Dobry den pratele, prosim jen o rychlou kontrolu PC. Zda se mi v posledni dobe ponekud pomaly. Hlavne pri prehravani videa.
Dekuji predem
Roman
Logfile of random's system information tool 1.10 (written by random/random)
Run by Roman at 2016-11-13 18:59:44
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 56 GB (13%) free of 432 GB
Total RAM: 3691 MB (26% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:00:27, on 13.11.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18427)
Boot mode: Normal
Running processes:
C:\Users\Roman\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVAST Software\Avast\avBugReport.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Download Manager\IDMGrHlp.exe
C:\Program Files\trend micro\Roman.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [Viber] "C:\Users\Roman\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10020 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
atieclxx
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
"taskhost.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Users\Roman\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\Program Files\AMD Quick Stream\AMDQuickStream.exe" -h
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
taskeng.exe {0D647EB6-233B-4339-8F60-D86F0E83C060}
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\USB Camera\VM331_STI.EXE"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
"C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM" PriorityLow
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\PROGRA~2\Raptr\raptr.exe" --log_to_file --from_stub --startup
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
raptr_im.exe
"C:\Program Files (x86)\Raptr\raptr_ep64.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 4540
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="4528.0.576161279\630129975" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\AVAST Software\Avast\avBugReport.exe" --send dumps|report
\??\C:\windows\system32\conhost.exe "-1886937916-10517639621126645420-127237065318156320141396924758-1062091277785680310
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4388 CREDAT:267521 /prefetch:2
"C:\Program Files (x86)\Internet Download Manager\IDMGrHlp.exe" /ch 5 /w 131670
C:\windows\system32\Macromed\Flash\FlashUtil64_23_0_0_207_ActiveX.exe -Embedding
"taskhost.exe"
"C:\windows\system32\NOTEPAD.EXE" C:\Users\Roman\Desktop\CD.txt
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Roman\Desktop\Na viry\RSITx64.exe"
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\n3t7725j.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.40.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\windows\SysWOW64\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-25 790552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-06-27 384024]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-12 462248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-25 664848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-12 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-03 2294568]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2012-01-13 9753024]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2012-01-13 5908928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Viber"=C:\Users\Roman\AppData\Local\Viber\Viber.exe [2016-11-03 45485648]
"AppEx Accelerator UI"=C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [2015-04-06 488640]
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2013-10-10 3612240]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"=C:\Program Files (x86)\USB Camera\VM331_STI.EXE [2010-01-15 536576]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-26 222504]
"YouCam Mirage"=C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]
"YouCam Tray"=C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-11-08 9044392]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-08-04 767176]
"Raptr"=C:\PROGRA~2\Raptr\raptrstub.exe [2015-07-27 56080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-11-13 18:51:59 ----D---- C:\rsit
2016-10-21 13:26:03 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2016-11-13 18:59:59 ----D---- C:\Program Files\trend micro
2016-11-13 17:40:55 ----D---- C:\Program Files (x86)\Filmy
2016-11-13 15:57:49 ----D---- C:\windows\system32\config
2016-11-13 15:51:00 ----D---- C:\windows\Temp
2016-11-13 15:45:16 ----D---- C:\windows\System32
2016-11-13 15:45:16 ----A---- C:\windows\system32\PerfStringBackup.INI
2016-11-13 15:41:36 ----D---- C:\Users\Roman\AppData\Roaming\Raptr
2016-11-13 15:39:08 ----D---- C:\Users\Roman\AppData\Roaming\ViberPC
2016-11-13 15:33:26 ----D---- C:\Users\Roman\AppData\Roaming\DMCache
2016-11-12 19:30:33 ----D---- C:\windows\system32\drivers
2016-11-10 11:26:52 ----D---- C:\windows\SysWOW64
2016-11-10 11:26:30 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2016-11-10 11:25:47 ----D---- C:\windows\system32\Macromed
2016-11-10 11:25:27 ----D---- C:\windows\SYSWOW64\Macromed
2016-11-08 19:18:35 ----HD---- C:\ProgramData
2016-10-28 18:42:12 ----SHD---- C:\windows\Installer
2016-10-28 18:41:24 ----D---- C:\Program Files (x86)\Google
2016-10-28 11:24:44 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-27 19:36:50 ----RD---- C:\Program Files (x86)
2016-10-21 15:51:25 ----SHD---- C:\System Volume Information
2016-10-21 14:30:43 ----D---- C:\Users\Roman\AppData\Roaming\vlc
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
R0 amd_xata;amd_xata; C:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2016-09-09 74544]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2016-10-13 293352]
R0 fbfmon;fbfmon; C:\windows\system32\drivers\fbfmon.sys [2012-01-13 57952]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2012-01-13 39008]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\windows\system32\drivers\aswKbd.sys [2016-09-09 37144]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2016-09-09 103064]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2016-09-13 969184]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2016-09-23 513632]
R1 BPntDrv;BPntDrv; C:\windows\system32\drivers\BPntDrv.sys [2012-01-13 13408]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 APXACC;AppEx Networks Accelerator LWF; C:\windows\system32\DRIVERS\appexDrv.sys [2015-04-03 229056]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2016-09-09 108816]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2016-09-09 163416]
R2 IDMWFP;IDMWFP; C:\windows\system32\DRIVERS\idmwfp.sys [2013-06-27 172920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2012-01-13 29792]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2015-08-04 21622784]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2015-08-04 665088]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2010-11-24 2673664]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-03-10 1581184]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2014-10-08 766632]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2014-10-08 273576]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2014-10-08 29352]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2014-10-08 23208]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-09-03 1392688]
R3 usbfilter;AMD USB Filter Driver; C:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
R3 vm331avs;Digital Camera 1; C:\windows\System32\Drivers\vm331avs.sys [2010-10-21 228224]
R3 vmuvcflt;Vimicro USB Camera Filter; C:\windows\System32\Drivers\vmuvcflt.sys [2010-08-16 8320]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 DgiVecp;DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\windows\system32\Drivers\SSPORT.sys []
S3 amdiox64;AMD IO Driver; C:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2016-09-09 37656]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-09-29 80384]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 WinUsb;Ovladač WinUsb; C:\windows\system32\DRIVERS\winusb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2015-08-04 246784]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-08-03 344064]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-09-09 197128]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2015-03-18 822496]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-08 534184]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-08 211104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-10 270016]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-13 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2016-08-02 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-10-21 172488]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-07-19 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
preventivni vysetreni
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: preventivni vysetreni
Zdravím, přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :
Google Update Service (gupdate)
Google Update Service (gupdatem)
Google Software Updater
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
V Knohovně Plánovače úloh zakaž Google Update bude to tam vícekrát.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a spusť AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po dokončení skenu klikni na Clean,
proběhne restart PC kdy dojde ke smazání nepořádku.
Po té mi sem zkopíruj Report.
Google Update Service (gupdate)
Google Update Service (gupdatem)
Google Software Updater
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
V Knohovně Plánovače úloh zakaž Google Update bude to tam vícekrát.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a spusť AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po dokončení skenu klikni na Clean,
proběhne restart PC kdy dojde ke smazání nepořádku.
Po té mi sem zkopíruj Report.
Re: preventivni vysetreni
Diky za pomoc, udelal jsem to presne podle navodu. Akorat nevim, ktery log jsem mel potom poslat, tak posilam z adwcleaneru i z rsit.
Co bude potreba udelat ted?
