Vyskakujúce internetové stránky

[seamus]

Zdravím
Ako tam prezerám fórum, v poslednej dobe nie som jediný, kto má s tým problém, a teda z ničoho nič mi vyskakujú internetové stránky (prevažne mail.ru alebo f1news.ru), a to aj vtedy, ak mám okno prehliadača zatvorené.
Vopred ďakujem za akúkoľvek pomoc.

Logfile of random's system information tool 1.14 (written by random/random)
Run by PC at 2017-01-17 18:01:50
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 2 GB (5%) free of 40 GB
Total RAM: 1791 MB (37% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:02:13, on 17. 1. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18450)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\trend micro\PC_RSITx64.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=818411
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\PC\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [uTorrent] "C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stiahnuť s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stiahnuť s IDM všetky prepojenia - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBC8F02E-528F-4086-8E4B-C927D9E8FA10}: NameServer = 8.8.8.8,208.67.222.222
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: qkseeService - Unknown owner - C:\Program Files (x86)\qksee\qkseeSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinZiper service (winzipersvc) - Unknown owner - C:\Program Files (x86)\WinZipper\winzipersvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7169 bytes

======Enumerating Processes======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\PC\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\PC\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=55.0.2883.87 --handshake-handle=0x90
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3476 --on-initialized-event-handle=428 --parent-handle=432 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/AutoImportDisabled/DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/InstanceID/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_89/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=6,14,16,17,18,21,37,65 --gpu-vendor-id=0x10de --gpu-device-id=0x01d1 --gpu-driver-vendor=NVIDIA --gpu-driver-version=8.15.11.8593 --gpu-driver-date=5-14-2009 --gpu-secondary-vendor-ids=0x1002 --gpu-secondary-device-ids=0x9616 --service-request-channel-token=B38ADB1E5079612D29F6BCDE8108DCE8 --mojo-platform-channel-handle=1064 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_89/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=ECB4C08309FE4F319BD05D8737D392D4 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --service-request-channel-token=ECB4C08309FE4F319BD05D8737D392D4 --mojo-platform-channel-handle=7152 /prefetch:1
"D:\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\system32\tasks\b2929b72a96a471893ecaa9c51368bae - C:\PROGRA~2\wsmD400\z7iD420.bat
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\ChelfNotify Task - "C:\ProgramData\ChelfNotify\BrowserUpdate.exe" -do
C:\Windows\system32\tasks\fs1news - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://fs1news.ru/afisha
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\YTDownloader - C:\Program Files (x86)\YTDownloader\YTDownloader.exe
C:\Windows\system32\tasks\{A608D83E-AB84-4F46-9115-CD7DCE998125} - "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.5.0.102/sk/a ... e=tsPlugin
C:\Windows\system32\tasks\{B71600FA-882B-490D-9EE7-4EFD5558C7E0} - C:\Windows\system32\pcalua.exe -a "C:\Users\PC\Prevzaté súbory\InstallFilter.exe" -d "C:\Users\PC\Prevzaté súbory"
C:\Windows\system32\tasks\{DB329AF8-48B5-47DC-859F-B2E11B00EBE3} - C:\Windows\system32\pcalua.exe -a F:\Programy\asus\NVIDIAnForce_Chipset_V4690_Vista64\Vista64\Ethernet\NAM\NAMSetup.exe -d F:\Programy\asus\NVIDIAnForce_Chipset_V4690_Vista64\Vista64\Ethernet\NAM
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task

=========Google Chrome=========

C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod 0.2
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Google Search 0.0.0.60
Extension dhdgffkkebhmkfjojejmpbldmpobfkfo 1 Tampermonkey 4.1.10
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg Settings 0.2
Extension eofcbnmajmjmplflapaojjnihcjkigck 2 Avast SafePrice 10.0.2502.149
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google v režime offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 2 Avast Online Security 10.0.2502.149
Extension jeaohhlajejodfjadcponpnjgkiikocn 2 IDM Integration Module 6.21
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension lifbcibllhkdhoafpjfnlhfpfgnpldfl 2 Skype Click to Call 7.4.0.9058
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5416.905.0.6
Homepage:
default_search_provider.search_url:
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
Plugin 1.4.8.823 Widevine Content Decryption Module C:\Users\PC\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll
Plugin Chrome PDF Viewer chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/
Plugin 18.0.0.209 Shockwave Flash C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll
Plugin Chrome Remote Desktop Viewer internal-remoting-viewer
Plugin Native Client C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\internal-nacl-plugin
Plugin Chrome PDF Viewer internal-pdf-viewer
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn]
"Path"=C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-07-10 476184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24 790552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-07-10 417816]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-15 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24 664848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}]
Ďîčńę@Mail.Ru - C:\Users\PC\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-15 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-18 13657304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe [2016-12-09 2165440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19 1160408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files (x86)\RedFox\AnyDVD\AnyDVDtray.exe [2016-11-09 10610208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools]
C:\ProgramData\Boxtools\Boxofttoolbox.exe [2010-12-15 514048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2016-08-26 8912088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelaypluginInstall]
C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2014-09-26 3858000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSkysoft Helper Compact.exe]
C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2016-10-13 176440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe -bootmode []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mailruhomesearch]
C:\Users\PC\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe --pr_deferred []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe /command:faststart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD14Agent]
C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftonicAssistant]
C:\Users\PC\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe [2016-12-09 2165440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YTDownloader]
C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FairStars Record Schedule.lnk]
C:\PROGRA~2\FAIRST~1\FSRECS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
C:\PROGRA~2\Nokia\Ovi\Suite\RUNLAU~1.EXE /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrácia výrobku.lnk]
C:\PROGRA~1\Logitech\LOGITE~1\eReg.exe /remind /language=SKY /_WFM=. []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WO Mic Client.lnk]
C:\Program Files (x86)\WOMic\WOMicClient.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-08-28 2252800]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-11-15 9080768]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"MSVideo"=vfwwdm32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.x264"=x264vfw.dll
"msacm.ac3filter"=ac3filter64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-17 18:01:50 ----D---- C:\rsit
2017-01-15 10:18:31 ----D---- C:\ProgramData\Mail.Ru
2017-01-13 15:44:28 ----D---- C:\Users\PC\AppData\Roaming\19378
2017-01-13 12:32:50 ----ASH---- C:\pagefile.sys
2016-12-25 10:15:04 ----D---- C:\Program Files\Recuva
2016-12-19 17:42:27 ----D---- C:\Users\PC\AppData\Roaming\fontconfig
2016-12-19 17:41:22 ----D---- C:\Users\PC\AppData\Roaming\Aegisub
2016-12-19 17:37:46 ----D---- C:\Program Files (x86)\Aegisub

