Dobrý den, Prosím vás, něco mi žere místo na C: Disku a nevím co s tím. Hledal jsem podobná témata zde na foru, ale nic nepomohlo. můžete mi poradit?
Přikládám Log:
-------------------------------------------------
Logfile of random's system information tool 1.16 (written by random/random)
Run by xxx at 2017-04-04 18:07:31
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 4 MB (0%) free of 52 GB
Total RAM: 3070 MB (60% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:08:24, on 4.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18616)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cmd.exe
C:\Windows\system32\conhost.exe
C:\AppCache\x86\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\xxx\Downloads\RSIT.exe
C:\Program Files\trend micro\xxx_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 0000000000
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - C:\Program Files\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Corel Update Helper] "c:\Program Files\Corel\Corel VideoStudio X9\pua.exe" /t
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [T-Mobile CManager] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [BingSvc] C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Startup: svchost.exe
O4 - Global Startup: blink.lnk = C:\Windows\blink.exe
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra 'Tools' menuitem: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: pSP2clnt - Unknown owner - C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6848 bytes
======Scheduled tasks folder======
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\Citrix\GoToMeeting\6634\g2mupdate.exe
C:\Windows\tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\Citrix\GoToMeeting\6634\g2mupload.exe
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe -check pepperplugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Reader and Acrobat Manager - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
C:\Windows\system32\tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000 - C:\Users\xxx\AppData\Local\Citrix\GoToMeeting\6634\g2mupdate.exe
C:\Windows\system32\tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000 - C:\Users\xxx\AppData\Local\Citrix\GoToMeeting\6634\g2mupload.exe
C:\Windows\system32\tasks\Game_Booster_AutoUpdate - C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe /AUTORUN
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Java(TM) Platform SE Auto Updater - C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\tasks\Razer_Game_Booster_AutoUpdate - C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe /AUTORUN
C:\Windows\system32\tasks\RealDownloader Update Check - C:\program files\real\realplayer\RealDownloader\downloader2.exe /scheduler
C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1312145065-2419162411-1920721547-1000 - C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck
C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1312145065-2419162411-1920721547-1000 - C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
C:\Windows\system32\tasks\ReclaimerUpdateFiles_xxx - C:\Users\xxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe /UpdateFiles
C:\Windows\system32\tasks\ReclaimerUpdateXML_xxx - C:\Users\xxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe /UpdateXML
C:\Windows\system32\tasks\RNUpgradeHelperLogonPrompt_xxx - C:\Users\xxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe /prompt os_boot
C:\Windows\system32\tasks\RNUpgradeHelperResumePrompt_xxx - C:\Users\xxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe /prompt os_resume
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1468393293 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\ScanSoft Background Update - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
C:\Windows\system32\tasks\{045E8A4D-3183-45A1-8DDB-13CFBBA4C7F1} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{25C17AC4-AF50-4932-8D39-346865DC629D} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{353D2A27-DFDA-41D4-97B4-E3C1792D62B4} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{3B26E2F0-E422-4582-AFE9-409E14AB94E8} - C:\Windows\system32\pcalua.exe -a C:\WINDOWS\DSDXIRMV.EXE -c C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
C:\Windows\system32\tasks\{40495B0C-BF88-436C-9B60-4EC69E7837C9} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{464C0240-FACA-45A9-93A6-F84A97C1AA1E} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{522D28DA-EC41-4F23-ACC3-A2F0A11E5EFD} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{67A418A7-34F2-48B8-867A-E76D13931164} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{7F6A9ABD-6160-45AC-9EB9-949657F2513F} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{9A44B8A5-1F40-4F5B-B16A-16F53AA5BE7D} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{D2883AB6-09B4-4981-AAF8-E695411EEC9A}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
C:\Windows\system32\tasks\{A09FBDBC-7136-4B95-9464-EC86C6488F04} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{A32FD292-6A66-4701-9541-3C6A9122D0DC} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\Xforex MetaTrader\Uninstall.exe"
C:\Windows\system32\tasks\{BD590F2E-96AE-4943-BE74-96B09062CE25} - C:\Windows\system32\pcalua.exe -a C:\Users\xxx\Downloads\guiminer-20121203.exe -d C:\Users\xxx\Downloads
C:\Windows\system32\tasks\{CA88B148-4365-485B-8F73-E0F500BACFEE} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\hMailServer\Bin\DBSetup.exe" -d "C:\Program Files\hMailServer\Bin"
C:\Windows\system32\tasks\{CAF57419-93A3-4EF1-8FE4-96AD2CE0A4B5} - C:\Windows\system32\pcalua.exe -a C:\Users\xxx\Downloads\sculptris\Sculptris.exe -d C:\Users\xxx\Downloads\sculptris
C:\Windows\system32\tasks\{D425D0BA-7460-45C3-8A7C-0CF24C0AF259} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{DD909E2E-EC27-4C4C-B529-BCD255725975} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{F1012F47-A190-4DAE-8682-F112AD54188F} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{F1A79BB9-202F-497B-AA92-DBA3683BD41A} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{F7074A63-0E06-4545-902D-18FECFA4DCF0} - C:\Windows\system32\pcalua.exe -a D:\Casino\Casino.com\casino.exe -d D:\Casino\Casino.com
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-1312145065-2419162411-1920721547-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Norton Identity Safe\Norton Error Analyzer - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe /analyze
C:\Windows\system32\tasks\Norton Identity Safe\Norton Error Processor - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe /submit
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\TabletPC\InputPersonalization - %CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate - C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
=========Mozilla firefox=========
ProfilePath - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\addons.json
C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\extensions.json
Speed Analysis 3 - extension - speedanalysis03@SpeedAnalysis.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
Zula Games - extension - zulagames@ZulaGames.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
Speed Analysis 3 - extension - speedanalysis03@SpeedAnalysis.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
Zula Games - extension - zulagames@ZulaGames.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
Site Deployment Checker - extension - deployment-checker@mozilla.org - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\features\{868623e9-c59f-489c-8515-5357f4d67671}\deployment-checker@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\features\{868623e9-c59f-489c-8515-5357f4d67671}\e10srollout@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Site Deployment Checker - extension - deployment-checker@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\pluginreg.dat
Plugin - Shockwave Flash - 25.0.0.127 - C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll
=========Google Chrome=========
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Docs 0.0.0.6
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 6.2
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.5
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension idhngdhcfkoamngbedgpaokgjbnpdiji 2 RealDownloader 1.3.3
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 7
Homepage:
default_search_provider.search_url:
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aicancafipiklohohmoognddncljhkio]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ghgmnfeamobhjmillnanbfhmkoeodooi]
"Path"=C:\Users\xxx\AppData\Local\CRE\ghgmnfeamobhjmillnanbfhmkoeodooi.crx
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"URL"=http://www.google.com/search?q={searchT ... urceid=ie7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB64792C-7080-4E2F-B393-F93B84B21279}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}]
"URL"=http://www.bing.com/search?q={searchTer ... DF&pc=MSE1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60C07B56-542E-4054-A503-4E9E08DF2F84}]
Pagealicious
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-12 716632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}]
Adblock - C:\Program Files\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll [2014-06-17 464720]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-08-09 8900328]
"Corel Update Helper"=c:\Program Files\Corel\Corel VideoStudio X9\pua.exe [2016-03-01 1490888]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2017-03-12 352648]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile CManager"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe -autorun []
"BingSvc"=C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-13 144008]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-03-03 7348440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
blink.lnk - C:\Windows\blink.exe
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{A6EADE66-0000-0000-484E-7E8A45000000}]
"StubPath"="C:\Windows\system32\Rundll32.exe" "C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.MLCY"=mlc.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"vidc.tscc"=C:\Windows\system32\tsccvid.dll
"vidc.tsc2"=C:\Windows\system32\tsc2_codec32.dll
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"msacm.dvacm_vspx9"=c:\PROGRA~1\Corel\CORELV~1\Dvacm.acm
"msacm.vorbis"=vorbis.acm
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 month======
2017-04-04 18:07:31 ----D---- C:\rsit
2017-04-04 18:07:31 ----D---- C:\Program Files\trend micro
2017-04-04 17:56:21 ----D---- C:\32788R22FWJFW
2017-04-04 16:37:17 ----D---- C:\AdwCleaner
2017-04-04 14:56:59 ----D---- C:\Program Files\CCleaner
2017-04-04 06:41:44 ----D---- C:\Users\xxx\AppData\Roaming\fxgen
2017-04-03 17:43:37 ----D---- C:\Program Files\XM MT4
2017-04-03 17:05:30 ----SHDC---- C:\AppCache
2017-03-28 11:52:59 ----D---- C:\Program Files\Guitar Pro 6
2017-03-28 10:36:05 ----D---- C:\Users\xxx\AppData\Roaming\rarunlocker
2017-03-28 10:20:41 ----D---- C:\Users\xxx\AppData\Roaming\Guitar Pro 6
2017-03-28 10:20:41 ----D---- C:\ProgramData\Guitar Pro 6
2017-03-22 10:51:18 ----D---- C:\ProgramData\CorelDRAW Graphics Suite X7
2017-03-21 10:24:44 ----D---- C:\Program Files\MetaTrader 4 Admiral Markets
2017-03-20 20:59:21 ----D---- C:\Program Files\ASIO4ALL v2
2017-03-20 20:59:13 ----D---- C:\Program Files\VstPlugins
2017-03-20 19:05:59 ----D---- C:\Program Files\Common Files\Propellerhead Software
2017-03-20 19:04:51 ----D---- C:\Users\xxx\AppData\Roaming\Image-Line
2017-03-20 18:43:32 ----D---- C:\Program Files\Image-Line
2017-03-20 12:55:48 ----D---- C:\Users\xxx\AppData\Roaming\MAGIX
2017-03-20 12:53:56 ----D---- C:\Program Files\Common Files\MAGIX Services
2017-03-15 08:04:18 ----A---- C:\Windows\system32\vbscript.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\jsproxy.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\jscript9diag.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\ieUnatt.exe
2017-03-15 08:04:18 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-03-15 08:04:18 ----A---- C:\Windows\system32\dxtmsft.dll
2017-03-15 08:04:17 ----A---- C:\Windows\system32\wininet.dll
2017-03-15 08:04:17 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 08:04:17 ----A---- C:\Windows\system32\jscript.dll
2017-03-15 08:04:17 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 08:04:16 ----A---- C:\Windows\system32\dxtrans.dll