Diky Roman
# AdwCleaner v6.030 - Log soubor vytvořen 15/11/2016 na 18:32:50
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-15.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Roman - ROMAN-PC
# Beží od : C:\Users\Roman\Desktop\Na viry\adwcleaner.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Adresáře ] *****
[-] Adresář smazán:C:\Users\Roman\AppData\Roaming\Premium
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupce ] *****
***** [ Plánovač úloh ] *****
***** [ Registry ] *****
[-] Klíč smazán:HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klíč smazán:HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C2].txt - [825 Bajtů] - [26/09/2015 18:15:26]
C:\AdwCleaner\AdwCleaner[C3].txt - [1272 Bajtů] - [15/11/2016 18:32:50]
C:\AdwCleaner\AdwCleaner[R0].txt - [1315 Bajtů] - [08/11/2014 12:40:15]
C:\AdwCleaner\AdwCleaner[S0].txt - [1387 Bajtů] - [08/11/2014 12:45:20]
C:\AdwCleaner\AdwCleaner[S2].txt - [749 Bajtů] - [26/09/2015 18:10:46]
C:\AdwCleaner\AdwCleaner[S3].txt - [1943 Bajtů] - [15/11/2016 18:32:03]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1641 Bajtů] ##########
Logfile of random's system information tool 1.10 (written by random/random)
Run by Roman at 2016-11-15 18:42:32
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 60 GB (14%) free of 432 GB
Total RAM: 3691 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:42:40, on 15.11.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18427)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Users\Roman\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files\trend micro\Roman.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [Viber] "C:\Users\Roman\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9546 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
taskeng.exe {3BB46608-2BEC-4E74-A0E6-33FA3164FE8F}
C:\windows\System32\spoolsv.exe
"taskhost.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\windows\system32\sppsvc.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskeng.exe {1F5513A4-CCEC-4D5E-94DB-EC9B2D5271DA}
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Users\Roman\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\Program Files\AMD Quick Stream\AMDQuickStream.exe" -h
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot
"C:\Program Files (x86)\USB Camera\VM331_STI.EXE"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe" 0
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="2260.0.1304043269\184095523" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 2260 "\\.\pipe\gecko-crash-server-pipe.2260" tab
"C:\PROGRA~2\Raptr\raptr.exe" --log_to_file --from_stub --startup
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 5052
raptr_im.exe
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Raptr\raptr_ep64.exe"
wmiadap.exe /F /T /R
"C:\windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Roman\Desktop\Na viry\RSITx64.exe"
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\n3t7725j.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.40.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\windows\SysWOW64\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-25 790552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-06-27 384024]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-12 462248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-25 664848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-12 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-03 2294568]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2012-01-13 9753024]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2012-01-13 5908928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Viber"=C:\Users\Roman\AppData\Local\Viber\Viber.exe [2016-11-03 45485648]
"AppEx Accelerator UI"=C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [2015-04-06 488640]
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2013-10-10 3612240]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-11-07 9108184]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"=C:\Program Files (x86)\USB Camera\VM331_STI.EXE [2010-01-15 536576]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-26 222504]
"YouCam Mirage"=C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]
"YouCam Tray"=C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-11-15 9080768]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-08-04 767176]
"Raptr"=C:\PROGRA~2\Raptr\raptrstub.exe [2015-07-27 56080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-11-15 18:02:21 ----D---- C:\Program Files\CCleaner
2016-11-13 18:51:59 ----D---- C:\rsit
2016-10-21 13:26:03 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2016-11-15 18:42:36 ----D---- C:\Program Files\trend micro
2016-11-15 18:41:13 ----D---- C:\windows\Temp
2016-11-15 18:40:28 ----D---- C:\Users\Roman\AppData\Roaming\Raptr
2016-11-15 18:39:52 ----D---- C:\windows\inf
2016-11-15 18:38:28 ----D---- C:\Users\Roman\AppData\Roaming\ViberPC
2016-11-15 18:37:34 ----D---- C:\windows\Prefetch
2016-11-15 18:36:48 ----D---- C:\windows\system32\config
2016-11-15 18:35:54 ----D---- C:\Windows
2016-11-15 18:32:50 ----D---- C:\AdwCleaner
2016-11-15 18:12:05 ----D---- C:\Users\Roman\AppData\Roaming\IDM
2016-11-15 18:12:05 ----D---- C:\Users\Roman\AppData\Roaming\FileZilla
2016-11-15 18:05:59 ----D---- C:\windows\Panther
2016-11-15 18:05:52 ----D---- C:\windows\Logs
2016-11-15 18:05:52 ----D---- C:\windows\debug
2016-11-15 18:05:51 ----D---- C:\windows\Minidump
2016-11-15 18:02:28 ----D---- C:\windows\system32\Tasks
2016-11-15 18:02:21 ----D---- C:\Program Files
2016-11-15 17:04:15 ----D---- C:\windows\System32
2016-11-15 17:04:15 ----A---- C:\windows\system32\PerfStringBackup.INI
2016-11-15 17:00:26 ----D---- C:\windows\system32\drivers
2016-11-13 17:40:55 ----D---- C:\Program Files (x86)\Filmy
2016-11-13 15:33:26 ----D---- C:\Users\Roman\AppData\Roaming\DMCache
2016-11-10 11:26:52 ----D---- C:\windows\SysWOW64
2016-11-10 11:26:30 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2016-11-10 11:25:47 ----D---- C:\windows\system32\Macromed
2016-11-10 11:25:27 ----D---- C:\windows\SYSWOW64\Macromed
2016-11-08 19:18:35 ----HD---- C:\ProgramData
2016-10-28 18:42:12 ----SHD---- C:\windows\Installer
2016-10-28 18:41:24 ----D---- C:\Program Files (x86)\Google
2016-10-28 11:24:44 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-27 19:36:50 ----RD---- C:\Program Files (x86)
2016-10-21 15:51:25 ----SHD---- C:\System Volume Information
2016-10-21 14:30:43 ----D---- C:\Users\Roman\AppData\Roaming\vlc
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
R0 amd_xata;amd_xata; C:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2016-09-09 74544]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2016-10-13 293352]
R0 fbfmon;fbfmon; C:\windows\system32\drivers\fbfmon.sys [2012-01-13 57952]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2012-01-13 39008]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\windows\system32\drivers\aswKbd.sys [2016-09-09 37144]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2016-09-09 103064]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2016-09-13 969184]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2016-09-23 513632]
R1 BPntDrv;BPntDrv; C:\windows\system32\drivers\BPntDrv.sys [2012-01-13 13408]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 APXACC;AppEx Networks Accelerator LWF; C:\windows\system32\DRIVERS\appexDrv.sys [2015-04-03 229056]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2016-09-09 108816]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2016-09-09 163416]
R2 IDMWFP;IDMWFP; C:\windows\system32\DRIVERS\idmwfp.sys [2013-06-27 172920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2012-01-13 29792]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2015-08-04 21622784]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2015-08-04 665088]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2010-11-24 2673664]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-03-10 1581184]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2014-10-08 766632]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2014-10-08 273576]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2014-10-08 29352]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2014-10-08 23208]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-09-03 1392688]
R3 usbfilter;AMD USB Filter Driver; C:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
R3 vm331avs;Digital Camera 1; C:\windows\System32\Drivers\vm331avs.sys [2010-10-21 228224]
R3 vmuvcflt;Vimicro USB Camera Filter; C:\windows\System32\Drivers\vmuvcflt.sys [2010-08-16 8320]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 DgiVecp;DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\windows\system32\Drivers\SSPORT.sys []
S3 amdiox64;AMD IO Driver; C:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2016-09-09 37656]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-09-29 80384]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 WinUsb;Ovladač WinUsb; C:\windows\system32\DRIVERS\winusb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2015-08-04 246784]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-08-03 344064]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-09-09 197128]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2015-03-18 822496]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-08 534184]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-08 211104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-10 270016]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2016-08-02 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-10-21 172488]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-07-19 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S4 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S4 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-13 194032]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Co bude potreba udelat ted?