======List of files/folders modified in the last 1 month======

2017-01-17 18:02:09 ----D---- C:\Users\PC\AppData\Roaming\uTorrent
2017-01-17 18:02:08 ----D---- C:\Program Files\trend micro
2017-01-17 15:46:33 ----D---- C:\Windows\Temp
2017-01-17 06:34:28 ----D---- C:\Windows
2017-01-16 16:59:27 ----D---- C:\Users\PC\AppData\Roaming\IDM
2017-01-16 16:59:26 ----D---- C:\Windows\inf
2017-01-15 19:52:50 ----HD---- C:\ProgramData
2017-01-15 10:19:19 ----HD---- C:\Windows\system32\GroupPolicy
2017-01-15 10:18:18 ----D---- C:\Windows\system32\Tasks
2017-01-13 13:47:34 ----D---- C:\Windows\System32
2017-01-13 13:47:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-01-12 19:38:54 ----SHD---- C:\Windows\Installer
2017-01-12 19:38:52 ----HD---- C:\Config.Msi
2017-01-12 19:37:32 ----D---- C:\Program Files (x86)\Internet Explorer
2017-01-12 19:36:40 ----D---- C:\Windows\SysWOW64
2017-01-12 17:02:05 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2017-01-12 16:59:44 ----D---- C:\Program Files\CyberLink
2017-01-12 16:48:23 ----SHD---- C:\System Volume Information
2017-01-10 17:03:31 ----D---- C:\Users\PC\AppData\Roaming\DMCache
2017-01-10 17:02:17 ----D---- C:\Windows\system32\drivers
2017-01-10 16:25:22 ----RSD---- C:\Windows\Fonts
2016-12-29 10:48:04 ----D---- C:\Windows\system32\catroot2
2016-12-25 10:15:04 ----RD---- C:\Program Files
2016-12-23 13:51:45 ----D---- C:\Windows\system32\config
2016-12-19 20:26:23 ----D---- C:\Windows\system32\FxsTmp
2016-12-19 17:37:46 ----RD---- C:\Program Files (x86)

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-12-12 82048]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-12-12 42624]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-08-28 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-10-13 293352]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 archlp;archlp; C:\Windows\system32\drivers\archlp.sys [2010-01-12 142848]
R1 AsrAppCharger;AsrAppCharger; C:\Windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2016-08-28 453192]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-08-28 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-09-13 969184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-09-22 513632]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2014-12-20 40344]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-08-28 108816]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-08-28 163416]
R2 regi;regi; \??\C:\Windows\system32\drivers\regi.sys [2010-11-16 15672]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2015-11-05 146944]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2016-07-11 154448]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2016-06-14 28312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-22 3692632]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-02-01 819784]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
R3 wovad_micarray;WO Mic Device; C:\Windows\system32\drivers\womic.sys [2015-07-09 33072]
S3 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-08-28 37656]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-06-25 6036480]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2014-06-09 180136]
S3 lvpopf64;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopf64.sys []
S3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys []
S3 LVUVC64;Logitech Webcam 200(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys []
S3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys []
S3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-14 15416]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2015-06-17 54784]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-08-17 1235968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-06-25 203264]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-09-22 83768]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-08-28 197128]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2016-08-28 223600]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-31 878368]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-08-08 390672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 qkseeService;qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe []
S2 winzipersvc;WinZiper service; C:\Program Files (x86)\WinZipper\winzipersvc.exe []
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-08-12 136120]
S3 hpqcxs08;hpqcxs08; %SystemRoot%\system32\svchost.exe -k hpdevmgmt;"ServiceDll"=C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-09-01 114688]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2016-10-13 651576]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-10-23 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[Roli]

Zdravím, přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Služba Google Update (gupdate)
Služba Google Update (gupdatem)
Google Updater Service (gusvc)
Cyberlink RichVideo64 Service

dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.