2017-03-15 08:04:15 ----A---- C:\Windows\system32\ieui.dll
2017-03-15 08:04:14 ----A---- C:\Windows\system32\mshtmled.dll
2017-03-15 08:04:13 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-03-15 08:04:13 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-03-15 08:04:12 ----A---- C:\Windows\system32\iertutil.dll
2017-03-15 08:04:11 ----A---- C:\Windows\system32\jscript9.dll
2017-03-15 08:04:10 ----A---- C:\Windows\system32\mshtml.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\occache.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\inseng.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\iernonce.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\iedkcs32.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\ie4uinit.exe
2017-03-15 08:04:08 ----A---- C:\Windows\system32\urlmon.dll
2017-03-15 08:04:08 ----A---- C:\Windows\system32\msfeeds.dll
2017-03-15 08:04:08 ----A---- C:\Windows\system32\ieapfltr.dll
2017-03-15 08:04:07 ----A---- C:\Windows\system32\webcheck.dll
2017-03-15 08:04:07 ----A---- C:\Windows\system32\msrating.dll
2017-03-15 08:04:07 ----A---- C:\Windows\system32\iesetup.dll
2017-03-15 08:04:06 ----A---- C:\Windows\system32\ieframe.dll
2017-03-15 08:04:03 ----A---- C:\Windows\system32\win32k.sys
2017-03-15 08:04:03 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-03-15 08:04:03 ----A---- C:\Windows\system32\ntkrnlpa.exe
2017-03-15 08:04:02 ----A---- C:\Windows\system32\schannel.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\rpcrt4.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\ntdll.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\msv1_0.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\lsasrv.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\kerberos.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\FntCache.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\DWrite.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\usp10.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\rpchttp.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\msxml3.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-03-15 08:04:01 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-03-15 08:04:01 ----A---- C:\Windows\system32\advapi32.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\adtschema.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\wdigest.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\srcore.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\quartz.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\ncrypt.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\inetcomm.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\gdi32.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\drivers\srv.sys
2017-03-15 08:04:00 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-03-15 08:04:00 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-03-15 08:04:00 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-03-15 08:04:00 ----A---- C:\Windows\system32\appidsvc.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 08:04:00 ----A---- C:\Windows\HelpPane.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\WcsPlugInService.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\TSpkg.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\sspisrv.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\sspicli.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\srclient.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\smss.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\secur32.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\rstrui.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\msobjs.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\mscms.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\msaudite.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\lsass.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\INETRES.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\icm32.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\drivers\appid.sys
2017-03-15 08:03:59 ----A---- C:\Windows\system32\csrsrv.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\cryptbase.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\credssp.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\bcrypt.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\auditpol.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\appidapi.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\apisetschema.dll
2017-03-15 08:03:58 ----A---- C:\Windows\system32\msxml3r.dll
2017-03-15 08:03:58 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-03-15 08:03:58 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-03-12 16:29:26 ----D---- C:\Program Files\Mozilla Maintenance Service
2017-03-12 16:29:14 ----D---- C:\Program Files\Mozilla Firefox
2017-03-12 11:01:03 ----AC---- C:\AVScanner.ini
2017-03-11 18:42:50 ----D---- C:\Users\xxx\AppData\Roaming\Ulead Systems
2017-03-11 18:39:41 ----D---- C:\Program Files\Haali
2017-03-11 17:17:21 ----D---- C:\ProgramData\McAfee
2017-03-09 18:00:51 ----D---- C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2017-03-09 14:38:48 ----D---- C:\ProgramData\Avg
======List of files/folders modified in the last 1 month======
2017-04-04 18:07:34 ----D---- C:\Windows\temp
2017-04-04 18:07:31 ----RD---- C:\Program Files
2017-04-04 17:59:48 ----D---- C:\ProgramData
2017-04-04 17:58:51 ----D---- C:\Windows
2017-04-04 17:20:30 ----D---- C:\Windows\system32\config
2017-04-04 17:15:46 ----D---- C:\Windows\inf
2017-04-04 17:03:34 ----D---- C:\Windows\system32\Tasks
2017-04-04 17:03:34 ----D---- C:\Windows\System32
2017-04-04 16:33:06 ----D---- C:\Users\xxx\AppData\Roaming\uTorrent
2017-04-04 16:07:20 ----D---- C:\Windows\SoftwareDistribution
2017-04-04 16:04:26 ----D---- C:\Windows\system32\catroot2
2017-04-04 14:59:31 ----D---- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
2017-04-04 14:58:13 ----D---- C:\Windows\ModemLogs
2017-04-04 14:58:13 ----D---- C:\Windows\Logs
2017-04-04 14:58:13 ----D---- C:\Windows\debug
2017-04-04 14:01:07 ----D---- C:\Windows\Prefetch
2017-04-03 16:01:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-03-29 13:45:08 ----D---- C:\Users\xxx\AppData\Roaming\Corel
2017-03-29 13:05:22 ----D---- C:\Users\xxx\AppData\Roaming\Audacity
2017-03-28 11:52:42 ----SHD---- C:\Windows\Installer
2017-03-28 10:06:22 ----RSD---- C:\Windows\Fonts
2017-03-27 20:59:52 ----D---- C:\Program Files\Audacity
2017-03-24 00:29:24 ----D---- C:\Windows\Tasks
2017-03-22 11:02:32 ----D---- C:\ProgramData\Corel
2017-03-22 10:59:16 ----RSD---- C:\Windows\assembly
2017-03-22 10:58:17 ----D---- C:\Program Files\Corel
2017-03-21 04:00:20 ----D---- C:\Windows\winsxs
2017-03-20 19:05:59 ----D---- C:\Program Files\Common Files
2017-03-20 12:53:51 ----D---- C:\Windows\Help
2017-03-20 12:53:50 ----D---- C:\Program Files\Common Files\microsoft shared
2017-03-20 12:53:40 ----D---- C:\Program Files\MSXML 4.0
2017-03-15 21:16:39 ----D---- C:\Windows\rescache
2017-03-15 20:47:35 ----D---- C:\Users\xxx\AppData\Roaming\vlc
2017-03-15 18:38:52 ----D---- C:\Program Files\Microsoft Silverlight
2017-03-15 18:37:19 ----D---- C:\Program Files\Internet Explorer
2017-03-15 18:37:19 ----D---- C:\Program Files\DVD Maker
2017-03-15 18:37:18 ----D---- C:\Windows\system32\migration
2017-03-15 18:37:18 ----D---- C:\Windows\system32\inetsrv
2017-03-15 18:37:18 ----D---- C:\Windows\system32\en-US
2017-03-15 18:37:18 ----D---- C:\Windows\system32\drivers
2017-03-15 18:37:18 ----D---- C:\Windows\system32\cs-CZ
2017-03-15 18:36:20 ----D---- C:\ProgramData\Microsoft Help
2017-03-15 18:32:57 ----D---- C:\Windows\system32\MRT
2017-03-15 18:27:55 ----AC---- C:\Windows\system32\MRT.exe
2017-03-14 14:59:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-03-14 14:59:07 ----D---- C:\Windows\system32\Macromed
2017-03-13 11:00:02 ----D---- C:\Users\xxx\AppData\Roaming\Real
2017-03-12 11:09:37 ----D---- C:\Program Files\Common Files\AV
2017-03-12 11:04:35 ----D---- C:\ProgramData\Package Cache
2017-03-12 11:03:21 ----D---- C:\ProgramData\Real
2017-03-12 07:36:03 ----D---- C:\ProgramData\Norton
2017-03-12 07:17:49 ----D---- C:\Program Files\RealNetworks
2017-03-12 07:17:23 ----A---- C:\Windows\system32\rmoc3260.dll
2017-03-12 07:17:00 ----A---- C:\Windows\system32\pncrt.dll
2017-03-11 17:40:49 ----D---- C:\Program Files\WinRAR
2017-03-11 16:33:46 ----D---- C:\Program Files\7-Zip
2017-03-11 15:21:05 ----D---- C:\Users\xxx\AppData\Roaming\Seznam.cz
2017-03-11 15:20:56 ----D---- C:\Program Files\Seznam.cz
2017-03-11 15:20:43 ----D---- C:\ProgramData\Skype
2017-03-11 15:20:06 ----D---- C:\ProgramData\Tablet
2017-03-11 15:18:18 ----A---- C:\Windows\win.ini
2017-03-11 15:16:55 ----D---- C:\Windows\system32\catroot
2017-03-11 15:15:34 ----D---- C:\ProgramData\ScanSoft
2017-03-11 15:14:24 ----HD---- C:\Program Files\InstallShield Installation Information
2017-03-11 15:14:09 ----D---- C:\Program Files\PDF Editor 5
2017-03-11 15:13:28 ----D---- C:\Windows\system32\DriverStore
2017-03-11 14:16:53 ----SD---- C:\ProgramData\Microsoft
2017-03-09 17:57:08 ----D---- C:\Windows\system32\sysprep
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-07-12 60424]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-08-05 224616]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2015-01-02 320120]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-07-12 35096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-07-12 91232]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-07-12 816304]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-07-14 438296]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-07-12 34008]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-07-12 91680]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-07-12 118152]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2015-11-05 117760]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6.sys [2009-07-14 44032]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2013-03-05 1348240]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 DFX11_1;DFX Audio Enhancer 11.1; C:\Windows\system32\drivers\dfx11_1.sys [2012-12-13 24424]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys []
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-04-09 16472]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-04-09 11104]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2013-07-21 14848]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-07-21 49664]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinRing0_1_2_0;WinRing0_1_2_0; C:\Windows\system32\drivers\WinRing0_1_2_0.sys []
S3 WinUsb;CMCC USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-07-12 197128]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2015-01-10 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2015-01-10 103736]
R2 PSI_SVC_2;Corel License Validation Service V2, Powered by arvato; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-04-30 277360]
R2 pSP2clnt;pSP2clnt; C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe [2016-06-05 406016]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14 271960]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-04-13 647680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-04 103936]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-01 172488]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; %windir%\system32\svchost.exe -k iissvcs;"ServiceDll"=%windir%\system32\inetsrv\iisw3adm.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-06 1343400]
S4 AppHostSvc;Pomocná služba hostitele aplikace; %windir%\system32\svchost.exe -k apphost;"ServiceDll"=%windir%\system32\inetsrv\apphostsvc.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 W3SVC;Služba Publikování na webu; %windir%\system32\svchost.exe -k iissvcs;"ServiceDll"=%windir%\system32\inetsrv\iisw3adm.dll
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zaplněné C
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119671
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zaplněné C
Zdravím!
Možná vám to "žere" jen vaše vlastní činnost, případně aktualizace.
Spusťte tuto utilitu:
Možná vám to "žere" jen vaše vlastní činnost, případně aktualizace.
Spusťte tuto utilitu:Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zaplněné C
Tento Cleaner jsem použil dopoledne, kde to odstranilo cca 160 hrozeb, kdy jsem se pokoušel to poladit sám. Nic se ale nezměnilo. Našel jsem i ten puvodní.. Teď to našlo pouze 3 hrozby.