Diky Roman
# AdwCleaner v6.030 - Log soubor vytvořen 15/11/2016 na 18:32:50
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-15.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Roman - ROMAN-PC
# Beží od : C:\Users\Roman\Desktop\Na viry\adwcleaner.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Adresáře ] *****
[-] Adresář smazán:C:\Users\Roman\AppData\Roaming\Premium
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupce ] *****
***** [ Plánovač úloh ] *****
***** [ Registry ] *****
[-] Klíč smazán:HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klíč smazán:HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C2].txt - [825 Bajtů] - [26/09/2015 18:15:26]
C:\AdwCleaner\AdwCleaner[C3].txt - [1272 Bajtů] - [15/11/2016 18:32:50]
C:\AdwCleaner\AdwCleaner[R0].txt - [1315 Bajtů] - [08/11/2014 12:40:15]
C:\AdwCleaner\AdwCleaner[S0].txt - [1387 Bajtů] - [08/11/2014 12:45:20]
C:\AdwCleaner\AdwCleaner[S2].txt - [749 Bajtů] - [26/09/2015 18:10:46]
C:\AdwCleaner\AdwCleaner[S3].txt - [1943 Bajtů] - [15/11/2016 18:32:03]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1641 Bajtů] ##########
Logfile of random's system information tool 1.10 (written by random/random)
Run by Roman at 2016-11-15 18:42:32
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 60 GB (14%) free of 432 GB
Total RAM: 3691 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:42:40, on 15.11.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18427)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Users\Roman\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files\trend micro\Roman.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [Viber] "C:\Users\Roman\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9546 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
taskeng.exe {3BB46608-2BEC-4E74-A0E6-33FA3164FE8F}
C:\windows\System32\spoolsv.exe
"taskhost.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\windows\system32\sppsvc.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskeng.exe {1F5513A4-CCEC-4D5E-94DB-EC9B2D5271DA}
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Users\Roman\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\Program Files\AMD Quick Stream\AMDQuickStream.exe" -h
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot
"C:\Program Files (x86)\USB Camera\VM331_STI.EXE"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe" 0
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="2260.0.1304043269\184095523" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 2260 "\\.\pipe\gecko-crash-server-pipe.2260" tab
"C:\PROGRA~2\Raptr\raptr.exe" --log_to_file --from_stub --startup
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 5052
raptr_im.exe
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Raptr\raptr_ep64.exe"
wmiadap.exe /F /T /R
"C:\windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Roman\Desktop\Na viry\RSITx64.exe"
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\n3t7725j.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.40.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\windows\SysWOW64\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-25 790552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-06-27 384024]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-12 462248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-25 664848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-12 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-03 2294568]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2012-01-13 9753024]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2012-01-13 5908928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Viber"=C:\Users\Roman\AppData\Local\Viber\Viber.exe [2016-11-03 45485648]
"AppEx Accelerator UI"=C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [2015-04-06 488640]
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2013-10-10 3612240]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-11-07 9108184]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"=C:\Program Files (x86)\USB Camera\VM331_STI.EXE [2010-01-15 536576]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-26 222504]
"YouCam Mirage"=C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]
"YouCam Tray"=C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-11-15 9080768]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-08-04 767176]
"Raptr"=C:\PROGRA~2\Raptr\raptrstub.exe [2015-07-27 56080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-11-15 18:02:21 ----D---- C:\Program Files\CCleaner
2016-11-13 18:51:59 ----D---- C:\rsit
2016-10-21 13:26:03 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2016-11-15 18:42:36 ----D---- C:\Program Files\trend micro
2016-11-15 18:41:13 ----D---- C:\windows\Temp
2016-11-15 18:40:28 ----D---- C:\Users\Roman\AppData\Roaming\Raptr
2016-11-15 18:39:52 ----D---- C:\windows\inf
2016-11-15 18:38:28 ----D---- C:\Users\Roman\AppData\Roaming\ViberPC
2016-11-15 18:37:34 ----D---- C:\windows\Prefetch
2016-11-15 18:36:48 ----D---- C:\windows\system32\config
2016-11-15 18:35:54 ----D---- C:\Windows
2016-11-15 18:32:50 ----D---- C:\AdwCleaner
2016-11-15 18:12:05 ----D---- C:\Users\Roman\AppData\Roaming\IDM
2016-11-15 18:12:05 ----D---- C:\Users\Roman\AppData\Roaming\FileZilla
2016-11-15 18:05:59 ----D---- C:\windows\Panther
2016-11-15 18:05:52 ----D---- C:\windows\Logs
2016-11-15 18:05:52 ----D---- C:\windows\debug
2016-11-15 18:05:51 ----D---- C:\windows\Minidump
2016-11-15 18:02:28 ----D---- C:\windows\system32\Tasks
2016-11-15 18:02:21 ----D---- C:\Program Files
2016-11-15 17:04:15 ----D---- C:\windows\System32
2016-11-15 17:04:15 ----A---- C:\windows\system32\PerfStringBackup.INI
2016-11-15 17:00:26 ----D---- C:\windows\system32\drivers
2016-11-13 17:40:55 ----D---- C:\Program Files (x86)\Filmy
2016-11-13 15:33:26 ----D---- C:\Users\Roman\AppData\Roaming\DMCache
2016-11-10 11:26:52 ----D---- C:\windows\SysWOW64
2016-11-10 11:26:30 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2016-11-10 11:25:47 ----D---- C:\windows\system32\Macromed
2016-11-10 11:25:27 ----D---- C:\windows\SYSWOW64\Macromed
2016-11-08 19:18:35 ----HD---- C:\ProgramData
2016-10-28 18:42:12 ----SHD---- C:\windows\Installer
2016-10-28 18:41:24 ----D---- C:\Program Files (x86)\Google
2016-10-28 11:24:44 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-27 19:36:50 ----RD---- C:\Program Files (x86)
2016-10-21 15:51:25 ----SHD---- C:\System Volume Information
2016-10-21 14:30:43 ----D---- C:\Users\Roman\AppData\Roaming\vlc
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
R0 amd_xata;amd_xata; C:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2016-09-09 74544]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2016-10-13 293352]
R0 fbfmon;fbfmon; C:\windows\system32\drivers\fbfmon.sys [2012-01-13 57952]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2012-01-13 39008]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\windows\system32\drivers\aswKbd.sys [2016-09-09 37144]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2016-09-09 103064]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2016-09-13 969184]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2016-09-23 513632]
R1 BPntDrv;BPntDrv; C:\windows\system32\drivers\BPntDrv.sys [2012-01-13 13408]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 APXACC;AppEx Networks Accelerator LWF; C:\windows\system32\DRIVERS\appexDrv.sys [2015-04-03 229056]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2016-09-09 108816]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2016-09-09 163416]
R2 IDMWFP;IDMWFP; C:\windows\system32\DRIVERS\idmwfp.sys [2013-06-27 172920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2012-01-13 29792]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2015-08-04 21622784]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2015-08-04 665088]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2010-11-24 2673664]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-03-10 1581184]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2014-10-08 766632]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2014-10-08 273576]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2014-10-08 29352]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2014-10-08 23208]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-09-03 1392688]
R3 usbfilter;AMD USB Filter Driver; C:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
R3 vm331avs;Digital Camera 1; C:\windows\System32\Drivers\vm331avs.sys [2010-10-21 228224]
R3 vmuvcflt;Vimicro USB Camera Filter; C:\windows\System32\Drivers\vmuvcflt.sys [2010-08-16 8320]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 DgiVecp;DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\windows\system32\Drivers\SSPORT.sys []
S3 amdiox64;AMD IO Driver; C:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2016-09-09 37656]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-09-29 80384]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 WinUsb;Ovladač WinUsb; C:\windows\system32\DRIVERS\winusb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2015-08-04 246784]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-08-03 344064]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-09-09 197128]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2015-03-18 822496]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-08 534184]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-08 211104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-10 270016]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2016-08-02 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-10-21 172488]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-07-19 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S4 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S4 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-13 194032]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Re: preventivni vysetreni
Ale prehravani videi to nepomohlo. S tim bude asi jiny problem. Muzete mi tez poradit? Tady prikladam screen, kdyz jsem spustil zive vysilani ct4 sport. Jde normalne zvuk, ale obraz je bily, viz foto..
- Přílohy
-
- ivysilani.jpg (20.33 KiB) Zobrazeno 2716 x
Re: preventivni vysetreni
Však jsme taky ještě nezkončiliromanlenk píše:Ale prehravani videi to nepomohlo. S tim bude asi jiny problem. Muzete mi tez poradit? Tady prikladam screen, kdyz jsem spustil zive vysilani ct4 sport. Jde normalne zvuk, ale obraz je bily, viz foto..
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Použij AIDA 64
Sice se jedná o trial ale náš účel splní.
Nainstaluj ji >> spusť >> klik na Počítač >> dále Přehled,
nahoře v aplikaci klikni na Zpráva vyber Rychlá zpráva >> Prostý text
a zkopíruj mi sem vše po Síť :.
Re: preventivni vysetreni
prvni log:
ComboFix 16-11-13.01 - Roman 15.11.2016 21:36:46.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3691.2182 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\Na viry\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Roman\AppData\Local\Plus500
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\BigLoading.gif
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\bpayTab.bmp
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\BpayTicket.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_AutoYScaleDown.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_AutoYScaleUp.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_Cancel.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_cashier.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_CrosshairDown.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_CrosshairUp.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_DemoMode.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_downarrow_red.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_Help.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_Help2.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_ChartSettings.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_MoveDown.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_MoveUp.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_OK.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_RateAlerts.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_RealMode.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_Search.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_SetupIndicators.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToCandleStick.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToFun.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToLine.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToReal.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_ZoomIn.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_ZoomOut.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_ZoomReset.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\challenge_loading.gif
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\iconDelete.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_ABNAMRO.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_AboutWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_ArrowDown.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_ArrowUp.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_Barclays.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_BigBell.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_BigBellSelected.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_BigFavorite.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_BigFavoriteSelected.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_BuySellSeparator.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_BuySellWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierDepositWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierDepositWallpaper_Lock.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper_OneMargin.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper1.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper1s.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper2.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper2s.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper3.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper3s.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierUploadDocRegulation.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierUploadDocRegulationNoBonus.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CommonwealthBank.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_Error.PNG
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_GuaranteedStop.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_ChallengeStandings_Wallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_ChartToolbar.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_IBB.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_InstrumentScreenLeftWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_InstrumentScreenRightWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_LoginWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList0.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList1.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList2.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList3.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList4.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList5.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList6.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList7.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList8.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyLeftWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyRightWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_RateUs.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\InvestSmallBtns.ssk
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\InvestSoft.ssk
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\Loading.gif
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_AuthorisationForm.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_BankDraft.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_BankStatement.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_BPay.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CashU.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCard.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsAmex.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsDiners.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsDiscover.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsEnRoute.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsIsracard.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsJcb.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsMasterCard.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsUnkown.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsVisa.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Doc.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_ECard.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Email.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_ENets.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_GiroPay.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_IDeal.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_ING.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Nordea.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_OnlineUberweisung.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Other.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_PayMethod.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_PayPal.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Phone.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_PhotoID.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_ResidenceVerification.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_SelfPhoto.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Skrill.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Sofortuberweisung.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_WesternUnion.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Wire.png
c:\users\Roman\AppData\Local\Plus500\Main\configuration.xml
c:\users\Roman\AppData\Local\Plus500\Main\InstrumentsInfo.xml
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoft.log
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoft.log.1
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoft.log.2
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoft.log.3
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoft.log.4
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoftProject.exe
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoftProject.jdbg
c:\users\Roman\AppData\Local\Plus500\Main\log4delphi.log
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AboutGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AboutGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AddPayMethodsScreenGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AddPayMethodsScreenGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AdjustmentGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AdjustmentGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AlertsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AlertsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AMLWarningGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AMLWarningGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\BuySellGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\BuySellGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierDepositGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierDepositGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_ASIC_GUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_ASIC_GUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierGUIbrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierHistoryGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierHistoryGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierMainGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierMainGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireFSA_NEW_GUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireFSA_NEW_GUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierReportsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierReportsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierSnapshotGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierSnapshotGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ClosePositionGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ClosePositionGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\Countries.xml
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CreateUserGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CreateUserGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\DontShowAgainGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\DontShowAgainGUIbrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\EquityWarningGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\EquityWarningGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeCreateGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeCreateGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeHelpGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeHelpGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeInviteGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeInviteGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeStandingsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeStandingsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChartGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChartGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\InvestSoft.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\InvestSoftBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IsRealGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IsRealGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\LiveChatGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\LiveChatGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\LoginGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\LoginGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\MainLobbyGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\MainLobbyGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\Nationalities.xml
c:\users\Roman\AppData\Local\Plus500\Main\SIL\PaymentMEthodsScreenGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ProcessingGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ProcessingGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\RateAlertGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\RateAlertGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\RateUsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\RateUsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\SendBankAccountGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\SendBankAccountGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\SendCreditCardGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\SendCreditCardGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\SettingsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\SettingsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\UploadFileControlGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\UploadFileGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\UploadFileGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Update\500w.exe
c:\users\Roman\AppData\Local\Plus500\Update\500z.exe
c:\users\Roman\AppData\Local\Plus500\Update\product.ico
c:\users\Roman\AppData\Local\Plus500\Update\ResourceChange.exe
c:\users\Roman\AppData\Local\Plus500\Update\uninstall.ico
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-15 do 2016-11-15 )))))))))))))))))))))))))))))))
.