V Knihovně Plánovače úloh zakaž Google Update bude to tam vícekrát.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files
C:\Windows\system32\tasks\fs1news

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem zkopíruj obsah logu uloženého na C:\_OTMoveIt\MovedFiles\


Stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[seamus]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Windows\system32\tasks\fs1news not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PC
->Temp folder emptied: 21807726 bytes
->Temporary Internet Files folder emptied: 2271703 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 15373568 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3003971 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 01182017_161833

Files moved on Reboot...
File C:\Users\PC\AppData\Local\Temp\etilqs_npXHJ5Zc8ugzoko not found!
File C:\Users\PC\AppData\Local\Temp\etilqs_TnsaBTmT9gihUST not found!
C:\Users\PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

# AdwCleaner v6.042 - *Logfile created 18/01/2017 *at 16:51:55
# *Updated on 06/01/2017 by Malwarebytes
# *Database : 2017-01-17.2 [*Server]
# *Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# *Username : PC - PC-PC
# *Running from : D:\adwcleaner_6.042.exe
# *Mode: Clean
# *Support : https://www.malwarebytes.com/support



***** [ *Services ] *****

[-] *Service deleted: winzipersvc
[-] *Service deleted: qkseeService


***** [ *Folders ] *****

[-] *Folder deleted: C:\ProgramData\IwinpI
[-] *Folder deleted: C:\Users\PC\AppData\Roaming\Profiles\emdlyg5u.default\extensions\45633fba7e7d40fea9c29@9dc18447eea04021a325caf3.com
[-] *Folder deleted: C:\Users\PC\AppData\Local\Amigo
[-] *Folder deleted: C:\Users\PC\AppData\Local\globalUpdate
[-] *Folder deleted: C:\Users\PC\AppData\Local\guquentligolysergeph
[-] *Folder deleted: C:\Users\PC\AppData\Local\Birdmay
[-] *Folder deleted: C:\Users\PC\AppData\Roaming\DriverCure
[-] *Folder deleted: C:\Users\PC\AppData\Roaming\GoldenGate
[-] *Folder deleted: C:\Users\PC\AppData\Roaming\GrabPro
[-] *Folder deleted: C:\Users\PC\AppData\Roaming\OpenCandy
[-] *Folder deleted: C:\Users\PC\AppData\Roaming\ParetoLogic
[-] *Folder deleted: C:\Users\PC\AppData\Roaming\ProgSense
[-] *Folder deleted: C:\Users\PC\AppData\Roaming\Uncheckit
[-] *Folder deleted: C:\ProgramData\apn
[-] *Folder deleted: C:\ProgramData\epicscale
[-] *Folder deleted: C:\ProgramData\Mail.Ru
[-] *Folder deleted: C:\ProgramData\ParetoLogic
[-] *Folder deleted: C:\ProgramData\Uncheckit
[-] *Folder deleted: C:\ProgramData\uckt
[-] *Folder deleted: C:\ProgramData\Birdmay
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\epicscale
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\Mail.Ru
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\ParetoLogic
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\Uncheckit
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\uckt
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\Birdmay
[-] *Folder deleted: C:\Program Files (x86)\SFK
[-] *Folder deleted: C:\Program Files (x86)\Birdmay
[-] *Folder deleted: C:\Windows\SysWOW64\_SSpm


***** [ *Files ] *****

[-] *File deleted: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
[-] *File deleted: C:\Users\PC\Favorites\Mail.Ru.url
[-] *File deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] *File deleted: C:\Windows\SysNative\roboot64.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****

[!] *Shortcut not deleted: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk


***** [ *Scheduled Tasks ] *****

[-] *Task deleted: YTDownloader
[-] *Task deleted: ChelfNotify Task
[-] *Task deleted: b2929b72a96a471893ecaa9c51368bae