Přikládám oba LOGY:
----------------------------------------------------------------
1:
# AdwCleaner v6.045 - Log vytvořen 04/04/2017 v 17:04:47
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-04-03.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X86)
# Uživatelské jméno : xxx - XXX-PC
# Spuštěno z : C:\Users\xxx\Downloads\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: SecureUpdateSvc
***** [ Složky ] *****
[-] Složka smazána: C:\Users\xxx\AppData\Local\SwvUpdater
[#] Složka smazána po restartu: C:\Users\xxx\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Složka smazána: C:\Users\xxx\AppData\Local\VirtualStore\Program Files\NetMon
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\Babylon
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\HoolappforAndroid
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\Solvusoft
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\SpeedAnalysis3
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\zulagames
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\FreeVPN
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\Auslogics
[-] Složka smazána: C:\ProgramData\Babylon
[-] Složka smazána: C:\ProgramData\DSearchLink
[-] Složka smazána: C:\ProgramData\FileCure
[-] Složka smazána: C:\ProgramData\IBUpdaterService
[-] Složka smazána: C:\ProgramData\IObit\ASCDownloader
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Babylon
[#] Složka smazána po restartu: C:\ProgramData\Application Data\DSearchLink
[#] Složka smazána po restartu: C:\ProgramData\Application Data\FileCure
[#] Složka smazána po restartu: C:\ProgramData\Application Data\IBUpdaterService
[#] Složka smazána po restartu: C:\ProgramData\Application Data\IObit\ASCDownloader
[#] Složka smazána po restartu: C:\Program Files\Secure Speed Dial
[-] Složka smazána: C:\Program Files\SrpnFiles
[-] Složka smazána: C:\Program Files\Muftion
[-] Složka smazána: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater
[-] Složka smazána: C:\extensions
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\xxx\AppData\Roaming\speedanalysis.ico
[-] Soubor smazán: C:\Windows\system32\roboot.exe
[-] Soubor smazán: C:\prefs.js
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: Hoolapp For Android
[-] Úloha smazána: Hoolapp Init
***** [ Registry ] *****
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\secureupdatesvc
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Prod.cap
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Updater.AmiUpd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{B0F3F4F9-CB76-9A52-9442-B481A5FF49D3}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A836234-186C-41A0-9863-40BECDEDED9F}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}
[-] Klíč smazán: HKU\.DEFAULT\Software\DefaultTab
[-] Klíč smazán: HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán: HKU\.DEFAULT\Software\AppDataLow\Software\DefaultTab
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\APN PIP
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\ExpressFiles
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\filescout
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\ParetoLogic
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\PRODUCTSETUP
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\torch
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\csastats
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Savevid
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\INSTALLPATH\STATUS
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Auslogics
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\AppDataLow\Software\IObit Apps
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\AppDataLow\Software\Search Protection
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\LemurLeap
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\lucky leap
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\SweetIM
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\DefaultTab
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\AppDataLow\Software\DefaultTab
[#] Klíč smazán po restartu: HKCU\Software\APN PIP
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\ExpressFiles
[#] Klíč smazán po restartu: HKCU\Software\filescout
[#] Klíč smazán po restartu: HKCU\Software\ParetoLogic
[#] Klíč smazán po restartu: HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: HKCU\Software\torch
[#] Klíč smazán po restartu: HKCU\Software\csastats
[#] Klíč smazán po restartu: HKCU\Software\Savevid
[#] Klíč smazán po restartu: HKCU\Software\INSTALLPATH\STATUS
[#] Klíč smazán po restartu: HKCU\Software\Auslogics
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\IObit Apps
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\Search Protection
[-] Klíč smazán: HKLM\SOFTWARE\Babylon
[-] Klíč smazán: HKLM\SOFTWARE\ExpressFiles
[-] Klíč smazán: HKLM\SOFTWARE\ParetoLogic
[-] Klíč smazán: HKLM\SOFTWARE\torch
[-] Klíč smazán: HKLM\SOFTWARE\Uniblue
[-] Klíč smazán: HKLM\SOFTWARE\hohosearchSoftware
[-] Klíč smazán: HKLM\SOFTWARE\SrpnFiles
[-] Klíč smazán: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Data obnovena: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [AutoConfigUrl]
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{16B21F9E-8ADE-498E-B3DF-7D7E9F37103D}
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8F87812B-92F1-4232-B636-203BA95BEFBC}
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F2BD3365-6284-40E3-A323-33FC5A3F7BBD}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{16B21F9E-8ADE-498E-B3DF-7D7E9F37103D}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8F87812B-92F1-4232-B636-203BA95BEFBC}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F2BD3365-6284-40E3-A323-33FC5A3F7BBD}
[-] Klíč smazán: HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Klíč smazán: HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč smazán: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
[#] Klíč smazán po restartu: HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[#] Klíč smazán po restartu: HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč smazán: HKCU\SOFTWARE\Classes\ChromeHTML
[-] Hodnota smazána: HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[-] Hodnota smazána: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[-] Hodnota smazána: HKCU\Software\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[-] Hodnota smazána: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
***** [ Prohlížeče ] *****
[-] [C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Smazáno: hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=48&cc=
[-] [C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Smazáno: hxxp://search.conduit.com/?ctid=CT3303217&SearchSource=48&CUI=UN23502807071198918&UM=2
[-] [C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Smazáno: hxxp://www.hohosearch.com/?ts=AHEqAnEtA3UsBU.. ... mode=loadm
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [14224 Bajty] - [04/04/2017 17:04:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [13420 Bajty] - [04/04/2017 16:46:07]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [14372 Bajty] ##########
---------------------------------
2:
# AdwCleaner v6.045 - Log vytvořen 04/04/2017 v 21:43:23
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-04-04.1 [Místní]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X86)
# Uživatelské jméno : xxx - XXX-PC
# Spuštěno z : C:\Users\xxx\Downloads\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[#] Složka smazána po restartu: C:\Users\xxx\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
***** [ Soubory ] *****
Přikládám oba LOGY:
----------------------------------------------------------------
1:
# AdwCleaner v6.045 - Log vytvořen 04/04/2017 v 17:04:47
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-04-03.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X86)
# Uživatelské jméno : xxx - XXX-PC
# Spuštěno z : C:\Users\xxx\Downloads\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: SecureUpdateSvc
***** [ Složky ] *****
[-] Složka smazána: C:\Users\xxx\AppData\Local\SwvUpdater
[#] Složka smazána po restartu: C:\Users\xxx\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Složka smazána: C:\Users\xxx\AppData\Local\VirtualStore\Program Files\NetMon
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\Babylon
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\HoolappforAndroid
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\Solvusoft
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\SpeedAnalysis3
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\zulagames
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\FreeVPN
[-] Složka smazána: C:\Users\xxx\AppData\Roaming\Auslogics
[-] Složka smazána: C:\ProgramData\Babylon
[-] Složka smazána: C:\ProgramData\DSearchLink
[-] Složka smazána: C:\ProgramData\FileCure
[-] Složka smazána: C:\ProgramData\IBUpdaterService
[-] Složka smazána: C:\ProgramData\IObit\ASCDownloader
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Babylon
[#] Složka smazána po restartu: C:\ProgramData\Application Data\DSearchLink
[#] Složka smazána po restartu: C:\ProgramData\Application Data\FileCure
[#] Složka smazána po restartu: C:\ProgramData\Application Data\IBUpdaterService
[#] Složka smazána po restartu: C:\ProgramData\Application Data\IObit\ASCDownloader
[#] Složka smazána po restartu: C:\Program Files\Secure Speed Dial
[-] Složka smazána: C:\Program Files\SrpnFiles
[-] Složka smazána: C:\Program Files\Muftion
[-] Složka smazána: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater
[-] Složka smazána: C:\extensions
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\xxx\AppData\Roaming\speedanalysis.ico
[-] Soubor smazán: C:\Windows\system32\roboot.exe
[-] Soubor smazán: C:\prefs.js
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: Hoolapp For Android
[-] Úloha smazána: Hoolapp Init
***** [ Registry ] *****
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\secureupdatesvc
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Prod.cap
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Updater.AmiUpd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{B0F3F4F9-CB76-9A52-9442-B481A5FF49D3}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A836234-186C-41A0-9863-40BECDEDED9F}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}
[-] Klíč smazán: HKU\.DEFAULT\Software\DefaultTab
[-] Klíč smazán: HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán: HKU\.DEFAULT\Software\AppDataLow\Software\DefaultTab
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\APN PIP
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\ExpressFiles
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\filescout
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\ParetoLogic
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\PRODUCTSETUP
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\torch
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\csastats
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Savevid
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\INSTALLPATH\STATUS
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Auslogics
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\AppDataLow\Software\IObit Apps
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\AppDataLow\Software\Search Protection
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\LemurLeap
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\lucky leap
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\SweetIM
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\DefaultTab
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\AppDataLow\Software\DefaultTab
[#] Klíč smazán po restartu: HKCU\Software\APN PIP
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\ExpressFiles
[#] Klíč smazán po restartu: HKCU\Software\filescout
[#] Klíč smazán po restartu: HKCU\Software\ParetoLogic
[#] Klíč smazán po restartu: HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: HKCU\Software\torch
[#] Klíč smazán po restartu: HKCU\Software\csastats
[#] Klíč smazán po restartu: HKCU\Software\Savevid
[#] Klíč smazán po restartu: HKCU\Software\INSTALLPATH\STATUS
[#] Klíč smazán po restartu: HKCU\Software\Auslogics
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\IObit Apps
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\Search Protection
[-] Klíč smazán: HKLM\SOFTWARE\Babylon
[-] Klíč smazán: HKLM\SOFTWARE\ExpressFiles
[-] Klíč smazán: HKLM\SOFTWARE\ParetoLogic
[-] Klíč smazán: HKLM\SOFTWARE\torch
[-] Klíč smazán: HKLM\SOFTWARE\Uniblue
[-] Klíč smazán: HKLM\SOFTWARE\hohosearchSoftware
[-] Klíč smazán: HKLM\SOFTWARE\SrpnFiles
[-] Klíč smazán: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Data obnovena: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [AutoConfigUrl]
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{16B21F9E-8ADE-498E-B3DF-7D7E9F37103D}
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8F87812B-92F1-4232-B636-203BA95BEFBC}
[-] Klíč smazán: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F2BD3365-6284-40E3-A323-33FC5A3F7BBD}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{16B21F9E-8ADE-498E-B3DF-7D7E9F37103D}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8F87812B-92F1-4232-B636-203BA95BEFBC}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F2BD3365-6284-40E3-A323-33FC5A3F7BBD}
[-] Klíč smazán: HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Klíč smazán: HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč smazán: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
[#] Klíč smazán po restartu: HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[#] Klíč smazán po restartu: HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč smazán: HKCU\SOFTWARE\Classes\ChromeHTML
[-] Hodnota smazána: HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[-] Hodnota smazána: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[-] Hodnota smazána: HKCU\Software\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[-] Hodnota smazána: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
***** [ Prohlížeče ] *****
[-] [C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Smazáno: hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=48&cc=
[-] [C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Smazáno: hxxp://search.conduit.com/?ctid=CT3303217&SearchSource=48&CUI=UN23502807071198918&UM=2
[-] [C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Smazáno: hxxp://www.hohosearch.com/?ts=AHEqAnEtA3UsBU.. ... mode=loadm
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [14224 Bajty] - [04/04/2017 17:04:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [13420 Bajty] - [04/04/2017 16:46:07]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [14372 Bajty] ##########
---------------------------------
2:
# AdwCleaner v6.045 - Log vytvořen 04/04/2017 v 21:43:23
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-04-04.1 [Místní]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X86)
# Uživatelské jméno : xxx - XXX-PC
# Spuštěno z : C:\Users\xxx\Downloads\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[#] Složka smazána po restartu: C:\Users\xxx\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
***** [ Soubory ] *****
-
Rudy
- Site Admin
- Příspěvky: 119671
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zaplněné C
Ok. Dejte nový log RSIT po tomto ADW skenu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zaplněné C
Přikládám Log:
----------------------------------
Logfile of random's system information tool 1.16 (written by random/random)
Run by xxx at 2017-04-04 22:01:41
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1 MB (0%) free of 52 GB
Total RAM: 3070 MB (62% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:08:24, on 4.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18616)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cmd.exe
C:\Windows\system32\conhost.exe
C:\AppCache\x86\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\xxx\Downloads\RSIT.exe