.
2016-11-15 20:54 . 2016-11-15 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-15 17:02 . 2016-11-15 17:02 -------- d-----w- c:\program files\CCleaner
2016-11-13 17:51 . 2016-11-13 17:54 -------- d-----w- C:\rsit
2016-11-10 18:35 . 2016-11-10 18:36 -------- d-----w- c:\users\Roman\AppData\Local\Viber
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-10 10:26 . 2012-07-18 20:34 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-10 10:26 . 2012-07-18 20:34 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-13 12:13 . 2014-02-16 19:53 293352 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-09-23 13:07 . 2012-07-18 21:08 513632 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-09-13 21:33 . 2012-07-18 21:08 969184 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-09-09 09:32 . 2016-09-09 09:32 391496 ----a-w- c:\windows\system32\aswBoot.exe
2016-09-09 09:32 . 2014-08-06 16:19 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-09-09 09:32 . 2014-02-16 19:56 163416 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-09-09 09:32 . 2014-02-16 19:52 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-09-09 09:32 . 2012-07-18 21:08 108816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-09-09 09:32 . 2012-07-18 21:08 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-09-09 09:32 . 2016-09-09 09:32 53208 ----a-w- c:\windows\avastSS.scr
2016-09-09 09:31 . 2016-07-12 10:53 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-02-18 18:42 . 2015-02-18 18:42 415768 ----a-w- c:\program files\idmcchandler2_64.dll
2015-02-18 18:42 . 2015-02-18 18:42 293912 ----a-w- c:\program files\idmcchandler2.dll
2013-10-10 02:02 . 2015-02-18 18:33 3612240 ----a-w- c:\program files\IDMan.exe
2013-08-07 01:06 . 2013-08-06 14:38 96176 ----a-w- c:\program files\idmbrbtn64.dll
2013-08-07 01:06 . 2013-08-06 14:38 83792 ----a-w- c:\program files\idmbrbtn.dll
2013-08-07 00:14 . 2013-08-06 14:38 155368 ----a-w- c:\program files\IDMNetMon.dll
2013-08-07 00:14 . 2013-08-06 14:38 203272 ----a-w- c:\program files\IDMNetMon64.dll
2013-08-06 13:53 . 2013-08-06 14:38 439832 ----a-w- c:\program files\IDMIECC64.dll
2013-08-06 13:53 . 2013-08-06 14:38 393752 ----a-w- c:\program files\IDMIECC.dll
2013-08-06 12:03 . 2013-08-06 14:38 32280 ----a-w- c:\program files\idmvs.dll
2013-08-06 12:02 . 2013-08-06 14:38 16408 ----a-w- c:\program files\MediumILStart.exe
2013-07-26 12:10 . 2013-08-06 14:38 179224 ----a-w- c:\program files\Uninstall.exe
2013-06-27 09:57 . 2013-08-06 14:38 197128 ----a-w- c:\program files\idmtdi64.sys
2013-06-27 09:57 . 2013-08-06 14:38 172920 ----a-w- c:\program files\idmwfp64.sys
2013-06-27 09:57 . 2013-08-06 14:38 118344 ----a-w- c:\program files\idmtdi32.sys
2013-06-27 09:57 . 2013-08-06 14:38 104928 ----a-w- c:\program files\idmwfp32.sys
2013-06-26 09:02 . 2013-08-06 14:38 513048 ----a-w- c:\program files\IDMGrHlp.exe
2013-03-21 18:43 . 2013-08-06 14:38 52240 ----a-w- c:\program files\IDMFType64.dll
2013-03-21 18:43 . 2013-08-06 14:38 43976 ----a-w- c:\program files\idmftype.dll
2013-02-26 12:41 . 2013-08-06 14:38 87872 ----a-w- c:\program files\IDMGetAll64.dll
2013-02-26 12:41 . 2013-08-06 14:38 55104 ----a-w- c:\program files\IDMGetAll.dll
2013-02-26 12:41 . 2013-08-06 14:38 148800 ----a-w- c:\program files\downlWithIDM64.dll
2013-02-26 12:41 . 2013-08-06 14:38 96064 ----a-w- c:\program files\downlWithIDM.dll
2012-12-14 07:51 . 2013-08-06 14:38 67544 ----a-w- c:\program files\idmBroker.exe
2012-12-12 13:44 . 2013-08-06 14:38 268248 ----a-w- c:\program files\IEMonitor.exe
2012-11-15 23:07 . 2013-08-06 14:38 21904 ----a-w- c:\program files\IDMShellExt.dll
2012-11-15 23:07 . 2013-08-06 14:38 23496 ----a-w- c:\program files\IDMShellExt64.dll
2012-06-29 09:17 . 2013-08-06 14:38 83336 ----a-w- c:\program files\idmfsa.dll
2012-03-30 09:09 . 2013-08-06 14:38 38304 ----a-w- c:\program files\idmmkb.dll
2011-01-24 06:56 . 2013-08-06 14:38 64352 ----a-w- c:\program files\IDMIntegrator64.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Viber"="c:\users\Roman\AppData\Local\Viber\Viber.exe" [2016-11-03 45485648]
"AppEx Accelerator UI"="c:\program files\AMD Quick Stream\AMDQuickStream.exe" [2015-04-05 488640]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-10-10 3612240]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-11-07 9108184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-15 9080768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-04 767176]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2015-07-27 56080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys;c:\windows\SYSNATIVE\Drivers\vmuvcflt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-15 16:01 1364072 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 10:26]
.
2016-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 22:18]
.
2016-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 22:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-09-09 09:32 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-01-13 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-01-13 5908928]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\n3t7725j.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o URL from zapiks.fr*playlist/zapiks.lua*ua;]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o URL from zapiks.fr*playlist/zapiks.lua*ua;\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*.97*C^(*Čť]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*.97*C^(*Čť\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ę_›C]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ę_›C\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*'‰_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*'‰_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Ź]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Ź\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*RŹ.M]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*RŹ.M\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ae,aa,77,9a,2e,69,30,b7,1d,58,f0,d3,29,7a,05,78,80,75,e2,42,4b,
00,09,10,46,68,b3,4b,1c,c4,5a,c0,5c,92,a7,9d,2e,47,ad,56,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a1,70,fd,94,7d,37,d1,96,15,82,4a,23,82,72,e9,0f,b2,ea,78,d8,d1,
d1,7b,69,ec,da,5c,ba,28,85,94,5f,85,d8,b7,35,a1,5e,13,35,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{8e50e7a8-b3fd-42c1-bbe3-6de954868b60}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000011f
"Therad"=dword:00000016
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{b4ef89e7-cc83-4dee-87f0-9a6f4876b995}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ee
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,28,b0,e5,5b,c0,0f,1f,c2,7e,cc,e2,e6,4e,a8,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-11-15 22:00:02
ComboFix-quarantined-files.txt 2016-11-15 21:00
.
Před spuštěním: Volných bajtů: 62 037 131 264
Po spuštění: Volných bajtů: 61 775 134 720
.