***** [ *Registry ] *****

[-] *Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] *Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[-] *Key deleted: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] *Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] *Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] *Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] *Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] *Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
[-] *Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
[-] *Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] *Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
[-] *Key deleted: HKU\.DEFAULT\Software\jhtrsq
[-] *Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] *Key deleted: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\Appscion
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\Conduit
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\EpicScale
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\GlobalUpdate
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\GoldenGate
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\ICSW1.17
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\Media Get LLC
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\OB
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\ParetoLogic
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\PRODUCTSETUP
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\ProgSense
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\Softonic
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\torch
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\Mail.Ru
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\csastats
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\AppDataLow\Software\Crossrider
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\AppDataLow\Software\Mail.Ru
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Ge-Force
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Sense
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\jhtrsq
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[#] *Key deleted on reboot: HKCU\Software\Appscion
[#] *Key deleted on reboot: HKCU\Software\Conduit
[#] *Key deleted on reboot: HKCU\Software\EpicScale
[#] *Key deleted on reboot: HKCU\Software\GlobalUpdate
[#] *Key deleted on reboot: HKCU\Software\GoldenGate
[#] *Key deleted on reboot: HKCU\Software\ICSW1.17
[#] *Key deleted on reboot: HKCU\Software\Media Get LLC
[#] *Key deleted on reboot: HKCU\Software\OB
[#] *Key deleted on reboot: HKCU\Software\ParetoLogic
[#] *Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] *Key deleted on reboot: HKCU\Software\ProgSense
[#] *Key deleted on reboot: HKCU\Software\Softonic
[#] *Key deleted on reboot: HKCU\Software\torch
[#] *Key deleted on reboot: HKCU\Software\Mail.Ru
[#] *Key deleted on reboot: HKCU\Software\csastats
[#] *Key deleted on reboot: HKCU\Software\AppDataLow\Software\Crossrider
[#] *Key deleted on reboot: HKCU\Software\AppDataLow\Software\Mail.Ru
[-] *Key deleted: HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] *Key deleted: HKLM\SOFTWARE\GlobalUpdate
[-] *Key deleted: HKLM\SOFTWARE\hdcode
[-] *Key deleted: HKLM\SOFTWARE\ParetoLogic
[-] *Key deleted: HKLM\SOFTWARE\torch
[-] *Key deleted: HKLM\SOFTWARE\qkseeSvc
[-] *Key deleted: HKLM\SOFTWARE\qksee
[-] *Key deleted: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] *Key deleted: HKLM\SOFTWARE\trotuxSoftware
[-] *Key deleted: HKLM\SOFTWARE\WinSaberSvc
[-] *Key deleted: HKLM\SOFTWARE\jhtrsq
[-] *Key deleted: HKLM\SOFTWARE\CLIENTS\Corner Sunshine
[#] *Key deleted on reboot: [x64] HKCU\Software\Appscion
[#] *Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] *Key deleted on reboot: [x64] HKCU\Software\EpicScale
[#] *Key deleted on reboot: [x64] HKCU\Software\GlobalUpdate
[#] *Key deleted on reboot: [x64] HKCU\Software\GoldenGate
[#] *Key deleted on reboot: [x64] HKCU\Software\ICSW1.17
[#] *Key deleted on reboot: [x64] HKCU\Software\Media Get LLC
[#] *Key deleted on reboot: [x64] HKCU\Software\OB
[#] *Key deleted on reboot: [x64] HKCU\Software\ParetoLogic
[#] *Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] *Key deleted on reboot: [x64] HKCU\Software\ProgSense
[#] *Key deleted on reboot: [x64] HKCU\Software\Softonic
[#] *Key deleted on reboot: [x64] HKCU\Software\torch
[#] *Key deleted on reboot: [x64] HKCU\Software\Mail.Ru
[#] *Key deleted on reboot: [x64] HKCU\Software\csastats
[#] *Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Crossrider
[#] *Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Mail.Ru
[-] *Key deleted: [x64] HKLM\SOFTWARE\ShopperPro
[-] *Key deleted: [x64] HKLM\SOFTWARE\jhtrsq
[-] *Key deleted: [x64] HKLM\SOFTWARE\YTDownloader
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\CLIENTS\Corner Sunshine
[-] *Data restored: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] *Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] *Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] *Key deleted: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] *Data restored: HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] *Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] *Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] *Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SoftonicAssistant
[-] *Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\YTDownloader
[-] *Key deleted: HKLM\SOFTWARE\Classes\Applications\Torch.exe
[-] *Key deleted: HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] *Key deleted: HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] *Key deleted: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[#] *Key deleted on reboot: HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[#] *Key deleted on reboot: HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] *Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
[-] *Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] *Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof


***** [ *Browsers ] *****

[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1] [favicon_url] *Deleted: hxxp://www.nuesearch.com/searchfavicon.ico
[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] *Deleted: ccfifbojenkenpkmnbnndeadpfdiffof
[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] *Deleted: oelpkepjlgmehajehfeicfbjdiobdkfj
[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] *Deleted: ojlcebdkbpjdpiligkdbbkdkfjmchbfd


*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [13674 *Bytes] - [18/01/2017 16:51:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [12562 *Bytes] - [18/01/2017 16:32:55]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [13824 *Bytes] ##########

[seamus]