C:\Program Files\trend micro\xxx_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 0000000000
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - C:\Program Files\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Corel Update Helper] "c:\Program Files\Corel\Corel VideoStudio X9\pua.exe" /t
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [T-Mobile CManager] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [BingSvc] C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Startup: svchost.exe
O4 - Global Startup: blink.lnk = C:\Windows\blink.exe
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra 'Tools' menuitem: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: pSP2clnt - Unknown owner - C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6848 bytes
======Scheduled tasks folder======
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\Citrix\GoToMeeting\6634\g2mupdate.exe
C:\Windows\tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\Citrix\GoToMeeting\6634\g2mupload.exe
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe -check pepperplugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Reader and Acrobat Manager - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
C:\Windows\system32\tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000 - C:\Users\xxx\AppData\Local\Citrix\GoToMeeting\6634\g2mupdate.exe
C:\Windows\system32\tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000 - C:\Users\xxx\AppData\Local\Citrix\GoToMeeting\6634\g2mupload.exe
C:\Windows\system32\tasks\Game_Booster_AutoUpdate - C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe /AUTORUN
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Java(TM) Platform SE Auto Updater - C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\tasks\Razer_Game_Booster_AutoUpdate - C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe /AUTORUN
C:\Windows\system32\tasks\RealDownloader Update Check - C:\program files\real\realplayer\RealDownloader\downloader2.exe /scheduler
C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1312145065-2419162411-1920721547-1000 - C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck
C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1312145065-2419162411-1920721547-1000 - C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
C:\Windows\system32\tasks\ReclaimerUpdateFiles_xxx - C:\Users\xxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe /UpdateFiles
C:\Windows\system32\tasks\ReclaimerUpdateXML_xxx - C:\Users\xxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe /UpdateXML
C:\Windows\system32\tasks\RNUpgradeHelperLogonPrompt_xxx - C:\Users\xxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe /prompt os_boot
C:\Windows\system32\tasks\RNUpgradeHelperResumePrompt_xxx - C:\Users\xxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe /prompt os_resume
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1468393293 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\ScanSoft Background Update - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
C:\Windows\system32\tasks\{045E8A4D-3183-45A1-8DDB-13CFBBA4C7F1} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{25C17AC4-AF50-4932-8D39-346865DC629D} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{353D2A27-DFDA-41D4-97B4-E3C1792D62B4} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{3B26E2F0-E422-4582-AFE9-409E14AB94E8} - C:\Windows\system32\pcalua.exe -a C:\WINDOWS\DSDXIRMV.EXE -c C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
C:\Windows\system32\tasks\{40495B0C-BF88-436C-9B60-4EC69E7837C9} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{464C0240-FACA-45A9-93A6-F84A97C1AA1E} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{522D28DA-EC41-4F23-ACC3-A2F0A11E5EFD} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{67A418A7-34F2-48B8-867A-E76D13931164} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{7F6A9ABD-6160-45AC-9EB9-949657F2513F} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{9A44B8A5-1F40-4F5B-B16A-16F53AA5BE7D} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{D2883AB6-09B4-4981-AAF8-E695411EEC9A}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
C:\Windows\system32\tasks\{A09FBDBC-7136-4B95-9464-EC86C6488F04} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{A32FD292-6A66-4701-9541-3C6A9122D0DC} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\Xforex MetaTrader\Uninstall.exe"
C:\Windows\system32\tasks\{BD590F2E-96AE-4943-BE74-96B09062CE25} - C:\Windows\system32\pcalua.exe -a C:\Users\xxx\Downloads\guiminer-20121203.exe -d C:\Users\xxx\Downloads
C:\Windows\system32\tasks\{CA88B148-4365-485B-8F73-E0F500BACFEE} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\hMailServer\Bin\DBSetup.exe" -d "C:\Program Files\hMailServer\Bin"
C:\Windows\system32\tasks\{CAF57419-93A3-4EF1-8FE4-96AD2CE0A4B5} - C:\Windows\system32\pcalua.exe -a C:\Users\xxx\Downloads\sculptris\Sculptris.exe -d C:\Users\xxx\Downloads\sculptris
C:\Windows\system32\tasks\{D425D0BA-7460-45C3-8A7C-0CF24C0AF259} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{DD909E2E-EC27-4C4C-B529-BCD255725975} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{F1012F47-A190-4DAE-8682-F112AD54188F} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{F1A79BB9-202F-497B-AA92-DBA3683BD41A} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{F7074A63-0E06-4545-902D-18FECFA4DCF0} - C:\Windows\system32\pcalua.exe -a D:\Casino\Casino.com\casino.exe -d D:\Casino\Casino.com
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-1312145065-2419162411-1920721547-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Norton Identity Safe\Norton Error Analyzer - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe /analyze
C:\Windows\system32\tasks\Norton Identity Safe\Norton Error Processor - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe /submit
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\TabletPC\InputPersonalization - %CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate - C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
=========Mozilla firefox=========
ProfilePath - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\addons.json
C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\extensions.json
Speed Analysis 3 - extension - speedanalysis03@SpeedAnalysis.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
Zula Games - extension - zulagames@ZulaGames.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
Speed Analysis 3 - extension - speedanalysis03@SpeedAnalysis.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
Zula Games - extension - zulagames@ZulaGames.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
Site Deployment Checker - extension - deployment-checker@mozilla.org - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\features\{868623e9-c59f-489c-8515-5357f4d67671}\deployment-checker@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\features\{868623e9-c59f-489c-8515-5357f4d67671}\e10srollout@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Site Deployment Checker - extension - deployment-checker@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\pluginreg.dat
Plugin - Shockwave Flash - 25.0.0.127 - C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll
=========Google Chrome=========
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Docs 0.0.0.6
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 6.2
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.5
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension idhngdhcfkoamngbedgpaokgjbnpdiji 2 RealDownloader 1.3.3
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 7
Homepage:
default_search_provider.search_url:
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aicancafipiklohohmoognddncljhkio]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ghgmnfeamobhjmillnanbfhmkoeodooi]
"Path"=C:\Users\xxx\AppData\Local\CRE\ghgmnfeamobhjmillnanbfhmkoeodooi.crx
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"URL"=http://www.google.com/search?q={searchT ... urceid=ie7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB64792C-7080-4E2F-B393-F93B84B21279}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}]
"URL"=http://www.bing.com/search?q={searchTer ... DF&pc=MSE1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60C07B56-542E-4054-A503-4E9E08DF2F84}]
Pagealicious
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-12 716632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}]
Adblock - C:\Program Files\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll [2014-06-17 464720]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-08-09 8900328]
"Corel Update Helper"=c:\Program Files\Corel\Corel VideoStudio X9\pua.exe [2016-03-01 1490888]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2017-03-12 352648]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile CManager"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe -autorun []
"BingSvc"=C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-13 144008]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-03-03 7348440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
blink.lnk - C:\Windows\blink.exe
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{A6EADE66-0000-0000-484E-7E8A45000000}]
"StubPath"="C:\Windows\system32\Rundll32.exe" "C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.MLCY"=mlc.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"vidc.tscc"=C:\Windows\system32\tsccvid.dll
"vidc.tsc2"=C:\Windows\system32\tsc2_codec32.dll
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"msacm.dvacm_vspx9"=c:\PROGRA~1\Corel\CORELV~1\Dvacm.acm
"msacm.vorbis"=vorbis.acm
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 month======
2017-04-04 18:07:31 ----D---- C:\rsit
2017-04-04 18:07:31 ----D---- C:\Program Files\trend micro
2017-04-04 17:56:21 ----D---- C:\32788R22FWJFW
2017-04-04 16:37:17 ----D---- C:\AdwCleaner
2017-04-04 14:56:59 ----D---- C:\Program Files\CCleaner
2017-04-04 06:41:44 ----D---- C:\Users\xxx\AppData\Roaming\fxgen
2017-04-03 17:43:37 ----D---- C:\Program Files\XM MT4
2017-04-03 17:05:30 ----SHDC---- C:\AppCache
2017-03-28 11:52:59 ----D---- C:\Program Files\Guitar Pro 6
2017-03-28 10:36:05 ----D---- C:\Users\xxx\AppData\Roaming\rarunlocker
2017-03-28 10:20:41 ----D---- C:\Users\xxx\AppData\Roaming\Guitar Pro 6
2017-03-28 10:20:41 ----D---- C:\ProgramData\Guitar Pro 6
2017-03-22 10:51:18 ----D---- C:\ProgramData\CorelDRAW Graphics Suite X7
2017-03-21 10:24:44 ----D---- C:\Program Files\MetaTrader 4 Admiral Markets
2017-03-20 20:59:21 ----D---- C:\Program Files\ASIO4ALL v2
2017-03-20 20:59:13 ----D---- C:\Program Files\VstPlugins
2017-03-20 19:05:59 ----D---- C:\Program Files\Common Files\Propellerhead Software
2017-03-20 19:04:51 ----D---- C:\Users\xxx\AppData\Roaming\Image-Line
2017-03-20 18:43:32 ----D---- C:\Program Files\Image-Line
2017-03-20 12:55:48 ----D---- C:\Users\xxx\AppData\Roaming\MAGIX
2017-03-20 12:53:56 ----D---- C:\Program Files\Common Files\MAGIX Services
2017-03-15 08:04:18 ----A---- C:\Windows\system32\vbscript.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\jsproxy.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\jscript9diag.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\ieUnatt.exe
2017-03-15 08:04:18 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-03-15 08:04:18 ----A---- C:\Windows\system32\dxtmsft.dll
2017-03-15 08:04:17 ----A---- C:\Windows\system32\wininet.dll
2017-03-15 08:04:17 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 08:04:17 ----A---- C:\Windows\system32\jscript.dll
2017-03-15 08:04:17 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 08:04:16 ----A---- C:\Windows\system32\dxtrans.dll
2017-03-15 08:04:15 ----A---- C:\Windows\system32\ieui.dll
2017-03-15 08:04:14 ----A---- C:\Windows\system32\mshtmled.dll
2017-03-15 08:04:13 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-03-15 08:04:13 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-03-15 08:04:12 ----A---- C:\Windows\system32\iertutil.dll
2017-03-15 08:04:11 ----A---- C:\Windows\system32\jscript9.dll
2017-03-15 08:04:10 ----A---- C:\Windows\system32\mshtml.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\occache.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\inseng.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\iernonce.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\iedkcs32.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\ie4uinit.exe
2017-03-15 08:04:08 ----A---- C:\Windows\system32\urlmon.dll
2017-03-15 08:04:08 ----A---- C:\Windows\system32\msfeeds.dll
2017-03-15 08:04:08 ----A---- C:\Windows\system32\ieapfltr.dll
2017-03-15 08:04:07 ----A---- C:\Windows\system32\webcheck.dll
2017-03-15 08:04:07 ----A---- C:\Windows\system32\msrating.dll
2017-03-15 08:04:07 ----A---- C:\Windows\system32\iesetup.dll
2017-03-15 08:04:06 ----A---- C:\Windows\system32\ieframe.dll
2017-03-15 08:04:03 ----A---- C:\Windows\system32\win32k.sys
2017-03-15 08:04:03 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-03-15 08:04:03 ----A---- C:\Windows\system32\ntkrnlpa.exe
2017-03-15 08:04:02 ----A---- C:\Windows\system32\schannel.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\rpcrt4.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\ntdll.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\msv1_0.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\lsasrv.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\kerberos.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\FntCache.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\DWrite.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\usp10.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\rpchttp.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\msxml3.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-03-15 08:04:01 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-03-15 08:04:01 ----A---- C:\Windows\system32\advapi32.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\adtschema.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\wdigest.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\srcore.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\quartz.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\ncrypt.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\inetcomm.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\gdi32.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\drivers\srv.sys
2017-03-15 08:04:00 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-03-15 08:04:00 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-03-15 08:04:00 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-03-15 08:04:00 ----A---- C:\Windows\system32\appidsvc.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 08:04:00 ----A---- C:\Windows\HelpPane.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\WcsPlugInService.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\TSpkg.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\sspisrv.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\sspicli.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\srclient.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\smss.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\secur32.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\rstrui.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\msobjs.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\mscms.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\msaudite.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\lsass.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\INETRES.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\icm32.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\drivers\appid.sys
2017-03-15 08:03:59 ----A---- C:\Windows\system32\csrsrv.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\cryptbase.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\credssp.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\bcrypt.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\auditpol.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\appidapi.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\apisetschema.dll