- - End Of File - - CDE032A19AD5EC1B5A196BBDC640A301
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 16-11-13.01 - Roman 15.11.2016 21:36:46.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3691.2182 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\Na viry\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Roman\AppData\Local\Plus500
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\BigLoading.gif
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\bpayTab.bmp
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\BpayTicket.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_AutoYScaleDown.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_AutoYScaleUp.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_Cancel.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_cashier.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_CrosshairDown.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_CrosshairUp.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_DemoMode.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_downarrow_red.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_Help.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_Help2.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_ChartSettings.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_MoveDown.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_MoveUp.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_OK.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_RateAlerts.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_RealMode.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_Search.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_SetupIndicators.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToCandleStick.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToFun.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToLine.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToReal.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_ZoomIn.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_ZoomOut.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\but_ZoomReset.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\challenge_loading.gif
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\iconDelete.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_ABNAMRO.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_AboutWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_ArrowDown.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_ArrowUp.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_Barclays.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_BigBell.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_BigBellSelected.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_BigFavorite.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_BigFavoriteSelected.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_BuySellSeparator.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_BuySellWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierDepositWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierDepositWallpaper_Lock.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper_OneMargin.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper1.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper1s.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper2.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper2s.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper3.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper3s.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierUploadDocRegulation.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CashierUploadDocRegulationNoBonus.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_CommonwealthBank.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_Error.PNG
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_GuaranteedStop.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_ChallengeStandings_Wallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_ChartToolbar.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_IBB.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_InstrumentScreenLeftWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_InstrumentScreenRightWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_LoginWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList0.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList1.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList2.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList3.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList4.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList5.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList6.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList7.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList8.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyLeftWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyRightWallpaper.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\img_RateUs.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\InvestSmallBtns.ssk
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\InvestSoft.ssk
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\Loading.gif
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_AuthorisationForm.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_BankDraft.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_BankStatement.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_BPay.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CashU.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCard.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsAmex.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsDiners.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsDiscover.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsEnRoute.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsIsracard.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsJcb.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsMasterCard.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsUnkown.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsVisa.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Doc.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_ECard.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Email.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_ENets.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_GiroPay.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_IDeal.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_ING.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Nordea.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_OnlineUberweisung.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Other.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_PayMethod.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_PayPal.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Phone.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_PhotoID.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_ResidenceVerification.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_SelfPhoto.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Skrill.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Sofortuberweisung.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_WesternUnion.png
c:\users\Roman\AppData\Local\Plus500\Languages\cs\Images\VC_Wire.png
c:\users\Roman\AppData\Local\Plus500\Main\configuration.xml
c:\users\Roman\AppData\Local\Plus500\Main\InstrumentsInfo.xml
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoft.log
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoft.log.1
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoft.log.2
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoft.log.3
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoft.log.4
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoftProject.exe
c:\users\Roman\AppData\Local\Plus500\Main\InvestSoftProject.jdbg
c:\users\Roman\AppData\Local\Plus500\Main\log4delphi.log
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AboutGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AboutGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AddPayMethodsScreenGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AddPayMethodsScreenGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AdjustmentGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AdjustmentGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AlertsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AlertsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AMLWarningGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\AMLWarningGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\BuySellGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\BuySellGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierDepositGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierDepositGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_ASIC_GUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_ASIC_GUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierGUIbrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierHistoryGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierHistoryGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierMainGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierMainGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireFSA_NEW_GUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireFSA_NEW_GUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierReportsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierReportsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierSnapshotGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierSnapshotGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ClosePositionGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ClosePositionGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\Countries.xml
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CreateUserGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\CreateUserGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\DontShowAgainGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\DontShowAgainGUIbrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\EquityWarningGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\EquityWarningGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeCreateGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeCreateGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeHelpGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeHelpGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeInviteGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeInviteGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeStandingsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChallengeStandingsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChartGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ChartGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\InvestSoft.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\InvestSoftBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IsRealGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\IsRealGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\LiveChatGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\LiveChatGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\LoginGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\LoginGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\MainLobbyGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\MainLobbyGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\Nationalities.xml
c:\users\Roman\AppData\Local\Plus500\Main\SIL\PaymentMEthodsScreenGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ProcessingGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ProcessingGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\RateAlertGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\RateAlertGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\RateUsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\RateUsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\SendBankAccountGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\SendBankAccountGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\SendCreditCardGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\SendCreditCardGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\SettingsGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\SettingsGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\UploadFileControlGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\UploadFileGUI.sil
c:\users\Roman\AppData\Local\Plus500\Main\SIL\UploadFileGUIBrand.sil
c:\users\Roman\AppData\Local\Plus500\Update\500w.exe
c:\users\Roman\AppData\Local\Plus500\Update\500z.exe
c:\users\Roman\AppData\Local\Plus500\Update\product.ico
c:\users\Roman\AppData\Local\Plus500\Update\ResourceChange.exe
c:\users\Roman\AppData\Local\Plus500\Update\uninstall.ico
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-15 do 2016-11-15 )))))))))))))))))))))))))))))))
.
.
2016-11-15 20:54 . 2016-11-15 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-15 17:02 . 2016-11-15 17:02 -------- d-----w- c:\program files\CCleaner
2016-11-13 17:51 . 2016-11-13 17:54 -------- d-----w- C:\rsit
2016-11-10 18:35 . 2016-11-10 18:36 -------- d-----w- c:\users\Roman\AppData\Local\Viber
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-10 10:26 . 2012-07-18 20:34 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-10 10:26 . 2012-07-18 20:34 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-13 12:13 . 2014-02-16 19:53 293352 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-09-23 13:07 . 2012-07-18 21:08 513632 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-09-13 21:33 . 2012-07-18 21:08 969184 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-09-09 09:32 . 2016-09-09 09:32 391496 ----a-w- c:\windows\system32\aswBoot.exe
2016-09-09 09:32 . 2014-08-06 16:19 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-09-09 09:32 . 2014-02-16 19:56 163416 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-09-09 09:32 . 2014-02-16 19:52 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-09-09 09:32 . 2012-07-18 21:08 108816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-09-09 09:32 . 2012-07-18 21:08 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-09-09 09:32 . 2016-09-09 09:32 53208 ----a-w- c:\windows\avastSS.scr
2016-09-09 09:31 . 2016-07-12 10:53 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-02-18 18:42 . 2015-02-18 18:42 415768 ----a-w- c:\program files\idmcchandler2_64.dll
2015-02-18 18:42 . 2015-02-18 18:42 293912 ----a-w- c:\program files\idmcchandler2.dll
2013-10-10 02:02 . 2015-02-18 18:33 3612240 ----a-w- c:\program files\IDMan.exe
2013-08-07 01:06 . 2013-08-06 14:38 96176 ----a-w- c:\program files\idmbrbtn64.dll
2013-08-07 01:06 . 2013-08-06 14:38 83792 ----a-w- c:\program files\idmbrbtn.dll
2013-08-07 00:14 . 2013-08-06 14:38 155368 ----a-w- c:\program files\IDMNetMon.dll
2013-08-07 00:14 . 2013-08-06 14:38 203272 ----a-w- c:\program files\IDMNetMon64.dll
2013-08-06 13:53 . 2013-08-06 14:38 439832 ----a-w- c:\program files\IDMIECC64.dll
2013-08-06 13:53 . 2013-08-06 14:38 393752 ----a-w- c:\program files\IDMIECC.dll
2013-08-06 12:03 . 2013-08-06 14:38 32280 ----a-w- c:\program files\idmvs.dll
2013-08-06 12:02 . 2013-08-06 14:38 16408 ----a-w- c:\program files\MediumILStart.exe
2013-07-26 12:10 . 2013-08-06 14:38 179224 ----a-w- c:\program files\Uninstall.exe
2013-06-27 09:57 . 2013-08-06 14:38 197128 ----a-w- c:\program files\idmtdi64.sys
2013-06-27 09:57 . 2013-08-06 14:38 172920 ----a-w- c:\program files\idmwfp64.sys
2013-06-27 09:57 . 2013-08-06 14:38 118344 ----a-w- c:\program files\idmtdi32.sys
2013-06-27 09:57 . 2013-08-06 14:38 104928 ----a-w- c:\program files\idmwfp32.sys
2013-06-26 09:02 . 2013-08-06 14:38 513048 ----a-w- c:\program files\IDMGrHlp.exe
2013-03-21 18:43 . 2013-08-06 14:38 52240 ----a-w- c:\program files\IDMFType64.dll
2013-03-21 18:43 . 2013-08-06 14:38 43976 ----a-w- c:\program files\idmftype.dll
2013-02-26 12:41 . 2013-08-06 14:38 87872 ----a-w- c:\program files\IDMGetAll64.dll
2013-02-26 12:41 . 2013-08-06 14:38 55104 ----a-w- c:\program files\IDMGetAll.dll
2013-02-26 12:41 . 2013-08-06 14:38 148800 ----a-w- c:\program files\downlWithIDM64.dll
2013-02-26 12:41 . 2013-08-06 14:38 96064 ----a-w- c:\program files\downlWithIDM.dll
2012-12-14 07:51 . 2013-08-06 14:38 67544 ----a-w- c:\program files\idmBroker.exe
2012-12-12 13:44 . 2013-08-06 14:38 268248 ----a-w- c:\program files\IEMonitor.exe
2012-11-15 23:07 . 2013-08-06 14:38 21904 ----a-w- c:\program files\IDMShellExt.dll
2012-11-15 23:07 . 2013-08-06 14:38 23496 ----a-w- c:\program files\IDMShellExt64.dll
2012-06-29 09:17 . 2013-08-06 14:38 83336 ----a-w- c:\program files\idmfsa.dll
2012-03-30 09:09 . 2013-08-06 14:38 38304 ----a-w- c:\program files\idmmkb.dll
2011-01-24 06:56 . 2013-08-06 14:38 64352 ----a-w- c:\program files\IDMIntegrator64.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Viber"="c:\users\Roman\AppData\Local\Viber\Viber.exe" [2016-11-03 45485648]
"AppEx Accelerator UI"="c:\program files\AMD Quick Stream\AMDQuickStream.exe" [2015-04-05 488640]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-10-10 3612240]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-11-07 9108184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-15 9080768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-04 767176]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2015-07-27 56080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys;c:\windows\SYSNATIVE\Drivers\vmuvcflt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-15 16:01 1364072 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 10:26]
.