ComboFix 17-01-13.01 - PC . 01. 2017 17:02:15.1.1 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.1791.831 [GMT 1:00]
Running from: D:\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: Avast Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PC\AppData\Roaming\Microsoft\Windows\User.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2016-12-18 to 2017-01-18 )))))))))))))))))))))))))))))))
.
.
2017-01-18 16:13 . 2017-01-18 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-18 15:29 . 2017-01-18 15:51 -------- d-----w- C:\AdwCleaner
2017-01-17 17:01 . 2017-01-17 17:02 -------- d-----w- C:\rsit
2017-01-13 14:44 . 2017-01-13 14:44 -------- d-----w- c:\users\PC\AppData\Roaming\19378
2016-12-25 09:15 . 2017-01-09 12:15 -------- d-----w- c:\program files\Recuva
2016-12-23 18:10 . 2016-12-23 18:10 230480 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2016-12-19 16:42 . 2016-12-19 16:42 -------- d-----w- c:\users\PC\AppData\Roaming\fontconfig
2016-12-19 16:41 . 2016-12-20 13:15 -------- d-----w- c:\users\PC\AppData\Roaming\Aegisub
2016-12-19 16:37 . 2016-12-20 13:19 -------- d-----w- c:\program files (x86)\Aegisub
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\PC\AppData\Roaming\uTorrent\uTorrent.exe" [2016-12-09 2165440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-15 9080768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 {84349ed9-b96b-46bf-a939-ca539c08cecb}Gw64;{84349ed9-b96b-46bf-a939-ca539c08cecb}Gw64;c:\windows\system32\drivers\{84349ed9-b96b-46bf-a939-ca539c08cecb}Gw64.sys;c:\windows\SYSNATIVE\drivers\{84349ed9-b96b-46bf-a939-ca539c08cecb}Gw64.sys [x]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys;c:\windows\SYSNATIVE\drivers\archlp.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys;c:\windows\SYSNATIVE\drivers\aswNetSec.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys;c:\windows\SYSNATIVE\DRIVERS\aswNetNd6.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 wovad_micarray;WO Mic Device;c:\windows\system32\drivers\womic.sys;c:\windows\SYSNATIVE\drivers\womic.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-12-23 18:10 323152 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-08-28 06:50 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-18 13657304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
uDefault_Search_URL =
mDefault_Search_URL =
mDefault_Page_URL =
mStart Page =
mLocal Page =
mSearch Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stiahnuť s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stiahnuť s IDM všetky prepojenia - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: Interfaces\{FBC8F02E-528F-4086-8E4B-C927D9E8FA10}: NameServer = 8.8.8.8,208.67.222.222
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3391148227-3366691421-1949666123-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dc,b9,c9,ab,23,2c,b1,1e,6b,6d,74,0c,06,23,10,79,58,74,2c,40,a5,
a6,8c,a4,d9,0e,25,d4,d4,ad,f2,c7,e6,d8,16,36,3a,21,bb,47,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_192_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_192_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Completion time: 2017-01-18 17:24:37 - machine was rebooted
ComboFix-quarantined-files.txt 2017-01-18 16:24
.
Pre-Run: 1 585 139 712 bytes free
Post-Run: 1 603 891 200 bytes free
.
- - End Of File - - FAB7BC02E467912D2267D3DB97ED1E0E
A36C5E4F47E84449FF07ED3517B43A31

[Roli]

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jak se PC chová.

[seamus]

Ten Combofix mi po reštartovaní sám zmizol, keďže mi po spustení cez Štart vyhadzuje, že "Systém Windows nemôže nájsť súbor Combofix". A ten T-Cleaner nechce nič robiť - zadám "A" pre pokračovanie aplikácie, avšak nič sa nedeje ...

[Roli]

Ten Combofix mi po reštartovaní sám zmizol, keďže mi po spustení cez Štart vyhadzuje, že "Systém Windows nemôže nájsť súbor Combofix". A ten T-Cleaner nechce nič robiť - zadám "A" pre pokračovanie aplikácie, avšak nič sa nedeje ...

ComboFix sám většinou nezmizí, zřejmě jej odmazal právě T-Cleaner. Nevadí neřeš to, písni jak se PC chová.

[seamus]

Ten Combofix mi po reštartovaní sám zmizol, keďže mi po spustení cez Štart vyhadzuje, že "Systém Windows nemôže nájsť súbor Combofix". A ten T-Cleaner nechce nič robiť - zadám "A" pre pokračovanie aplikácie, avšak nič sa nedeje ...

ComboFix sám většinou nezmizí, zřejmě jej odmazal právě T-Cleaner. Nevadí neřeš to, písni jak se PC chová.

Stále ešte vyskakujú, dokonca už aj nejaké ďalšie stránky (bet365.com, aliexpress a podobné blbosti )...

[Roli]

Tak že, poprosím o aktuální log z Rsit a znovu spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.

[seamus]

Logfile of random's system information tool 1.14 (written by random/random)
Run by PC at 2017-01-25 13:27:06
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 3 GB (8%) free of 40 GB
Total RAM: 1791 MB (48% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:27:10, on 25. 1. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18450)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\trend micro\PC_RSITx64.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stiahnuť s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stiahnuť s IDM všetky prepojenia - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBC8F02E-528F-4086-8E4B-C927D9E8FA10}: NameServer = 8.8.8.8,208.67.222.222
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5879 bytes

======Enumerating Processes======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\CompatTelRunner.exe
\??\C:\Windows\system32\conhost.exe "-1486545159-972209469824699973197162862918091851811569498072-698718242039332035
C:\Windows\system32\CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:EdqRvjypd0GZSjy7.1
"C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"D:\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\fs1news - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://fs1news.ru/afisha
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\{A608D83E-AB84-4F46-9115-CD7DCE998125} - "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.5.0.102/sk/a ... e=tsPlugin
C:\Windows\system32\tasks\{B71600FA-882B-490D-9EE7-4EFD5558C7E0} - C:\Windows\system32\pcalua.exe -a "C:\Users\PC\Prevzaté súbory\InstallFilter.exe" -d "C:\Users\PC\Prevzaté súbory"
C:\Windows\system32\tasks\{DB329AF8-48B5-47DC-859F-B2E11B00EBE3} - C:\Windows\system32\pcalua.exe -a F:\Programy\asus\NVIDIAnForce_Chipset_V4690_Vista64\Vista64\Ethernet\NAM\NAMSetup.exe -d F:\Programy\asus\NVIDIAnForce_Chipset_V4690_Vista64\Vista64\Ethernet\NAM
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task

