4241-B262-9C040AF46464}C:\users\ondra\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ondra\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{ACD5696A-145A-40A6-9001-9B15202294CD}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [{2826A7F8-223B-4990-BE94-DA63D3A23AA4}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [{063EAC9B-54C1-46F5-B73B-EBD3631471E1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C48AB69D-174B-4D28-BBB8-B1B91B3DA2E6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{97EA3252-82E2-407C-8AD2-739A7BEC6A44}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{170F53A7-A6B7-41C7-89F6-370578E8A7F8}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{58341448-CD61-40DD-A3C4-82D2B8CABC86}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A120FA7C-66B3-473D-A3E8-2B90AA56F030}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A13FF54F-AB00-4D61-958A-E22B8E519C64}] => (Allow) D:\Games\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe
FirewallRules: [{02651FA4-9A42-4A6F-B631-575F7D92B026}] => (Allow) D:\Games\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe
FirewallRules: [TCP Query User{33C094CD-C4F0-4088-A7A3-089CF0C1B25B}D:\games\gta5\gta5.exe] => (Allow) D:\games\gta5\gta5.exe
FirewallRules: [UDP Query User{354E8343-6312-4B05-90E8-4BDCE091C4EE}D:\games\gta5\gta5.exe] => (Allow) D:\games\gta5\gta5.exe
FirewallRules: [{52B2A401-3A4C-4A5D-A173-8017025EE88A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{3A43A138-5275-4ECA-A9F3-F68BFA6E2B33}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{BDEA1F65-6C18-4629-87EF-099C456640F9}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{C081A9A2-7D43-4613-B765-CA52B594A784}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{9E114C74-CD33-490A-B61C-DDD3A87760F2}C:\users\ondra\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ondra\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5CEAC5FB-407C-4898-9DFD-8F6D3DEC0F21}C:\users\ondra\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ondra\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{73E75066-0AD4-4FB9-B559-9772B1DD4C89}C:\users\ondra\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ondra\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{43DF46EE-B36F-4000-8D45-64685D72E569}C:\users\ondra\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ondra\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F58E7FA7-F556-4D2C-A884-C90F643A2833}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{DAD456F8-8CFD-4A73-8DF7-75CFC09A10F7}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{97333B07-C036-4F4C-9E22-BF1893800931}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [TCP Query User{843FB077-5173-4702-9E08-9FCCD6EA2F0B}D:\games\everybodys gone to the rapture\bin64\rapture_release.exe] => (Allow) D:\games\everybodys gone to the rapture\bin64\rapture_release.exe
FirewallRules: [UDP Query User{1F470550-B445-46BA-9DB1-24979300A6E1}D:\games\everybodys gone to the rapture\bin64\rapture_release.exe] => (Allow) D:\games\everybodys gone to the rapture\bin64\rapture_release.exe
FirewallRules: [{E31E3217-E5C2-4084-A575-EC73FBEF80BF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D58D44BC-DC14-40F7-859A-61530BB94C89}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{605D06E3-C3A0-4D52-8C87-5E9A41C6289F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{3E4C04E1-7890-4D6F-8A4B-E634C1439D86}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{AAD038BC-8E41-4DF5-A9E4-57F45EAD34FE}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{7831B9C7-72D6-42EB-9494-CDA0AF742407}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{13F5BE31-829C-4065-9228-7DB59C205931}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{C3FDD958-48A1-41DC-B5FE-B5C060C63A3B}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{B8446E14-E680-4463-AC35-4203AD6B618B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-11-2016 19:32:07 Naplánovaný kontrolní bod
10-11-2016 17:45:15 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2016 10:44:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HuaweiHiSuiteService64.exe, verze: 2.0.0.42, časové razítko: 0x572975ed
Název chybujícího modulu: HuaweiHiSuiteService64.exe, verze: 2.0.0.42, časové razítko: 0x572975ed
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000381d
ID chybujícího procesu: 0x7b4
Čas spuštění chybující aplikace: 0x01d23c00344c31e9
Cesta k chybující aplikaci: C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
Cesta k chybujícímu modulu: C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
ID zprávy: 7c77b746-a7f3-11e6-82bc-fcaa140e8b57
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/11/2016 12:31:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HuaweiHiSuiteService64.exe, verze: 2.0.0.42, časové razítko: 0x572975ed
Název chybujícího modulu: HuaweiHiSuiteService64.exe, verze: 2.0.0.42, časové razítko: 0x572975ed
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000381d
ID chybujícího procesu: 0x850
Čas spuštění chybující aplikace: 0x01d23baa7dfb4a8a
Cesta k chybující aplikaci: C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
Cesta k chybujícímu modulu: C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
ID zprávy: c6305b42-a79d-11e6-82bb-fcaa140e8b57
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/11/2016 12:15:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IEXPLORE.EXE, verze: 11.0.9600.18124, časové razítko: 0x5641278d
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc000041d
Posun chyby: 0x0d0ac520
ID chybujícího procesu: 0x1298
Čas spuštění chybující aplikace: 0x01d23b8345250d58
Cesta k chybující aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Cesta k chybujícímu modulu: unknown
ID zprávy: 8ec2b9b0-a79b-11e6-82ba-fcaa140e8b57
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/11/2016 12:15:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IEXPLORE.EXE, verze: 11.0.9600.18124, časové razítko: 0x5641278d
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0d0ac520
ID chybujícího procesu: 0x1298
Čas spuštění chybující aplikace: 0x01d23b8345250d58
Cesta k chybující aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Cesta k chybujícímu modulu: unknown
ID zprávy: 8cacaaab-a79b-11e6-82ba-fcaa140e8b57
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/10/2016 07:51:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: chrome.exe, verze: 54.0.2840.99, časové razítko: 0x582209d1
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.18438, časové razítko: 0x57ae642e
Kód výjimky: 0xc0000135
Posun chyby: 0x00000000000ecdd0
ID chybujícího procesu: 0x1424
Čas spuštění chybující aplikace: 0x01d23b8371059c67
Cesta k chybující aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Cesta k chybujícímu modulu: KERNELBASE.dll
ID zprávy: aedca2ef-a776-11e6-82ba-fcaa140e8b57
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/10/2016 06:08:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HuaweiHiSuiteService64.exe, verze: 2.0.0.42, časové razítko: 0x572975ed
Název chybujícího modulu: HuaweiHiSuiteService64.exe, verze: 2.0.0.42, časové razítko: 0x572975ed
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000381d
ID chybujícího procesu: 0x5f8
Čas spuštění chybující aplikace: 0x01d23b74ffef1f25
Cesta k chybující aplikaci: C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
Cesta k chybujícímu modulu: C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
ID zprávy: 452b9f0b-a768-11e6-82ba-fcaa140e8b57
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/10/2016 06:07:02 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (11/10/2016 06:06:56 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (11/10/2016 05:50:01 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (11/10/2016 05:46:11 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