2016-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 22:18]
.
2016-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 22:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-09-09 09:32 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-01-13 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-01-13 5908928]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\n3t7725j.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o URL from zapiks.fr*playlist/zapiks.lua*ua;]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o URL from zapiks.fr*playlist/zapiks.lua*ua;\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*.97*C^(*Čť]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*.97*C^(*Čť\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ę_›C]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ę_›C\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*'‰_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*'‰_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Ź]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Ź\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*RŹ.M]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*RŹ.M\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ae,aa,77,9a,2e,69,30,b7,1d,58,f0,d3,29,7a,05,78,80,75,e2,42,4b,
00,09,10,46,68,b3,4b,1c,c4,5a,c0,5c,92,a7,9d,2e,47,ad,56,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a1,70,fd,94,7d,37,d1,96,15,82,4a,23,82,72,e9,0f,b2,ea,78,d8,d1,
d1,7b,69,ec,da,5c,ba,28,85,94,5f,85,d8,b7,35,a1,5e,13,35,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{8e50e7a8-b3fd-42c1-bbe3-6de954868b60}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000011f
"Therad"=dword:00000016
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{b4ef89e7-cc83-4dee-87f0-9a6f4876b995}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ee
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,28,b0,e5,5b,c0,0f,1f,c2,7e,cc,e2,e6,4e,a8,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-11-15 22:00:02
ComboFix-quarantined-files.txt 2016-11-15 21:00
.
Před spuštěním: Volných bajtů: 62 037 131 264
Po spuštění: Volných bajtů: 61 775 134 720
.
- - End Of File - - CDE032A19AD5EC1B5A196BBDC640A301
A36C5E4F47E84449FF07ED3517B43A31
Re: preventivni vysetreni
druhý log:
--------[ AIDA64 Extreme ]----------------------------------------------------------------------------------------------
Verze AIDA64 v5.80.4000/cz
Modul benchmarku 4.3.712-x64
Domovská stránka http://www.aida64.com/
Typ zprávy Rychlá zpráva [ TRIAL VERSION ]
Počítač ROMAN-PC
Vytvořil Roman
Operační systém Microsoft Windows 7 Home Premium 6.1.7601.23418 (Win7 RTM)
Datum 2016-11-15
Čas 22:40
--------[ Přehled ]-----------------------------------------------------------------------------------------------------
Počítač:
Typ počítače ACPI x64-based PC
Operační systém Microsoft Windows 7 Home Premium
Aktualizace Service pack [ TRIAL VERSION ]
Internet Explorer 11.0.9600.18426
DirectX DirectX 11.1
Jméno počítače ROMAN-PC
Jméno uživatele Roman
Přihlašovací doména [ TRIAL VERSION ]
Datum / Čas 2016-11-15 / 22:40
Základní deska:
Typ CPU DualCore AMD E-450, 1646 MHz (16.5 x 100)
Název základní desky Lenovo 20081
Čipová sada základní desky AMD Hudson-1, AMD K14
Pracovní paměť [ TRIAL VERSION ]
DIMM1: Samsung M471B5273CH0-CH9 4 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-20 @ 533 MHz) (6-6-6-17 @ 457 MHz) (5-5-5-14 @ 380 MHz)
Typ BIOSu Insyde (09/14/2011)
Zobrazení:
Grafický adaptér AMD Radeon HD 6320 Graphics (384 MB)
Grafický adaptér AMD Radeon HD 6320 Graphics (384 MB)
3D-akcelerátor AMD Radeon HD 6320 (Wrestler)
Monitor LG Philips LP156WH4-TLA1 [15.6" LCD]
Multimédia:
Zvukový adaptér Conexant Cx20590 @ ATI Hudson-1 FCH - High Definition Audio Controller
Nosiče dat:
Ovladač IDE AMD SATA Controller
Disková jednotka ST950032 5AS SATA Disk Device (500 GB, 5400 RPM, SATA-II)
Optická jednotka HL-DT-ST DVDRAM GT50N SATA CdRom Device (DVD+R9:6x, DVD-R9:6x, DVD+RW:8x/8x, DVD-RW:8x/6x, DVD-RAM:5x, DVD-ROM:8x, CD:24x/24x/24x DVD+RW/DVD-RW/DVD-RAM)
Stav SMART pevného disku OK
Oddíly:
C: (NTFS) [ TRIAL VERSION ]
D: (NTFS) 29690 MB (27474 MB volných)
Celková velikost [ TRIAL VERSION ]
Vstupní zařízení:
Klávesnice Standardní klávesnice PS/2
Myš Myš kompatibilní s technologií HID
Myš Synaptics PS/2 Port TouchPad
Síť:
Primární adresa IP [ TRIAL VERSION ]
Primární adresa MAC 9C-B7-0D-2C-0E-2F
Síťový adaptér Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
Síťový adaptér Atheros AR9285 Wireless Network Adapter (192. [ TRIAL VERSION ])
Síťový adaptér Microsoft Virtual WiFi Miniport Adapter
--------[ AIDA64 Extreme ]----------------------------------------------------------------------------------------------
Verze AIDA64 v5.80.4000/cz
Modul benchmarku 4.3.712-x64
Domovská stránka http://www.aida64.com/
Typ zprávy Rychlá zpráva [ TRIAL VERSION ]
Počítač ROMAN-PC
Vytvořil Roman
Operační systém Microsoft Windows 7 Home Premium 6.1.7601.23418 (Win7 RTM)
Datum 2016-11-15
Čas 22:40
--------[ Přehled ]-----------------------------------------------------------------------------------------------------
Počítač:
Typ počítače ACPI x64-based PC
Operační systém Microsoft Windows 7 Home Premium
Aktualizace Service pack [ TRIAL VERSION ]
Internet Explorer 11.0.9600.18426
DirectX DirectX 11.1
Jméno počítače ROMAN-PC
Jméno uživatele Roman
Přihlašovací doména [ TRIAL VERSION ]
Datum / Čas 2016-11-15 / 22:40
Základní deska:
Typ CPU DualCore AMD E-450, 1646 MHz (16.5 x 100)
Název základní desky Lenovo 20081
Čipová sada základní desky AMD Hudson-1, AMD K14
Pracovní paměť [ TRIAL VERSION ]
DIMM1: Samsung M471B5273CH0-CH9 4 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-20 @ 533 MHz) (6-6-6-17 @ 457 MHz) (5-5-5-14 @ 380 MHz)
Typ BIOSu Insyde (09/14/2011)
Zobrazení:
Grafický adaptér AMD Radeon HD 6320 Graphics (384 MB)
Grafický adaptér AMD Radeon HD 6320 Graphics (384 MB)
3D-akcelerátor AMD Radeon HD 6320 (Wrestler)
Monitor LG Philips LP156WH4-TLA1 [15.6" LCD]
Multimédia:
Zvukový adaptér Conexant Cx20590 @ ATI Hudson-1 FCH - High Definition Audio Controller
Nosiče dat:
Ovladač IDE AMD SATA Controller
Disková jednotka ST950032 5AS SATA Disk Device (500 GB, 5400 RPM, SATA-II)
Optická jednotka HL-DT-ST DVDRAM GT50N SATA CdRom Device (DVD+R9:6x, DVD-R9:6x, DVD+RW:8x/8x, DVD-RW:8x/6x, DVD-RAM:5x, DVD-ROM:8x, CD:24x/24x/24x DVD+RW/DVD-RW/DVD-RAM)
Stav SMART pevného disku OK
Oddíly:
C: (NTFS) [ TRIAL VERSION ]
D: (NTFS) 29690 MB (27474 MB volných)
Celková velikost [ TRIAL VERSION ]
Vstupní zařízení:
Klávesnice Standardní klávesnice PS/2
Myš Myš kompatibilní s technologií HID
Myš Synaptics PS/2 Port TouchPad
Síť:
Primární adresa IP [ TRIAL VERSION ]
Primární adresa MAC 9C-B7-0D-2C-0E-2F
Síťový adaptér Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
Síťový adaptér Atheros AR9285 Wireless Network Adapter (192. [ TRIAL VERSION ])
Síťový adaptér Microsoft Virtual WiFi Miniport Adapter
Re: preventivni vysetreni
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
ODTUD stáhni ovladač grafiky, buď použij ten jejich automat na detekci nebo kousek níže se proklikej 5i kroky.