=========Google Chrome=========

C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod 0.2
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Google Search 0.0.0.60
Extension dhdgffkkebhmkfjojejmpbldmpobfkfo 1 Tampermonkey 4.1.10
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg Settings 0.2
Extension eofcbnmajmjmplflapaojjnihcjkigck 2 Avast SafePrice 10.0.2502.149
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google v režime offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 2 Avast Online Security 10.0.2502.149
Extension jeaohhlajejodfjadcponpnjgkiikocn 2 IDM Integration Module 6.21
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension lifbcibllhkdhoafpjfnlhfpfgnpldfl 2 Skype Click to Call 7.4.0.9058
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5416.905.0.6
Homepage:
default_search_provider.search_url:
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
Plugin 1.4.8.823 Widevine Content Decryption Module C:\Users\PC\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll
Plugin Chrome PDF Viewer chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/
Plugin 18.0.0.209 Shockwave Flash C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll
Plugin Chrome Remote Desktop Viewer internal-remoting-viewer
Plugin Native Client C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\internal-nacl-plugin
Plugin Chrome PDF Viewer internal-pdf-viewer
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn]
"Path"=C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-07-10 476184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24 790552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-07-10 417816]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-15 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24 664848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-15 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-18 13657304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19 1160408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files (x86)\RedFox\AnyDVD\AnyDVDtray.exe [2016-11-09 10610208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools]
C:\ProgramData\Boxtools\Boxofttoolbox.exe [2010-12-15 514048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2016-08-26 8912088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelaypluginInstall]
C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2014-09-26 3858000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSkysoft Helper Compact.exe]
C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2016-10-13 176440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe -bootmode []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mailruhomesearch]
C:\Users\PC\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe --pr_deferred []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe /command:faststart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD14Agent]
C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe [2016-12-09 2165440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FairStars Record Schedule.lnk]
C:\PROGRA~2\FAIRST~1\FSRECS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
C:\PROGRA~2\Nokia\Ovi\Suite\RUNLAU~1.EXE /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrácia výrobku.lnk]
C:\PROGRA~1\Logitech\LOGITE~1\eReg.exe /remind /language=SKY /_WFM=. []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WO Mic Client.lnk]
C:\Program Files (x86)\WOMic\WOMicClient.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-08-28 2252800]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-11-15 9080768]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"MSVideo"=vfwwdm32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.x264"=x264vfw.dll
"msacm.ac3filter"=ac3filter64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2017-01-25 13:27:06 ----D---- C:\rsit
2017-01-18 17:24:51 ----SHD---- C:\$RECYCLE.BIN
2017-01-13 15:44:28 ----D---- C:\Users\PC\AppData\Roaming\19378
2017-01-13 12:32:50 ----ASH---- C:\pagefile.sys

======List of files/folders modified in the last 1 month======

2017-01-25 13:27:13 ----D---- C:\Windows\Prefetch
2017-01-25 13:27:08 ----D---- C:\Program Files\trend micro
2017-01-25 11:54:07 ----D---- C:\Windows\Temp
2017-01-24 19:33:00 ----SHD---- C:\System Volume Information
2017-01-24 15:31:41 ----D---- C:\Windows
2017-01-24 13:20:04 ----D---- C:\Windows\system32\config
2017-01-24 12:05:24 ----D---- C:\Users\PC\AppData\Roaming\uTorrent
2017-01-24 12:05:24 ----D---- C:\Users\PC\AppData\Roaming\IDM
2017-01-24 12:05:22 ----D---- C:\Windows\inf
2017-01-24 12:01:50 ----D---- C:\Program Files\Recuva
2017-01-23 18:57:06 ----D---- C:\multiAVCHD
2017-01-23 14:30:28 ----D---- C:\ProgramData
2017-01-21 17:58:19 ----D---- C:\Windows\System32
2017-01-21 17:58:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-01-20 08:10:11 ----D---- C:\Users\PC\AppData\Roaming\DMCache
2017-01-19 15:38:00 ----D---- C:\Windows\system32\drivers
2017-01-19 15:06:48 ----SHD---- C:\Windows\Installer
2017-01-19 15:06:48 ----D---- C:\Config.Msi
2017-01-19 15:06:22 ----D---- C:\Windows\SysWOW64
2017-01-18 17:16:56 ----A---- C:\Windows\system.ini
2017-01-18 17:15:36 ----D---- C:\Windows\system32\drivers\etc
2017-01-18 17:08:45 ----AD---- C:\ProgramData\Temp
2017-01-18 17:08:24 ----D---- C:\Windows\SYSWOW64\drivers
2017-01-18 17:08:24 ----D---- C:\Windows\AppPatch
2017-01-18 17:08:22 ----D---- C:\Program Files (x86)\Common Files
2017-01-18 16:51:03 ----D---- C:\Windows\system32\Tasks
2017-01-18 16:51:02 ----D---- C:\Windows\system32\log
2017-01-18 16:51:00 ----RD---- C:\Program Files (x86)
2017-01-15 10:19:19 ----HD---- C:\Windows\system32\GroupPolicy
2017-01-12 19:37:32 ----D---- C:\Program Files (x86)\Internet Explorer
2017-01-12 17:02:05 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2017-01-12 16:59:44 ----D---- C:\Program Files\CyberLink
2017-01-10 16:25:22 ----RSD---- C:\Windows\Fonts
2016-12-29 10:48:04 ----D---- C:\Windows\system32\catroot2