System errors:
=============
Error: (11/11/2016 10:56:08 AM) (Source: DCOM) (EventID: 10010) (User: Ondra-PC)
Description: Server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/11/2016 10:55:38 AM) (Source: DCOM) (EventID: 10010) (User: Ondra-PC)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/11/2016 10:44:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HuaweiHiSuiteService64.exe byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/11/2016 10:44:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Spyware Terminator 2015 Realtime Shield Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/11/2016 10:43:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Superfetch byla ukončena s následující chybou:
Služba nebyla spuštěna.

Error: (11/11/2016 10:40:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Spyware Terminator 2015 Realtime Shield Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/11/2016 12:31:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HuaweiHiSuiteService64.exe byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/11/2016 12:29:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Spybot-S&D 2 Updating Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (11/11/2016 12:29:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Spybot-S&D 2 Security Center Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (11/11/2016 12:29:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

CodeIntegrity:
===================================
Date: 2015-03-25 20:52:14.776
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-25 20:52:14.570
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-25 20:52:14.358
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-25 20:52:14.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-25 20:52:13.938
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-25 20:52:13.719
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-25 20:52:13.501
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-25 20:52:13.272
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-25 20:52:13.068
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-25 20:52:12.865
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 8156.64 MB
Available physical RAM: 5863.36 MB
Total Virtual: 9756.64 MB
Available Virtual: 6729.2 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:119.77 GB) (Free:24.78 GB) NTFS
Drive d: (DATA) (Fixed) (Total:811.39 GB) (Free:472.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 92E5FE1D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=811.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#14 Příspěvek od **Márty84** » 13 lis 2016 09:56

Vypnete antivir, at nebrani programu v praci.

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
@C:\Windows\system32\rundll32.exe "C:\Program Files\TextEnhance\TextEnhance.dll"
C:\Program Files\TextEnhance\TextEnhance.dll

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

kladelko · #15 Příspěvek od **kladelko** » 13 lis 2016 18:36

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 313840 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ondra
->Temp folder emptied: 30286088 bytes
->Temporary Internet Files folder emptied: 76837617 bytes
->Java cache emptied: 8196 bytes
->FireFox cache emptied: 4647308 bytes
->Google Chrome cache emptied: 266477523 bytes
->Flash cache emptied: 58458 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 38736864 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5301905 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 403,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Ondra
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTM Restore Point
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
Unable to delete ADS C:\Windows\system32\rundll32.exe "C:\Program Files\TextEnhance\TextEnhance.dll" .
LoadLibrary failed for C:\Program Files\TextEnhance\TextEnhance.dll
C:\Program Files\TextEnhance\TextEnhance.dll moved successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 11122016_183259

Files moved on Reboot...
C:\Users\Ondra\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

VIRY.CZ