Pak dej vědět zda to zabralo.
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
ODTUD stáhni ovladač grafiky, buď použij ten jejich automat na detekci nebo kousek níže se proklikej 5i kroky.
Pak dej vědět zda to zabralo.
Re: preventivni vysetreni
novy log, ted jdu na tu grafiku..
ComboFix 16-11-13.01 - Roman 16.11.2016 19:05:31.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3691.2163 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\Na viry\ComboFix.exe
Použité ovládací přepínače :: c:\users\Roman\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-16 do 2016-11-16 )))))))))))))))))))))))))))))))
.
.
2016-11-16 18:21 . 2016-11-16 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-15 21:37 . 2016-11-15 21:37 -------- d-----w- c:\program files (x86)\FinalWire
2016-11-15 17:02 . 2016-11-15 17:02 -------- d-----w- c:\program files\CCleaner
2016-11-13 17:51 . 2016-11-13 17:54 -------- d-----w- C:\rsit
2016-11-10 18:35 . 2016-11-10 18:36 -------- d-----w- c:\users\Roman\AppData\Local\Viber
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-10 10:26 . 2012-07-18 20:34 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-10 10:26 . 2012-07-18 20:34 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-13 12:13 . 2014-02-16 19:53 293352 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-09-23 13:07 . 2012-07-18 21:08 513632 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-09-13 21:33 . 2012-07-18 21:08 969184 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-09-09 09:32 . 2016-09-09 09:32 391496 ----a-w- c:\windows\system32\aswBoot.exe
2016-09-09 09:32 . 2014-08-06 16:19 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-09-09 09:32 . 2014-02-16 19:56 163416 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-09-09 09:32 . 2014-02-16 19:52 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-09-09 09:32 . 2012-07-18 21:08 108816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-09-09 09:32 . 2012-07-18 21:08 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-09-09 09:32 . 2016-09-09 09:32 53208 ----a-w- c:\windows\avastSS.scr
2016-09-09 09:31 . 2016-07-12 10:53 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-02-18 18:42 . 2015-02-18 18:42 415768 ----a-w- c:\program files\idmcchandler2_64.dll
2015-02-18 18:42 . 2015-02-18 18:42 293912 ----a-w- c:\program files\idmcchandler2.dll
2013-10-10 02:02 . 2015-02-18 18:33 3612240 ----a-w- c:\program files\IDMan.exe
2013-08-07 01:06 . 2013-08-06 14:38 96176 ----a-w- c:\program files\idmbrbtn64.dll
2013-08-07 01:06 . 2013-08-06 14:38 83792 ----a-w- c:\program files\idmbrbtn.dll
2013-08-07 00:14 . 2013-08-06 14:38 155368 ----a-w- c:\program files\IDMNetMon.dll
2013-08-07 00:14 . 2013-08-06 14:38 203272 ----a-w- c:\program files\IDMNetMon64.dll
2013-08-06 13:53 . 2013-08-06 14:38 439832 ----a-w- c:\program files\IDMIECC64.dll
2013-08-06 13:53 . 2013-08-06 14:38 393752 ----a-w- c:\program files\IDMIECC.dll
2013-08-06 12:03 . 2013-08-06 14:38 32280 ----a-w- c:\program files\idmvs.dll
2013-08-06 12:02 . 2013-08-06 14:38 16408 ----a-w- c:\program files\MediumILStart.exe
2013-07-26 12:10 . 2013-08-06 14:38 179224 ----a-w- c:\program files\Uninstall.exe
2013-06-27 09:57 . 2013-08-06 14:38 197128 ----a-w- c:\program files\idmtdi64.sys
2013-06-27 09:57 . 2013-08-06 14:38 172920 ----a-w- c:\program files\idmwfp64.sys
2013-06-27 09:57 . 2013-08-06 14:38 118344 ----a-w- c:\program files\idmtdi32.sys
2013-06-27 09:57 . 2013-08-06 14:38 104928 ----a-w- c:\program files\idmwfp32.sys
2013-06-26 09:02 . 2013-08-06 14:38 513048 ----a-w- c:\program files\IDMGrHlp.exe
2013-03-21 18:43 . 2013-08-06 14:38 52240 ----a-w- c:\program files\IDMFType64.dll
2013-03-21 18:43 . 2013-08-06 14:38 43976 ----a-w- c:\program files\idmftype.dll
2013-02-26 12:41 . 2013-08-06 14:38 87872 ----a-w- c:\program files\IDMGetAll64.dll
2013-02-26 12:41 . 2013-08-06 14:38 55104 ----a-w- c:\program files\IDMGetAll.dll
2013-02-26 12:41 . 2013-08-06 14:38 148800 ----a-w- c:\program files\downlWithIDM64.dll
2013-02-26 12:41 . 2013-08-06 14:38 96064 ----a-w- c:\program files\downlWithIDM.dll
2012-12-14 07:51 . 2013-08-06 14:38 67544 ----a-w- c:\program files\idmBroker.exe
2012-12-12 13:44 . 2013-08-06 14:38 268248 ----a-w- c:\program files\IEMonitor.exe
2012-11-15 23:07 . 2013-08-06 14:38 21904 ----a-w- c:\program files\IDMShellExt.dll
2012-11-15 23:07 . 2013-08-06 14:38 23496 ----a-w- c:\program files\IDMShellExt64.dll
2012-06-29 09:17 . 2013-08-06 14:38 83336 ----a-w- c:\program files\idmfsa.dll
2012-03-30 09:09 . 2013-08-06 14:38 38304 ----a-w- c:\program files\idmmkb.dll
2011-01-24 06:56 . 2013-08-06 14:38 64352 ----a-w- c:\program files\IDMIntegrator64.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Viber"="c:\users\Roman\AppData\Local\Viber\Viber.exe" [2016-11-03 45485648]
"AppEx Accelerator UI"="c:\program files\AMD Quick Stream\AMDQuickStream.exe" [2015-04-05 488640]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-10-10 3612240]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-11-07 9108184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-15 9080768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-04 767176]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2015-07-27 56080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys;c:\windows\SYSNATIVE\Drivers\vmuvcflt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-15 16:01 1364072 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 10:26]
.
2016-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 22:18]
.
2016-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 22:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-09-09 09:32 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-01-13 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-01-13 5908928]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\n3t7725j.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o URL from zapiks.fr*playlist/zapiks.lua*ua;]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o URL from zapiks.fr*playlist/zapiks.lua*ua;\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*.97*C^(*Čť]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*.97*C^(*Čť\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ę_›C]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ę_›C\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*'‰_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*'‰_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Ź]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Ź\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*RŹ.M]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*RŹ.M\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ae,aa,77,9a,2e,69,30,b7,1d,58,f0,d3,29,7a,05,78,80,75,e2,42,4b,
00,09,10,46,68,b3,4b,1c,c4,5a,c0,5c,92,a7,9d,2e,47,ad,56,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a1,70,fd,94,7d,37,d1,96,15,82,4a,23,82,72,e9,0f,b2,ea,78,d8,d1,
d1,7b,69,ec,da,5c,ba,28,85,94,5f,85,d8,b7,35,a1,5e,13,35,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{8e50e7a8-b3fd-42c1-bbe3-6de954868b60}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000011f
"Therad"=dword:00000016
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{b4ef89e7-cc83-4dee-87f0-9a6f4876b995}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ee
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,28,b0,e5,5b,c0,0f,1f,c2,7e,cc,e2,e6,4e,a8,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2016-11-16 19:27:02
ComboFix-quarantined-files.txt 2016-11-16 18:27
ComboFix2.txt 2016-11-15 21:35
ComboFix3.txt 2016-11-15 21:00
.
Před spuštěním: Volných bajtů: 60 762 640 384
Po spuštění: Volných bajtů: 60 700 053 504
.
- - End Of File - - 5EAD9AC7BFDA94B8E02781DCE1BD0239
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 16-11-13.01 - Roman 16.11.2016 19:05:31.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3691.2163 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\Na viry\ComboFix.exe
Použité ovládací přepínače :: c:\users\Roman\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-16 do 2016-11-16 )))))))))))))))))))))))))))))))
.
.