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-12-12 82048]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-12-12 42624]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-08-28 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-10-13 293352]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 archlp;archlp; C:\Windows\system32\drivers\archlp.sys [2010-01-12 142848]
R1 AsrAppCharger;AsrAppCharger; C:\Windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2016-08-28 453192]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-08-28 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-09-13 969184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-09-22 513632]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2014-12-20 40344]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-08-28 108816]
R2 regi;regi; \??\C:\Windows\system32\drivers\regi.sys [2010-11-16 15672]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2015-11-05 146944]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2016-07-11 154448]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2016-06-14 28312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-22 3692632]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-02-01 819784]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
R3 wovad_micarray;WO Mic Device; C:\Windows\system32\drivers\womic.sys [2015-07-09 33072]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-08-28 163416]
S3 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-08-28 37656]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-06-25 6036480]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2014-06-09 180136]
S3 lvpopf64;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopf64.sys []
S3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys []
S3 LVUVC64;Logitech Webcam 200(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys []
S3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys []
S3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-14 15416]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2015-06-17 54784]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-08-17 1235968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-06-25 203264]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-09-22 83768]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-08-28 197128]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2016-08-28 223600]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-31 878368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 hpqcxs08;hpqcxs08; %SystemRoot%\system32\svchost.exe -k hpdevmgmt;"ServiceDll"=C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-09-01 114688]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2016-10-13 651576]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-10-23 1255736]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S4 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-08-12 136120]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-08-08 390672]

-----------------EOF-----------------

[seamus]

# AdwCleaner v6.042 - *Logfile created 25/01/2017 *at 13:38:22
# *Updated on 06/01/2017 by Malwarebytes
# *Database : 2017-01-25.1 [*Server]
# *Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# *Username : PC - PC-PC
# *Running from : D:\adwcleaner_6.042.exe
# *Mode: Clean
# *Support : https://www.malwarebytes.com/support



***** [ *Services ] *****



***** [ *Folders ] *****



***** [ *Files ] *****

[-] *File deleted: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_v.qq.com_0.localstorage
[-] *File deleted: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_v.qq.com_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****



***** [ *Scheduled Tasks ] *****



***** [ *Registry ] *****



***** [ *Browsers ] *****

[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1] [favicon_url] *Deleted: hxxp://www.nuesearch.com/searchfavicon.ico


*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1144 *Bytes] - [25/01/2017 13:38:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [1474 *Bytes] - [25/01/2017 13:34:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1292 *Bytes] ##########

[Roli]

No je to nacpané v Chromu a stále se to obnovuje.

Mrkni do jeho nastavení a vše s podivným názvem včetně vyhledávacích modulů smaž.


Použij Mbam z mého podpisu a dej mi sem z něj log po smazání nepořádku.


Znovu spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files
C:\Windows\system32\tasks\fs1news

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem zkopíruj obsah logu uloženého na C:\_OTMoveIt\MovedFiles\


Pokud nezabere ani jedno Chrom odinstaluj včetně uživatelských dat a nainstaluj znovu.

[seamus]

Ešte stále vyskakujú, ale už nie v tak častých intervaloch.
Asi skúsim na tvoju radu odinštalovať a opätovne nainštalovať celý Chrome.

Malwarebytes
http://www.malwarebytes.com

-Podrobnosti denníka-
Dátum skenovania: 27.01.17
Čas skenovania: 13:02
Súbor denníka: malwarebytes log.txt
Správca: Áno

-Údaje o softvéri-
Verzia: 3.0.6.1469
Verzia súčastí: 1.0.50
Aktualizovať verziu balíka: 1.0.1064
Licencia: Skúšobná verzia

-Systémové informácie-
OS: Windows 7 Service Pack 1
Procesor: x64
Systém súborov: NTFS
Používateľ: PC-PC\PC

-Zhrnutie skenovania-
Typ skenovania: Vyhľadávanie hrozieb
Výsledok: Dokončené
Preskenované objekty: 382392
Uplynulý čas: 22 min, 22 s

-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Zakázané
Heuristika: Povolené
PUP: Povolené
PUM: Povolené

-Podrobnosti skenovania-
Proces: 0
(Nezistili sa nijaké škodlivé položky)

Modul: 0
(Nezistili sa nijaké škodlivé položky)