2017-03-15 08:03:58 ----A---- C:\Windows\system32\msxml3r.dll
2017-03-15 08:03:58 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-03-15 08:03:58 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-03-12 16:29:26 ----D---- C:\Program Files\Mozilla Maintenance Service
2017-03-12 16:29:14 ----D---- C:\Program Files\Mozilla Firefox
2017-03-12 11:01:03 ----AC---- C:\AVScanner.ini
2017-03-11 18:42:50 ----D---- C:\Users\xxx\AppData\Roaming\Ulead Systems
2017-03-11 18:39:41 ----D---- C:\Program Files\Haali
2017-03-11 17:17:21 ----D---- C:\ProgramData\McAfee
2017-03-09 18:00:51 ----D---- C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2017-03-09 14:38:48 ----D---- C:\ProgramData\Avg
======List of files/folders modified in the last 1 month======
2017-04-04 22:01:49 ----D---- C:\Windows\Prefetch
2017-04-04 22:01:47 ----D---- C:\Windows\temp
2017-04-04 21:53:55 ----D---- C:\Windows\system32\Tasks
2017-04-04 21:43:46 ----D---- C:\Windows
2017-04-04 18:07:31 ----RD---- C:\Program Files
2017-04-04 17:59:48 ----D---- C:\ProgramData
2017-04-04 17:20:30 ----D---- C:\Windows\system32\config
2017-04-04 17:15:46 ----D---- C:\Windows\inf
2017-04-04 17:03:34 ----D---- C:\Windows\System32
2017-04-04 16:33:06 ----D---- C:\Users\xxx\AppData\Roaming\uTorrent
2017-04-04 16:07:20 ----D---- C:\Windows\SoftwareDistribution
2017-04-04 16:04:26 ----D---- C:\Windows\system32\catroot2
2017-04-04 14:59:31 ----D---- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
2017-04-04 14:58:13 ----D---- C:\Windows\ModemLogs
2017-04-04 14:58:13 ----D---- C:\Windows\Logs
2017-04-04 14:58:13 ----D---- C:\Windows\debug
2017-04-03 16:01:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-03-29 13:45:08 ----D---- C:\Users\xxx\AppData\Roaming\Corel
2017-03-29 13:05:22 ----D---- C:\Users\xxx\AppData\Roaming\Audacity
2017-03-28 11:52:42 ----SHD---- C:\Windows\Installer
2017-03-28 10:06:22 ----RSD---- C:\Windows\Fonts
2017-03-27 20:59:52 ----D---- C:\Program Files\Audacity
2017-03-24 00:29:24 ----D---- C:\Windows\Tasks
2017-03-22 11:02:32 ----D---- C:\ProgramData\Corel
2017-03-22 10:59:16 ----RSD---- C:\Windows\assembly
2017-03-22 10:58:17 ----D---- C:\Program Files\Corel
2017-03-21 04:00:20 ----D---- C:\Windows\winsxs
2017-03-20 19:05:59 ----D---- C:\Program Files\Common Files
2017-03-20 12:53:51 ----D---- C:\Windows\Help
2017-03-20 12:53:50 ----D---- C:\Program Files\Common Files\microsoft shared
2017-03-20 12:53:40 ----D---- C:\Program Files\MSXML 4.0
2017-03-15 21:16:39 ----D---- C:\Windows\rescache
2017-03-15 20:47:35 ----D---- C:\Users\xxx\AppData\Roaming\vlc
2017-03-15 18:38:52 ----D---- C:\Program Files\Microsoft Silverlight
2017-03-15 18:37:19 ----D---- C:\Program Files\Internet Explorer
2017-03-15 18:37:19 ----D---- C:\Program Files\DVD Maker
2017-03-15 18:37:18 ----D---- C:\Windows\system32\migration
2017-03-15 18:37:18 ----D---- C:\Windows\system32\inetsrv
2017-03-15 18:37:18 ----D---- C:\Windows\system32\en-US
2017-03-15 18:37:18 ----D---- C:\Windows\system32\drivers
2017-03-15 18:37:18 ----D---- C:\Windows\system32\cs-CZ
2017-03-15 18:36:20 ----D---- C:\ProgramData\Microsoft Help
2017-03-15 18:32:57 ----D---- C:\Windows\system32\MRT
2017-03-15 18:27:55 ----AC---- C:\Windows\system32\MRT.exe
2017-03-14 14:59:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-03-14 14:59:07 ----D---- C:\Windows\system32\Macromed
2017-03-13 11:00:02 ----D---- C:\Users\xxx\AppData\Roaming\Real
2017-03-12 11:09:37 ----D---- C:\Program Files\Common Files\AV
2017-03-12 11:04:35 ----D---- C:\ProgramData\Package Cache
2017-03-12 11:03:21 ----D---- C:\ProgramData\Real
2017-03-12 07:36:03 ----D---- C:\ProgramData\Norton
2017-03-12 07:17:49 ----D---- C:\Program Files\RealNetworks
2017-03-12 07:17:23 ----A---- C:\Windows\system32\rmoc3260.dll
2017-03-12 07:17:00 ----A---- C:\Windows\system32\pncrt.dll
2017-03-11 17:40:49 ----D---- C:\Program Files\WinRAR
2017-03-11 16:33:46 ----D---- C:\Program Files\7-Zip
2017-03-11 15:21:05 ----D---- C:\Users\xxx\AppData\Roaming\Seznam.cz
2017-03-11 15:20:56 ----D---- C:\Program Files\Seznam.cz
2017-03-11 15:20:43 ----D---- C:\ProgramData\Skype
2017-03-11 15:20:06 ----D---- C:\ProgramData\Tablet
2017-03-11 15:18:18 ----A---- C:\Windows\win.ini
2017-03-11 15:16:55 ----D---- C:\Windows\system32\catroot
2017-03-11 15:15:34 ----D---- C:\ProgramData\ScanSoft
2017-03-11 15:14:24 ----HD---- C:\Program Files\InstallShield Installation Information
2017-03-11 15:14:09 ----D---- C:\Program Files\PDF Editor 5
2017-03-11 15:13:28 ----D---- C:\Windows\system32\DriverStore
2017-03-11 14:16:53 ----SD---- C:\ProgramData\Microsoft
2017-03-09 17:57:08 ----D---- C:\Windows\system32\sysprep
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-07-12 60424]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-08-05 224616]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2015-01-02 320120]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-07-12 35096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-07-12 91232]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-07-12 816304]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-07-14 438296]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-07-12 34008]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-07-12 91680]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-07-12 118152]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2015-11-05 117760]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6.sys [2009-07-14 44032]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2013-03-05 1348240]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 DFX11_1;DFX Audio Enhancer 11.1; C:\Windows\system32\drivers\dfx11_1.sys [2012-12-13 24424]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys []
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-04-09 16472]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-04-09 11104]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2013-07-21 14848]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-07-21 49664]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinRing0_1_2_0;WinRing0_1_2_0; C:\Windows\system32\drivers\WinRing0_1_2_0.sys []
S3 WinUsb;CMCC USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-07-12 197128]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2015-01-10 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2015-01-10 103736]
R2 PSI_SVC_2;Corel License Validation Service V2, Powered by arvato; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-04-30 277360]
R2 pSP2clnt;pSP2clnt; C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe [2016-06-05 406016]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14 271960]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-04-13 647680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-04 103936]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-01 172488]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; %windir%\system32\svchost.exe -k iissvcs;"ServiceDll"=%windir%\system32\inetsrv\iisw3adm.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-06 1343400]
S4 AppHostSvc;Pomocná služba hostitele aplikace; %windir%\system32\svchost.exe -k apphost;"ServiceDll"=%windir%\system32\inetsrv\apphostsvc.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 W3SVC;Služba Publikování na webu; %windir%\system32\svchost.exe -k iissvcs;"ServiceDll"=%windir%\system32\inetsrv\iisw3adm.dll
-----------------EOF-----------------
----------------------------------
Logfile of random's system information tool 1.16 (written by random/random)
Run by xxx at 2017-04-04 22:01:41
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1 MB (0%) free of 52 GB
Total RAM: 3070 MB (62% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:08:24, on 4.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18616)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cmd.exe
C:\Windows\system32\conhost.exe
C:\AppCache\x86\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\xxx\Downloads\RSIT.exe
C:\Program Files\trend micro\xxx_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 0000000000
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - C:\Program Files\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Corel Update Helper] "c:\Program Files\Corel\Corel VideoStudio X9\pua.exe" /t
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [T-Mobile CManager] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [BingSvc] C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Startup: svchost.exe
O4 - Global Startup: blink.lnk = C:\Windows\blink.exe
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra 'Tools' menuitem: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: pSP2clnt - Unknown owner - C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6848 bytes
======Scheduled tasks folder======
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\Citrix\GoToMeeting\6634\g2mupdate.exe
C:\Windows\tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\Citrix\GoToMeeting\6634\g2mupload.exe
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe -check pepperplugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Reader and Acrobat Manager - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
C:\Windows\system32\tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000 - C:\Users\xxx\AppData\Local\Citrix\GoToMeeting\6634\g2mupdate.exe
C:\Windows\system32\tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000 - C:\Users\xxx\AppData\Local\Citrix\GoToMeeting\6634\g2mupload.exe
C:\Windows\system32\tasks\Game_Booster_AutoUpdate - C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe /AUTORUN
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Java(TM) Platform SE Auto Updater - C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\tasks\Razer_Game_Booster_AutoUpdate - C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe /AUTORUN
C:\Windows\system32\tasks\RealDownloader Update Check - C:\program files\real\realplayer\RealDownloader\downloader2.exe /scheduler
C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1312145065-2419162411-1920721547-1000 - C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck
C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1312145065-2419162411-1920721547-1000 - C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
C:\Windows\system32\tasks\ReclaimerUpdateFiles_xxx - C:\Users\xxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe /UpdateFiles
C:\Windows\system32\tasks\ReclaimerUpdateXML_xxx - C:\Users\xxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe /UpdateXML
C:\Windows\system32\tasks\RNUpgradeHelperLogonPrompt_xxx - C:\Users\xxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe /prompt os_boot
C:\Windows\system32\tasks\RNUpgradeHelperResumePrompt_xxx - C:\Users\xxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe /prompt os_resume
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1468393293 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\ScanSoft Background Update - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
C:\Windows\system32\tasks\{045E8A4D-3183-45A1-8DDB-13CFBBA4C7F1} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{25C17AC4-AF50-4932-8D39-346865DC629D} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{353D2A27-DFDA-41D4-97B4-E3C1792D62B4} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{3B26E2F0-E422-4582-AFE9-409E14AB94E8} - C:\Windows\system32\pcalua.exe -a C:\WINDOWS\DSDXIRMV.EXE -c C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
C:\Windows\system32\tasks\{40495B0C-BF88-436C-9B60-4EC69E7837C9} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{464C0240-FACA-45A9-93A6-F84A97C1AA1E} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{522D28DA-EC41-4F23-ACC3-A2F0A11E5EFD} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{67A418A7-34F2-48B8-867A-E76D13931164} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{7F6A9ABD-6160-45AC-9EB9-949657F2513F} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{9A44B8A5-1F40-4F5B-B16A-16F53AA5BE7D} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{D2883AB6-09B4-4981-AAF8-E695411EEC9A}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
C:\Windows\system32\tasks\{A09FBDBC-7136-4B95-9464-EC86C6488F04} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{A32FD292-6A66-4701-9541-3C6A9122D0DC} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\Xforex MetaTrader\Uninstall.exe"
C:\Windows\system32\tasks\{BD590F2E-96AE-4943-BE74-96B09062CE25} - C:\Windows\system32\pcalua.exe -a C:\Users\xxx\Downloads\guiminer-20121203.exe -d C:\Users\xxx\Downloads
C:\Windows\system32\tasks\{CA88B148-4365-485B-8F73-E0F500BACFEE} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\hMailServer\Bin\DBSetup.exe" -d "C:\Program Files\hMailServer\Bin"
C:\Windows\system32\tasks\{CAF57419-93A3-4EF1-8FE4-96AD2CE0A4B5} - C:\Windows\system32\pcalua.exe -a C:\Users\xxx\Downloads\sculptris\Sculptris.exe -d C:\Users\xxx\Downloads\sculptris
C:\Windows\system32\tasks\{D425D0BA-7460-45C3-8A7C-0CF24C0AF259} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{DD909E2E-EC27-4C4C-B529-BCD255725975} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{F1012F47-A190-4DAE-8682-F112AD54188F} - C:\Program Files\Smith Micro\Poser Pro 2012\PoserPro.exe
C:\Windows\system32\tasks\{F1A79BB9-202F-497B-AA92-DBA3683BD41A} - C:\Program Files\MAXON\CINEMA 4D R14\CINEMA 4D.exe
C:\Windows\system32\tasks\{F7074A63-0E06-4545-902D-18FECFA4DCF0} - C:\Windows\system32\pcalua.exe -a D:\Casino\Casino.com\casino.exe -d D:\Casino\Casino.com
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-1312145065-2419162411-1920721547-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Norton Identity Safe\Norton Error Analyzer - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe /analyze
C:\Windows\system32\tasks\Norton Identity Safe\Norton Error Processor - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe /submit
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\TabletPC\InputPersonalization - %CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate - C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
=========Mozilla firefox=========
ProfilePath - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\addons.json
C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\extensions.json
Speed Analysis 3 - extension - speedanalysis03@SpeedAnalysis.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
Zula Games - extension - zulagames@ZulaGames.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
Speed Analysis 3 - extension - speedanalysis03@SpeedAnalysis.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
Zula Games - extension - zulagames@ZulaGames.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
Site Deployment Checker - extension - deployment-checker@mozilla.org - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\features\{868623e9-c59f-489c-8515-5357f4d67671}\deployment-checker@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\features\{868623e9-c59f-489c-8515-5357f4d67671}\e10srollout@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Site Deployment Checker - extension - deployment-checker@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\pluginreg.dat
Plugin - Shockwave Flash - 25.0.0.127 - C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll
=========Google Chrome=========
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Docs 0.0.0.6
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 6.2
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.5
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension idhngdhcfkoamngbedgpaokgjbnpdiji 2 RealDownloader 1.3.3
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 7
Homepage:
default_search_provider.search_url:
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aicancafipiklohohmoognddncljhkio]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ghgmnfeamobhjmillnanbfhmkoeodooi]
"Path"=C:\Users\xxx\AppData\Local\CRE\ghgmnfeamobhjmillnanbfhmkoeodooi.crx