2016-11-16 18:21 . 2016-11-16 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-15 21:37 . 2016-11-15 21:37 -------- d-----w- c:\program files (x86)\FinalWire
2016-11-15 17:02 . 2016-11-15 17:02 -------- d-----w- c:\program files\CCleaner
2016-11-13 17:51 . 2016-11-13 17:54 -------- d-----w- C:\rsit
2016-11-10 18:35 . 2016-11-10 18:36 -------- d-----w- c:\users\Roman\AppData\Local\Viber
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-10 10:26 . 2012-07-18 20:34 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-10 10:26 . 2012-07-18 20:34 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-13 12:13 . 2014-02-16 19:53 293352 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-09-23 13:07 . 2012-07-18 21:08 513632 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-09-13 21:33 . 2012-07-18 21:08 969184 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-09-09 09:32 . 2016-09-09 09:32 391496 ----a-w- c:\windows\system32\aswBoot.exe
2016-09-09 09:32 . 2014-08-06 16:19 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-09-09 09:32 . 2014-02-16 19:56 163416 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-09-09 09:32 . 2014-02-16 19:52 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-09-09 09:32 . 2012-07-18 21:08 108816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-09-09 09:32 . 2012-07-18 21:08 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-09-09 09:32 . 2016-09-09 09:32 53208 ----a-w- c:\windows\avastSS.scr
2016-09-09 09:31 . 2016-07-12 10:53 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-02-18 18:42 . 2015-02-18 18:42 415768 ----a-w- c:\program files\idmcchandler2_64.dll
2015-02-18 18:42 . 2015-02-18 18:42 293912 ----a-w- c:\program files\idmcchandler2.dll
2013-10-10 02:02 . 2015-02-18 18:33 3612240 ----a-w- c:\program files\IDMan.exe
2013-08-07 01:06 . 2013-08-06 14:38 96176 ----a-w- c:\program files\idmbrbtn64.dll
2013-08-07 01:06 . 2013-08-06 14:38 83792 ----a-w- c:\program files\idmbrbtn.dll
2013-08-07 00:14 . 2013-08-06 14:38 155368 ----a-w- c:\program files\IDMNetMon.dll
2013-08-07 00:14 . 2013-08-06 14:38 203272 ----a-w- c:\program files\IDMNetMon64.dll
2013-08-06 13:53 . 2013-08-06 14:38 439832 ----a-w- c:\program files\IDMIECC64.dll
2013-08-06 13:53 . 2013-08-06 14:38 393752 ----a-w- c:\program files\IDMIECC.dll
2013-08-06 12:03 . 2013-08-06 14:38 32280 ----a-w- c:\program files\idmvs.dll
2013-08-06 12:02 . 2013-08-06 14:38 16408 ----a-w- c:\program files\MediumILStart.exe
2013-07-26 12:10 . 2013-08-06 14:38 179224 ----a-w- c:\program files\Uninstall.exe
2013-06-27 09:57 . 2013-08-06 14:38 197128 ----a-w- c:\program files\idmtdi64.sys
2013-06-27 09:57 . 2013-08-06 14:38 172920 ----a-w- c:\program files\idmwfp64.sys
2013-06-27 09:57 . 2013-08-06 14:38 118344 ----a-w- c:\program files\idmtdi32.sys
2013-06-27 09:57 . 2013-08-06 14:38 104928 ----a-w- c:\program files\idmwfp32.sys
2013-06-26 09:02 . 2013-08-06 14:38 513048 ----a-w- c:\program files\IDMGrHlp.exe
2013-03-21 18:43 . 2013-08-06 14:38 52240 ----a-w- c:\program files\IDMFType64.dll
2013-03-21 18:43 . 2013-08-06 14:38 43976 ----a-w- c:\program files\idmftype.dll
2013-02-26 12:41 . 2013-08-06 14:38 87872 ----a-w- c:\program files\IDMGetAll64.dll
2013-02-26 12:41 . 2013-08-06 14:38 55104 ----a-w- c:\program files\IDMGetAll.dll
2013-02-26 12:41 . 2013-08-06 14:38 148800 ----a-w- c:\program files\downlWithIDM64.dll
2013-02-26 12:41 . 2013-08-06 14:38 96064 ----a-w- c:\program files\downlWithIDM.dll
2012-12-14 07:51 . 2013-08-06 14:38 67544 ----a-w- c:\program files\idmBroker.exe
2012-12-12 13:44 . 2013-08-06 14:38 268248 ----a-w- c:\program files\IEMonitor.exe
2012-11-15 23:07 . 2013-08-06 14:38 21904 ----a-w- c:\program files\IDMShellExt.dll
2012-11-15 23:07 . 2013-08-06 14:38 23496 ----a-w- c:\program files\IDMShellExt64.dll
2012-06-29 09:17 . 2013-08-06 14:38 83336 ----a-w- c:\program files\idmfsa.dll
2012-03-30 09:09 . 2013-08-06 14:38 38304 ----a-w- c:\program files\idmmkb.dll
2011-01-24 06:56 . 2013-08-06 14:38 64352 ----a-w- c:\program files\IDMIntegrator64.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Viber"="c:\users\Roman\AppData\Local\Viber\Viber.exe" [2016-11-03 45485648]
"AppEx Accelerator UI"="c:\program files\AMD Quick Stream\AMDQuickStream.exe" [2015-04-05 488640]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-10-10 3612240]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-11-07 9108184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-15 9080768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-04 767176]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2015-07-27 56080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys;c:\windows\SYSNATIVE\Drivers\vmuvcflt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-15 16:01 1364072 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 10:26]
.
2016-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 22:18]
.
2016-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 22:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-09-09 09:32 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-01-13 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-01-13 5908928]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\n3t7725j.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o URL from zapiks.fr*playlist/zapiks.lua*ua;]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o URL from zapiks.fr*playlist/zapiks.lua*ua;\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*.97*C^(*Čť]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*.97*C^(*Čť\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ę_›C]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ę_›C\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*'‰_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*'‰_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Ź]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Ź\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*RŹ.M]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*RŹ.M\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ae,aa,77,9a,2e,69,30,b7,1d,58,f0,d3,29,7a,05,78,80,75,e2,42,4b,
00,09,10,46,68,b3,4b,1c,c4,5a,c0,5c,92,a7,9d,2e,47,ad,56,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a1,70,fd,94,7d,37,d1,96,15,82,4a,23,82,72,e9,0f,b2,ea,78,d8,d1,
d1,7b,69,ec,da,5c,ba,28,85,94,5f,85,d8,b7,35,a1,5e,13,35,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{8e50e7a8-b3fd-42c1-bbe3-6de954868b60}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000011f
"Therad"=dword:00000016
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-207713859-1500389001-3173119016-1001_Classes\Wow6432Node\CLSID\{b4ef89e7-cc83-4dee-87f0-9a6f4876b995}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ee
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,28,b0,e5,5b,c0,0f,1f,c2,7e,cc,e2,e6,4e,a8,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2016-11-16 19:27:02
ComboFix-quarantined-files.txt 2016-11-16 18:27
ComboFix2.txt 2016-11-15 21:35
ComboFix3.txt 2016-11-15 21:00
.
Před spuštěním: Volných bajtů: 60 762 640 384
Po spuštění: Volných bajtů: 60 700 053 504
.
- - End Of File - - 5EAD9AC7BFDA94B8E02781DCE1BD0239
A36C5E4F47E84449FF07ED3517B43A31
Re: preventivni vysetreni
tak jsem zkusil tu autodetekci a vyplivlo to na me, ze mam v pc nainstalovany jiz nejnovejsi driver.. tak jsem zkusil to ivysilani čt4 sport ve firefoxu, kde to neslo a vysledek je stale stejny. zvuk jde, ale obraz je bily. ale zkusil jsem to jeste v exploreru a tam to funguje, ikdyz trhane, ale obraz jde
Re: preventivni vysetreni
zkusime s tim jeste neco udelat? nebo s tim delat uz nic nejde? vim, ze notas asi uz nejspis dosluhuje :/
Re: preventivni vysetreni
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
No šmejdi tam nejsou a grafika je aktuální, nemáš ve Firefoxu nějaký adblocker nebo něco podobného ? Flash player je aktuální ? Zkus na chvílku pozastavit Avast co to udělá.romanlenk píše:zkusime s tim jeste neco udelat? nebo s tim delat uz nic nejde? vim, ze notas asi uz nejspis dosluhuje :/
Re: preventivni vysetreni
Tak jsem to provedl, pote jsem zaktualizoval flash player a video v mozille funguje diky za pomoc!!
ale velmi se to seka, to asi bude uz tou starsi grafickou kartou nebo se mylim?
diky za pomoc!!ale velmi se to seka, to asi bude uz tou starsi grafickou kartou nebo se mylim?
Re: preventivni vysetreni
Něco může být grafikou, něco zoufale malou RAM a také záleží na rychlosti připojení.romanlenk píše:......... ale velmi se to seka, to asi bude uz tou starsi grafickou kartou nebo se mylim?
Přispějete na provoz fóra?