Kľúč databázy Registry: 7
PUP.Optional.Elex.SHHKRST, HKLM\SOFTWARE\CLASSES\CLSID\{6710C780-E20E-4C49-A87D-321850ED3D7C}, Umiestené do karantény, [445], [316937],1.0.1064
PUP.Optional.BrowseFox, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{84349ed9-b96b-46bf-a939-ca539c08cecb}Gw64, Umiestené do karantény, [2076], [299543],1.0.1064
PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\b2929b72a96a471893ecaa9c51368bae, Umiestené do karantény, [15], [312172],1.0.1064
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Umiestené do karantény, [419], [182847],1.0.1064
PUP.Optional.CrossRider, HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93E7C685-4411-478E-8A38-72F730BEE851}, Umiestené do karantény, [307], [237488],1.0.1064
PUP.Optional.CrossRider, HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EA0055AF-37A3-458A-AD89-20826D747835}, Umiestené do karantény, [307], [237487],1.0.1064
PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A2A154D0-48CB-41CA-B276-F698E6D1AA38}, Umiestené do karantény, [15], [312170],1.0.1064

Hodnota databázy Registry: 7
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|HP, Umiestené do karantény, [419], [182847],1.0.1064
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|TAB, Umiestené do karantény, [419], [182847],1.0.1064
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|SP, Umiestené do karantény, [419], [182847],1.0.1064
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|SURL, Umiestené do karantény, [419], [182847],1.0.1064
PUP.Optional.CrossRider, HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93E7C685-4411-478E-8A38-72F730BEE851}|APPNAME, Umiestené do karantény, [307], [237488],1.0.1064
PUP.Optional.CrossRider, HKU\S-1-5-21-3391148227-3366691421-1949666123-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EA0055AF-37A3-458A-AD89-20826D747835}|APPNAME, Umiestené do karantény, [307], [237487],1.0.1064
PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A2A154D0-48CB-41CA-B276-F698E6D1AA38}|PATH, Umiestené do karantény, [15], [312170],1.0.1064

Údaje databázy Registry: 2
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Nahradené, [16406], [292819],1.0.1064
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Nahradené, [16406], [292819],1.0.1064

Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)

Priečinok: 0
(Nezistili sa nijaké škodlivé položky)

Súbor: 10
PUP.Optional.BrowseFox, C:\WINDOWS\SYSTEM32\DRIVERS\{84349ED9-B96B-46BF-A939-CA539C08CECB}GW64.SYS, Umiestené do karantény, [2076], [299543],1.0.1064
PUP.Optional.AshampooRegistryCleaner, C:\PROGRAMDATA\ASHAMPOO\ICO_ASHAMPOO_MARKETPLACE.ICO, Umiestené do karantény, [2855], [355157],1.0.1064
PUP.Optional.GsearchFinder, C:\USERS\PC\APPDATA\ROAMING\PROFILES\CKUERTYBORERGHTGHUPERSY\EXTENSIONS\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.XPI, Umiestené do karantény, [14886], [261721],1.0.1064
PUP.Optional.GsearchFinder, C:\USERS\PC\APPDATA\ROAMING\PROFILES\EMDLYG5U.DEFAULT\EXTENSIONS\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.XPI, Umiestené do karantény, [14886], [261721],1.0.1064
PUP.Optional.Trotux, C:\USERS\PC\APPDATA\ROAMING\PROFILES\EMDLYG5U.DEFAULT\PREFS.JS, Nahradené, [419], [324486],1.0.1064
PUP.Optional.Trotux, C:\USERS\PC\APPDATA\ROAMING\PROFILES\EMDLYG5U.DEFAULT\PREFS.JS, Nahradené, [419], [324486],1.0.1064
PUP.Optional.Trotux, C:\USERS\PC\APPDATA\ROAMING\PROFILES\EMDLYG5U.DEFAULT\PREFS.JS, Nahradené, [419], [324486],1.0.1064
PUP.Optional.Trotux, C:\USERS\PC\APPDATA\ROAMING\PROFILES\EMDLYG5U.DEFAULT\PREFS.JS, Nahradené, [419], [324486],1.0.1064
PUP.Optional.Trotux, C:\USERS\PC\APPDATA\ROAMING\PROFILES\EMDLYG5U.DEFAULT\SEARCHPLUGINS\2H9CWDWF.XML, Umiestené do karantény, [419], [324483],1.0.1064
RiskWare.Patcher, C:\PROGRAM FILES (X86)\DVDFAB 9\PATCH.EXE, Bez zásahu používateľa, [2888], [127406],1.0.1064

Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)


(end)


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Windows\system32\tasks\fs1news not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PC
->Temp folder emptied: 26794190 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 26,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 01272017_133502

Files moved on Reboot...
File C:\Users\PC\AppData\Local\Temp\etilqs_AVdseiwCBw8OPyo not found!
File C:\Users\PC\AppData\Local\Temp\etilqs_t2ZRNaycpYkWJbc not found!
C:\Users\PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Roli]

Ešte stále vyskakujú, ale už nie v tak častých intervaloch.
Asi skúsim na tvoju radu odinštalovať a opätovne nainštalovať celý Chrome.

To udělej.


Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Pak dej vědět zda přeinstalace prohlížeče zabrala.

[seamus]

Ešte stále vyskakujú, ale už nie v tak častých intervaloch.
Asi skúsim na tvoju radu odinštalovať a opätovne nainštalovať celý Chrome.

To udělej.


Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Pak dej vědět zda přeinstalace prohlížeče zabrala.

Bohužiaľ, žiadna zmena. Ja už naozaj neviem, čo robiť ...