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"URL"=http://www.google.com/search?q={searchT ... urceid=ie7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB64792C-7080-4E2F-B393-F93B84B21279}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}]
"URL"=http://www.bing.com/search?q={searchTer ... DF&pc=MSE1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60C07B56-542E-4054-A503-4E9E08DF2F84}]
Pagealicious
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-12 716632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}]
Adblock - C:\Program Files\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll [2014-06-17 464720]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-08-09 8900328]
"Corel Update Helper"=c:\Program Files\Corel\Corel VideoStudio X9\pua.exe [2016-03-01 1490888]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2017-03-12 352648]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile CManager"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe -autorun []
"BingSvc"=C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-13 144008]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-03-03 7348440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
blink.lnk - C:\Windows\blink.exe
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{A6EADE66-0000-0000-484E-7E8A45000000}]
"StubPath"="C:\Windows\system32\Rundll32.exe" "C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.MLCY"=mlc.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"vidc.tscc"=C:\Windows\system32\tsccvid.dll
"vidc.tsc2"=C:\Windows\system32\tsc2_codec32.dll
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"msacm.dvacm_vspx9"=c:\PROGRA~1\Corel\CORELV~1\Dvacm.acm
"msacm.vorbis"=vorbis.acm
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 month======
2017-04-04 18:07:31 ----D---- C:\rsit
2017-04-04 18:07:31 ----D---- C:\Program Files\trend micro
2017-04-04 17:56:21 ----D---- C:\32788R22FWJFW
2017-04-04 16:37:17 ----D---- C:\AdwCleaner
2017-04-04 14:56:59 ----D---- C:\Program Files\CCleaner
2017-04-04 06:41:44 ----D---- C:\Users\xxx\AppData\Roaming\fxgen
2017-04-03 17:43:37 ----D---- C:\Program Files\XM MT4
2017-04-03 17:05:30 ----SHDC---- C:\AppCache
2017-03-28 11:52:59 ----D---- C:\Program Files\Guitar Pro 6
2017-03-28 10:36:05 ----D---- C:\Users\xxx\AppData\Roaming\rarunlocker
2017-03-28 10:20:41 ----D---- C:\Users\xxx\AppData\Roaming\Guitar Pro 6
2017-03-28 10:20:41 ----D---- C:\ProgramData\Guitar Pro 6
2017-03-22 10:51:18 ----D---- C:\ProgramData\CorelDRAW Graphics Suite X7
2017-03-21 10:24:44 ----D---- C:\Program Files\MetaTrader 4 Admiral Markets
2017-03-20 20:59:21 ----D---- C:\Program Files\ASIO4ALL v2
2017-03-20 20:59:13 ----D---- C:\Program Files\VstPlugins
2017-03-20 19:05:59 ----D---- C:\Program Files\Common Files\Propellerhead Software
2017-03-20 19:04:51 ----D---- C:\Users\xxx\AppData\Roaming\Image-Line
2017-03-20 18:43:32 ----D---- C:\Program Files\Image-Line
2017-03-20 12:55:48 ----D---- C:\Users\xxx\AppData\Roaming\MAGIX
2017-03-20 12:53:56 ----D---- C:\Program Files\Common Files\MAGIX Services
2017-03-15 08:04:18 ----A---- C:\Windows\system32\vbscript.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\jsproxy.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\jscript9diag.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\ieUnatt.exe
2017-03-15 08:04:18 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-03-15 08:04:18 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-03-15 08:04:18 ----A---- C:\Windows\system32\dxtmsft.dll
2017-03-15 08:04:17 ----A---- C:\Windows\system32\wininet.dll
2017-03-15 08:04:17 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 08:04:17 ----A---- C:\Windows\system32\jscript.dll
2017-03-15 08:04:17 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 08:04:16 ----A---- C:\Windows\system32\dxtrans.dll
2017-03-15 08:04:15 ----A---- C:\Windows\system32\ieui.dll
2017-03-15 08:04:14 ----A---- C:\Windows\system32\mshtmled.dll
2017-03-15 08:04:13 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-03-15 08:04:13 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-03-15 08:04:12 ----A---- C:\Windows\system32\iertutil.dll
2017-03-15 08:04:11 ----A---- C:\Windows\system32\jscript9.dll
2017-03-15 08:04:10 ----A---- C:\Windows\system32\mshtml.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\occache.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\inseng.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\iernonce.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\iedkcs32.dll
2017-03-15 08:04:09 ----A---- C:\Windows\system32\ie4uinit.exe
2017-03-15 08:04:08 ----A---- C:\Windows\system32\urlmon.dll
2017-03-15 08:04:08 ----A---- C:\Windows\system32\msfeeds.dll
2017-03-15 08:04:08 ----A---- C:\Windows\system32\ieapfltr.dll
2017-03-15 08:04:07 ----A---- C:\Windows\system32\webcheck.dll
2017-03-15 08:04:07 ----A---- C:\Windows\system32\msrating.dll
2017-03-15 08:04:07 ----A---- C:\Windows\system32\iesetup.dll
2017-03-15 08:04:06 ----A---- C:\Windows\system32\ieframe.dll
2017-03-15 08:04:03 ----A---- C:\Windows\system32\win32k.sys
2017-03-15 08:04:03 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-03-15 08:04:03 ----A---- C:\Windows\system32\ntkrnlpa.exe
2017-03-15 08:04:02 ----A---- C:\Windows\system32\schannel.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\rpcrt4.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\ntdll.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\msv1_0.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\lsasrv.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\kerberos.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\FntCache.dll
2017-03-15 08:04:02 ----A---- C:\Windows\system32\DWrite.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\usp10.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\rpchttp.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\msxml3.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-03-15 08:04:01 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-03-15 08:04:01 ----A---- C:\Windows\system32\advapi32.dll
2017-03-15 08:04:01 ----A---- C:\Windows\system32\adtschema.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\wdigest.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\srcore.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\quartz.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\ncrypt.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\inetcomm.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\gdi32.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\drivers\srv.sys
2017-03-15 08:04:00 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-03-15 08:04:00 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-03-15 08:04:00 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-03-15 08:04:00 ----A---- C:\Windows\system32\appidsvc.dll
2017-03-15 08:04:00 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 08:04:00 ----A---- C:\Windows\HelpPane.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\WcsPlugInService.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\TSpkg.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\sspisrv.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\sspicli.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\srclient.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\smss.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\secur32.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\rstrui.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\msobjs.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\mscms.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\msaudite.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\lsass.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\INETRES.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\icm32.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\drivers\appid.sys
2017-03-15 08:03:59 ----A---- C:\Windows\system32\csrsrv.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\cryptbase.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\credssp.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\bcrypt.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\auditpol.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 08:03:59 ----A---- C:\Windows\system32\appidapi.dll
2017-03-15 08:03:59 ----A---- C:\Windows\system32\apisetschema.dll
2017-03-15 08:03:58 ----A---- C:\Windows\system32\msxml3r.dll
2017-03-15 08:03:58 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-03-15 08:03:58 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-03-12 16:29:26 ----D---- C:\Program Files\Mozilla Maintenance Service
2017-03-12 16:29:14 ----D---- C:\Program Files\Mozilla Firefox
2017-03-12 11:01:03 ----AC---- C:\AVScanner.ini
2017-03-11 18:42:50 ----D---- C:\Users\xxx\AppData\Roaming\Ulead Systems
2017-03-11 18:39:41 ----D---- C:\Program Files\Haali
2017-03-11 17:17:21 ----D---- C:\ProgramData\McAfee
2017-03-09 18:00:51 ----D---- C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2017-03-09 14:38:48 ----D---- C:\ProgramData\Avg
======List of files/folders modified in the last 1 month======
2017-04-04 22:01:49 ----D---- C:\Windows\Prefetch
2017-04-04 22:01:47 ----D---- C:\Windows\temp
2017-04-04 21:53:55 ----D---- C:\Windows\system32\Tasks
2017-04-04 21:43:46 ----D---- C:\Windows
2017-04-04 18:07:31 ----RD---- C:\Program Files
2017-04-04 17:59:48 ----D---- C:\ProgramData
2017-04-04 17:20:30 ----D---- C:\Windows\system32\config
2017-04-04 17:15:46 ----D---- C:\Windows\inf
2017-04-04 17:03:34 ----D---- C:\Windows\System32
2017-04-04 16:33:06 ----D---- C:\Users\xxx\AppData\Roaming\uTorrent
2017-04-04 16:07:20 ----D---- C:\Windows\SoftwareDistribution
2017-04-04 16:04:26 ----D---- C:\Windows\system32\catroot2
2017-04-04 14:59:31 ----D---- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
2017-04-04 14:58:13 ----D---- C:\Windows\ModemLogs
2017-04-04 14:58:13 ----D---- C:\Windows\Logs
2017-04-04 14:58:13 ----D---- C:\Windows\debug
2017-04-03 16:01:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-03-29 13:45:08 ----D---- C:\Users\xxx\AppData\Roaming\Corel
2017-03-29 13:05:22 ----D---- C:\Users\xxx\AppData\Roaming\Audacity
2017-03-28 11:52:42 ----SHD---- C:\Windows\Installer
2017-03-28 10:06:22 ----RSD---- C:\Windows\Fonts
2017-03-27 20:59:52 ----D---- C:\Program Files\Audacity
2017-03-24 00:29:24 ----D---- C:\Windows\Tasks
2017-03-22 11:02:32 ----D---- C:\ProgramData\Corel
2017-03-22 10:59:16 ----RSD---- C:\Windows\assembly
2017-03-22 10:58:17 ----D---- C:\Program Files\Corel
2017-03-21 04:00:20 ----D---- C:\Windows\winsxs
2017-03-20 19:05:59 ----D---- C:\Program Files\Common Files
2017-03-20 12:53:51 ----D---- C:\Windows\Help
2017-03-20 12:53:50 ----D---- C:\Program Files\Common Files\microsoft shared
2017-03-20 12:53:40 ----D---- C:\Program Files\MSXML 4.0
2017-03-15 21:16:39 ----D---- C:\Windows\rescache
2017-03-15 20:47:35 ----D---- C:\Users\xxx\AppData\Roaming\vlc
2017-03-15 18:38:52 ----D---- C:\Program Files\Microsoft Silverlight
2017-03-15 18:37:19 ----D---- C:\Program Files\Internet Explorer
2017-03-15 18:37:19 ----D---- C:\Program Files\DVD Maker
2017-03-15 18:37:18 ----D---- C:\Windows\system32\migration
2017-03-15 18:37:18 ----D---- C:\Windows\system32\inetsrv
2017-03-15 18:37:18 ----D---- C:\Windows\system32\en-US
2017-03-15 18:37:18 ----D---- C:\Windows\system32\drivers
2017-03-15 18:37:18 ----D---- C:\Windows\system32\cs-CZ
2017-03-15 18:36:20 ----D---- C:\ProgramData\Microsoft Help
2017-03-15 18:32:57 ----D---- C:\Windows\system32\MRT
2017-03-15 18:27:55 ----AC---- C:\Windows\system32\MRT.exe
2017-03-14 14:59:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-03-14 14:59:07 ----D---- C:\Windows\system32\Macromed
2017-03-13 11:00:02 ----D---- C:\Users\xxx\AppData\Roaming\Real
2017-03-12 11:09:37 ----D---- C:\Program Files\Common Files\AV
2017-03-12 11:04:35 ----D---- C:\ProgramData\Package Cache
2017-03-12 11:03:21 ----D---- C:\ProgramData\Real
2017-03-12 07:36:03 ----D---- C:\ProgramData\Norton
2017-03-12 07:17:49 ----D---- C:\Program Files\RealNetworks
2017-03-12 07:17:23 ----A---- C:\Windows\system32\rmoc3260.dll
2017-03-12 07:17:00 ----A---- C:\Windows\system32\pncrt.dll
2017-03-11 17:40:49 ----D---- C:\Program Files\WinRAR
2017-03-11 16:33:46 ----D---- C:\Program Files\7-Zip
2017-03-11 15:21:05 ----D---- C:\Users\xxx\AppData\Roaming\Seznam.cz
2017-03-11 15:20:56 ----D---- C:\Program Files\Seznam.cz
2017-03-11 15:20:43 ----D---- C:\ProgramData\Skype
2017-03-11 15:20:06 ----D---- C:\ProgramData\Tablet
2017-03-11 15:18:18 ----A---- C:\Windows\win.ini
2017-03-11 15:16:55 ----D---- C:\Windows\system32\catroot
2017-03-11 15:15:34 ----D---- C:\ProgramData\ScanSoft
2017-03-11 15:14:24 ----HD---- C:\Program Files\InstallShield Installation Information
2017-03-11 15:14:09 ----D---- C:\Program Files\PDF Editor 5
2017-03-11 15:13:28 ----D---- C:\Windows\system32\DriverStore
2017-03-11 14:16:53 ----SD---- C:\ProgramData\Microsoft
2017-03-09 17:57:08 ----D---- C:\Windows\system32\sysprep
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-07-12 60424]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-08-05 224616]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2015-01-02 320120]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-07-12 35096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-07-12 91232]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-07-12 816304]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-07-14 438296]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-07-12 34008]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-07-12 91680]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-07-12 118152]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2015-11-05 117760]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6.sys [2009-07-14 44032]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2013-03-05 1348240]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 DFX11_1;DFX Audio Enhancer 11.1; C:\Windows\system32\drivers\dfx11_1.sys [2012-12-13 24424]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys []
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-04-09 16472]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-04-09 11104]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2013-07-21 14848]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-07-21 49664]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinRing0_1_2_0;WinRing0_1_2_0; C:\Windows\system32\drivers\WinRing0_1_2_0.sys []
S3 WinUsb;CMCC USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-07-12 197128]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2015-01-10 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2015-01-10 103736]
R2 PSI_SVC_2;Corel License Validation Service V2, Powered by arvato; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-04-30 277360]
R2 pSP2clnt;pSP2clnt; C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe [2016-06-05 406016]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14 271960]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-04-13 647680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-04 103936]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-01 172488]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; %windir%\system32\svchost.exe -k iissvcs;"ServiceDll"=%windir%\system32\inetsrv\iisw3adm.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-06 1343400]
S4 AppHostSvc;Pomocná služba hostitele aplikace; %windir%\system32\svchost.exe -k apphost;"ServiceDll"=%windir%\system32\inetsrv\apphostsvc.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 W3SVC;Služba Publikování na webu; %windir%\system32\svchost.exe -k iissvcs;"ServiceDll"=%windir%\system32\inetsrv\iisw3adm.dll
-----------------EOF-----------------
Re: Zaplněné C
zaskocim:
pokial sa objavi Rudy otestuj subor C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe na www.virustotal.com vysledky vloz
pokial sa objavi Rudy otestuj subor C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe na www.virustotal.com vysledky vloz
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Zaplněné C
Hlásí mi to, že soubou nebyl nalezen.
Nevím co s tím, když ho v PC nemám...
Nevím co s tím, když ho v PC nemám...
Re: Zaplněné C
nesnaz sa k tomu suboru preklikat, len vloz cez Ctrl+V do okna subor s cestou a daj testovat
v poslednom logu existoval
v poslednom logu existoval
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Zaplněné C
Prostě mi to hlásí že neexistuje...
- Přílohy
-
- Screenshot - 5.4.png (8.67 KiB) Zobrazeno 2962 x
Re: Zaplněné C
skusime inac
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>
•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>
Kód: Vybrat vše
Start
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - (no file)
EmptyTemp:
Reboot:
End
•Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txtFRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Zaplněné C
Přikládám LOG:
----------------------------------------
Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by xxx (05-04-2017 09:29:23) Run:1
Running from C:\Users\xxx\Desktop
Loaded Profiles: xxx (Available Profiles: xxx)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - (no file)
EmptyTemp:
Reboot:
End
*****************
"C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file) => key not found.
HKCR\CLSID\O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file) => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - (no file) => key not found.
HKCR\CLSID\O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - (no file) => key not found.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1582180 B
Java, Flash, Steam htmlcache => 595 B
Windows/system/drivers => 1761014 B
Edge => 0 B
Chrome => 32007175 B
Firefox => 12142986 B
Opera => 575488 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 35656 B
LocalService => 0 B
NetworkService => 70938 B
xxx => 8064605 B
DefaultAppPool => 0 B
RecycleBin => 0 B
EmptyTemp: => 61.6 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:30:24 ====
----------------------------------------
Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by xxx (05-04-2017 09:29:23) Run:1
Running from C:\Users\xxx\Desktop
Loaded Profiles: xxx (Available Profiles: xxx)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - (no file)
EmptyTemp:
Reboot:
End
*****************
"C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file) => key not found.
HKCR\CLSID\O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file) => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - (no file) => key not found.
HKCR\CLSID\O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - (no file) => key not found.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1582180 B
Java, Flash, Steam htmlcache => 595 B
Windows/system/drivers => 1761014 B
Edge => 0 B
Chrome => 32007175 B
Firefox => 12142986 B
Opera => 575488 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 35656 B
LocalService => 0 B
NetworkService => 70938 B
xxx => 8064605 B
DefaultAppPool => 0 B
RecycleBin => 0 B
EmptyTemp: => 61.6 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:30:24 ====
Re: Zaplněné C
subor zmizol vloz aktualny log FRST
vloz aktualny log FRSTFRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Zaplněné C
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by xxx (administrator) on XXX-PC (05-04-2017 09:25:36)
Running from C:\Users\xxx\Desktop
Loaded Profiles: xxx (Available Profiles: xxx)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PnkBstrB.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(© 2015 Microsoft Corporation) C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(DonationCoder) C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-09] (AVAST Software)
HKLM\...\Run: [Corel Update Helper] => c:\Program Files\Corel\Corel VideoStudio X9\pua.exe [1490888 2016-03-01] (Corel Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [352648 2017-03-12] (RealNetworks, Inc.)
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [T-Mobile CManager] => "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [BingSvc] => C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-13] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7348440 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\PROGRA~1\IBOARD\VBSScz\VBSS.scr
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-07-12] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\blink.lnk [2013-10-07]
ShortcutTarget: blink.lnk -> C:\Windows\blink.exe (Windows System Linker)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2014-06-30]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1312145065-2419162411-1920721547-1000] => Proxy is enabled.
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{2E2CA668-3954-42A5-8580-8AA5A06568D4}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6A79F534-6E4C-4533-B798-86BCF15AA33F}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{8CA8A9CA-8205-4B60-8176-9A92B0F038A8}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{EB6A1488-3FA0-4333-A0C5-FD040CD14269}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131082184119257812&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {80D05449-5284-4329-B3EA-E9FF6F1A8BB9} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {AB64792C-7080-4E2F-B393-F93B84B21279} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: No Name -> {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} -> No File
BHO: Pagealicious -> {60C07B56-542E-4054-A503-4E9E08DF2F84} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-12] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
BHO: Adblock -> {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} -> C:\Program Files\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll [2014-06-17] (Adblock)
Toolbar: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: q47now0d.default
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default [2017-04-05]
FF Extension: (Site Deployment Checker) - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\features\{868623e9-c59f-489c-8515-5357f4d67671}\deployment-checker@mozilla.org.xpi [2017-03-31]
FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1312145065-2419162411-1920721547-1000: @citrixonline.com/appdetectorplugin -> C:\Users\xxx\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-22] (Citrix Online)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-04] <==== ATTENTION
CHR Extension: (Prezentace Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-19]
CHR Extension: (Dokumenty Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-19]
CHR Extension: (Disk Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-19]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-19]
CHR Extension: (Vyhledávání Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-19]
CHR Extension: (Tabulky Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-19]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-19]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-04-04] <==== ATTENTION
CHR Extension: (Quick Searcher) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-05-17]
CHR Extension: (Telegram) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2016-02-11]
CHR Extension: (Facebook Power Editor) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\djicncbfodbeijpfpjjojkfhgbpjnlih [2013-12-22]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-08-06]
CHR Extension: (Avast Online Security) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-07]
CHR Extension: (Visual Search for Facebook) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\jeckllnpecnifhjomogoikfhiiflfpal [2013-12-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default [2017-04-05]
CHR Extension: (Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-11]
CHR Extension: (Disk Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-11]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-11]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-11]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-04]
CHR Extension: (Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-11]
CHR Extension: (Disk Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-11]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-11]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-11]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-04]
CHR Extension: (Quick Searcher) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-05-17]
CHR HKLM\...\Chrome\Extension: [aicancafipiklohohmoognddncljhkio] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [ghgmnfeamobhjmillnanbfhmkoeodooi] - C:\Users\xxx\AppData\Local\CRE\ghgmnfeamobhjmillnanbfhmkoeodooi.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aicancafipiklohohmoognddncljhkio] - <no Path/update_url>
CHR HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ghgmnfeamobhjmillnanbfhmkoeodooi] - C:\Users\xxx\AppData\Local\CRE\ghgmnfeamobhjmillnanbfhmkoeodooi.crx <not found>
Opera:
=======
OPR Extension: (Quick Searcher) - C:\Users\xxx\AppData\Roaming\Opera Software\Opera Stable\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-05-17]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-12] (AVAST Software)
S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2013-04-13] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2015-01-10] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [103736 2015-01-10] ()
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 pSP2clnt; C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe [406016 2016-06-05] () [File not signed]
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-07-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-07-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-07-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-07-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-07-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [438296 2016-07-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118152 2016-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2012-12-13] (Windows (R) Win 7 DDK provider)
S3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [43520 2008-09-22] (VIA Technologies, Inc. ) [File not signed]
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. )
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-04-09] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-05] (Realtek Semiconductor Corporation )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2015-01-02] (Duplex Secure Ltd.)
U3 a9v3qj89; C:\Windows\system32\Drivers\a9v3qj89.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]
S3 vhidmini; system32\DRIVERS\walvhid.sys [X]
S3 WinRing0_1_2_0; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-05 09:25 - 2017-04-05 09:26 - 00019954 _____ C:\Users\xxx\Desktop\FRST.txt
2017-04-05 09:25 - 2017-04-05 09:25 - 00000000 ____D C:\FRST
2017-04-05 09:24 - 2017-04-05 09:24 - 00000274 _____ C:\Users\xxx\Desktop\fixlist.txt
2017-04-05 09:18 - 2017-04-05 09:18 - 01766912 _____ (Farbar) C:\Users\xxx\Desktop\FRST.exe
2017-04-04 18:07 - 2017-04-04 22:01 - 00000000 ____D C:\Program Files\trend micro
2017-04-04 18:07 - 2017-04-04 18:08 - 00000000 ____D C:\rsit
2017-04-04 18:07 - 2017-04-04 18:07 - 01206272 _____ C:\Users\xxx\Desktop\RSIT.exe
2017-04-04 17:56 - 2017-04-04 18:01 - 00000000 ____D C:\32788R22FWJFW
2017-04-04 17:55 - 2017-04-04 17:56 - 05660310 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2017-04-04 16:37 - 2017-04-04 21:43 - 00000000 ____D C:\AdwCleaner
2017-04-04 16:14 - 2017-04-04 16:14 - 00000000 ____D C:\Users\xxx\AppData\Local\ESET
2017-04-04 14:57 - 2017-04-04 14:57 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-04 14:57 - 2017-04-04 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-04 14:56 - 2017-04-04 14:57 - 00000000 ____D C:\Program Files\CCleaner
2017-04-04 10:20 - 2017-04-04 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxPro - MetaTrader
2017-04-04 06:41 - 2017-04-04 16:35 - 00000000 ____D C:\Users\xxx\AppData\Roaming\fxgen
2017-04-03 17:43 - 2017-04-03 17:43 - 00001815 _____ C:\Users\Public\Desktop\XM MT4.lnk
2017-04-03 17:43 - 2017-04-03 17:43 - 00000000 ____D C:\Program Files\XM MT4
2017-04-03 17:05 - 2017-04-03 17:05 - 00000000 _SHDC C:\AppCache
2017-04-03 14:12 - 2017-04-03 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XM MT4
2017-03-31 09:36 - 2017-03-31 09:36 - 00000000 ____D C:\Users\xxx\Documents\Moje palety
2017-03-28 11:55 - 2017-03-28 11:55 - 00001002 _____ C:\Users\xxx\Desktop\GuitarPro6.lnk
2017-03-28 11:53 - 2017-03-28 11:53 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
2017-03-28 11:52 - 2017-03-28 11:53 - 00000000 ____D C:\Program Files\Guitar Pro 6
2017-03-28 10:49 - 2017-03-28 10:49 - 00000000 ____D C:\Users\xxx\AppData\Local\bestx_software
2017-03-28 10:42 - 2017-03-28 10:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate ZIP Cracker Trial
2017-03-28 10:36 - 2017-03-28 11:25 - 00000000 ____D C:\Users\xxx\AppData\Roaming\rarunlocker
2017-03-28 10:20 - 2017-03-29 09:21 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Guitar Pro 6
2017-03-28 10:20 - 2017-03-28 10:20 - 00000000 ____D C:\ProgramData\Guitar Pro 6
2017-03-27 20:59 - 2017-03-27 20:59 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-03-27 20:59 - 2017-03-27 20:59 - 00000969 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-03-27 20:57 - 2017-03-27 20:57 - 00000000 ____D C:\Users\xxx\AppData\Local\Audacity
2017-03-22 11:01 - 2017-03-22 10:58 - 00002771 _____ C:\Users\Public\Desktop\CorelDRAW X7.lnk
2017-03-22 10:58 - 2017-03-22 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7
2017-03-22 10:51 - 2017-03-22 11:01 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7
2017-03-21 10:24 - 2017-03-24 10:20 - 00000000 ____D C:\Program Files\MetaTrader 4 Admiral Markets
2017-03-21 10:24 - 2017-03-21 10:24 - 00002015 _____ C:\Users\Public\Desktop\Admiral Markets.lnk
2017-03-21 10:24 - 2017-03-21 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 4 Admiral Markets
2017-03-20 20:59 - 2017-03-20 20:59 - 00001978 _____ C:\Users\xxx\Desktop\FL Studio 12.lnk
2017-03-20 20:59 - 2017-03-20 20:59 - 00000000 ____D C:\Program Files\VstPlugins
2017-03-20 20:59 - 2017-03-20 20:59 - 00000000 ____D C:\Program Files\ASIO4ALL v2
2017-03-20 19:06 - 2017-03-20 19:06 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-03-20 19:05 - 2017-03-20 19:05 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2017-03-20 19:04 - 2017-03-20 20:58 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-03-20 19:04 - 2017-03-20 19:04 - 00000000 ____D C:\Users\xxx\Documents\Image-Line
2017-03-20 19:04 - 2017-03-20 19:04 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Image-Line
2017-03-20 19:04 - 2017-03-20 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-03-20 18:43 - 2017-03-20 20:59 - 00000000 ____D C:\Program Files\Image-Line
2017-03-20 13:00 - 2017-03-20 13:00 - 00000000 ____D C:\Users\xxx\AppData\Local\Zynaptiq
2017-03-20 12:55 - 2017-03-20 13:01 - 00000000 ____D C:\Users\xxx\AppData\Roaming\MAGIX
2017-03-20 12:55 - 2017-03-20 12:55 - 00000000 ____D C:\Users\xxx\AppData\Local\Xara
2017-03-20 12:53 - 2017-03-20 18:10 - 00000000 ____D C:\Program Files\Common Files\MAGIX Services
2017-03-15 08:04 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 08:04 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 08:04 - 2017-03-04 05:28 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 08:04 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 08:04 - 2017-03-02 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 08:04 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 08:04 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 08:04 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 08:04 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 08:04 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 08:04 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 08:04 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 08:04 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 08:04 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 08:04 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 08:04 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 08:04 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 08:04 - 2017-03-02 19:44 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 08:04 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 08:04 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 08:04 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 08:04 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 08:04 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 08:04 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 08:04 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 08:04 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 08:04 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 08:04 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 08:04 - 2017-03-02 19:19 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 08:04 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 08:04 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 08:04 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 08:04 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 08:04 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 08:04 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 08:04 - 2017-02-11 17:50 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 08:04 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 08:04 - 2017-02-10 18:17 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 08:04 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 08:04 - 2017-02-10 16:33 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 08:04 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-03-15 08:04 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 08:04 - 2017-02-09 18:19 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 08:04 - 2017-02-09 18:19 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 08:04 - 2017-02-09 18:16 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 08:04 - 2017-02-09 17:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 08:04 - 2017-02-09 17:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 08:04 - 2017-02-09 17:52 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 08:04 - 2017-02-09 17:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 08:04 - 2017-02-09 17:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 08:04 - 2017-02-09 17:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 08:04 - 2017-02-06 18:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 08:04 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 08:04 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 08:04 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 08:03 - 2017-02-11 17:50 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 08:03 - 2017-02-11 17:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 08:03 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 08:03 - 2017-02-09 17:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 08:03 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 08:03 - 2017-02-09 17:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 08:03 - 2017-02-09 17:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 08:03 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 08:03 - 2017-02-09 17:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 08:03 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 08:03 - 2017-02-09 17:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 08:03 - 2017-02-09 17:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 08:03 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 08:03 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-13 15:00 - 2017-03-13 15:00 - 00000000 ____D C:\Users\xxx\AppData\Local\Macromedia
2017-03-12 16:29 - 2017-04-05 09:23 - 00000000 ____D C:\Users\xxx\AppData\LocalLow\Mozilla
2017-03-12 16:29 - 2017-04-02 16:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-12 16:29 - 2017-04-02 16:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-12 16:29 - 2017-03-12 16:38 - 00000000 ____D C:\Users\xxx\AppData\Local\Mozilla
2017-03-12 16:29 - 2017-03-12 16:29 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-12 16:29 - 2017-03-12 16:29 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-12 11:01 - 2017-03-12 10:53 - 00000030 ____C C:\AVScanner.ini
2017-03-12 09:39 - 2017-03-12 09:39 - 00000000 ____D C:\Users\xxx\.cache
2017-03-12 07:19 - 2017-03-12 07:19 - 00000000 ____D C:\Users\xxx\AppData\Local\CrashRpt
2017-03-11 21:24 - 2017-03-11 21:24 - 00001160 _____ C:\Users\xxx\Desktop\Format Factory.lnk
2017-03-11 21:24 - 2017-03-11 21:24 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2017-03-11 18:44 - 2017-03-16 16:56 - 00000000 ____D C:\Users\xxx\Documents\Corel VideoStudio Pro
2017-03-11 18:42 - 2017-03-13 14:19 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Ulead Systems
2017-03-11 18:39 - 2017-03-11 18:39 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2017-03-11 18:39 - 2017-03-11 18:39 - 00000000 ____D C:\Program Files\Haali
2017-03-11 18:34 - 2017-03-11 18:34 - 00000988 _____ C:\Users\Public\Desktop\Video Studio.lnk
2017-03-11 18:34 - 2017-03-11 18:34 - 00000983 _____ C:\Users\Public\Desktop\Screen Cap.lnk
2017-03-11 18:34 - 2017-03-11 18:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio X9
2017-03-11 17:40 - 2017-03-11 17:40 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-11 17:40 - 2017-03-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-11 17:17 - 2017-03-12 11:09 - 00000000 ____D C:\ProgramData\McAfee
2017-03-11 16:33 - 2017-03-11 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-03-09 18:00 - 2017-03-09 18:00 - 00000000 ____D C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2017-03-09 17:50 - 2017-03-09 17:50 - 00262144 _____ C:\Users\DefaultAppPool\ntuser.man
2017-03-09 14:38 - 2017-03-11 15:01 - 00000000 ____D C:\ProgramData\Avg
2017-03-09 14:38 - 2017-03-11 15:00 - 00000000 ____D C:\Users\xxx\AppData\Local\AvgSetupLog
2017-03-09 14:38 - 2017-03-09 17:48 - 00000000 ____D C:\Users\xxx\AppData\Local\Avg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-05 09:06 - 2015-06-18 10:06 - 00000646 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job
2017-04-05 08:49 - 2014-07-22 15:28 - 00000550 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job
2017-04-04 21:54 - 2013-07-17 22:36 - 00000000 ____D C:\Users\xxx\AppData\Local\CrashDumps
2017-04-04 21:51 - 2009-07-14 06:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-04 21:51 - 2009-07-14 06:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-04 21:44 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-04 17:46 - 2009-07-14 06:53 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-04 17:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-04-04 16:33 - 2013-07-27 14:04 - 00000000 ____D C:\Users\xxx\AppData\Roaming\uTorrent
2017-04-04 16:28 - 2013-07-28 14:19 - 00000000 ____D C:\Users\xxx\AppData\LocalLow\SecurePlugin
2017-04-04 14:59 - 2013-03-11 22:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
2017-04-04 14:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\ModemLogs
2017-04-03 16:01 - 2013-03-06 17:31 - 01670520 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-03 16:01 - 2009-07-14 10:44 - 00702688 _____ C:\Windows\system32\perfh005.dat
2017-04-03 16:01 - 2009-07-14 10:44 - 00152446 _____ C:\Windows\system32\perfc005.dat
2017-03-29 13:45 - 2013-09-23 16:31 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Corel
2017-03-29 13:05 - 2013-03-24 22:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Audacity
2017-03-28 12:59 - 2013-09-22 08:49 - 04209736 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-28 10:06 - 2013-09-30 11:48 - 00293040 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2017-03-27 20:59 - 2013-03-24 22:15 - 00000000 ____D C:\Program Files\Audacity
2017-03-22 11:02 - 2016-06-05 19:08 - 00000000 ____D C:\ProgramData\Corel
2017-03-22 10:59 - 2016-06-05 14:24 - 00000000 ____D C:\Users\Public\Documents\Corel
2017-03-22 10:58 - 2016-06-05 19:07 - 00000000 ____D C:\Program Files\Corel
2017-03-20 12:53 - 2013-03-30 01:52 - 00000000 ____D C:\Program Files\MSXML 4.0
2017-03-20 12:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2017-03-20 12:53 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-15 21:16 - 2015-09-10 09:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 20:47 - 2013-03-12 13:51 - 00000000 ____D C:\Users\xxx\AppData\Roaming\vlc
2017-03-15 18:38 - 2013-04-15 18:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-15 18:37 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-15 18:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\inetsrv
2017-03-15 18:32 - 2013-08-09 22:59 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 18:27 - 2013-04-15 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-15 18:27 - 2013-03-07 00:11 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-15 17:40 - 2013-06-22 13:11 - 00000000 ____D C:\Users\xxx\.thumbnails
2017-03-14 14:59 - 2013-03-12 10:08 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-14 14:59 - 2013-03-12 10:08 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-14 14:59 - 2013-03-12 10:07 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-13 11:00 - 2013-04-26 19:41 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Real
2017-03-12 11:09 - 2015-07-29 09:49 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-12 11:04 - 2013-07-31 17:36 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-12 11:03 - 2013-11-27 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2017-03-12 11:03 - 2013-04-26 19:36 - 00000000 ____D C:\ProgramData\Real
2017-03-12 10:53 - 2014-07-04 14:43 - 00000000 ____D C:\Users\xxx\AppData\Local\Adobe
2017-03-12 09:39 - 2013-03-06 17:22 - 00000000 ____D C:\Users\xxx
2017-03-12 07:36 - 2013-03-11 10:43 - 00000000 ____D C:\ProgramData\Norton
2017-03-12 07:17 - 2013-11-27 20:22 - 00285576 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll
2017-03-12 07:17 - 2013-11-27 20:22 - 00207752 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2017-03-12 07:17 - 2013-04-26 19:42 - 00000000 ____D C:\Program Files\RealNetworks
2017-03-11 18:39 - 2013-10-22 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2017-03-11 17:40 - 2013-03-12 15:56 - 00000000 ____D C:\Program Files\WinRAR
2017-03-11 16:33 - 2014-01-07 15:33 - 00000000 ____D C:\Program Files\7-Zip
2017-03-11 15:21 - 2013-09-30 12:16 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Seznam.cz
2017-03-11 15:20 - 2014-09-26 15:19 - 00000000 ____D C:\ProgramData\Skype
2017-03-11 15:20 - 2013-08-14 07:34 - 00000000 ____D C:\Program Files\Seznam.cz
2017-03-11 15:20 - 2013-03-13 09:28 - 00000000 ____D C:\ProgramData\Tablet
2017-03-11 15:18 - 2009-07-14 04:04 - 00000592 _____ C:\Windows\win.ini
2017-03-11 15:15 - 2013-03-28 12:25 - 00000000 ____D C:\ProgramData\ScanSoft
2017-03-11 15:14 - 2017-02-25 10:20 - 00000000 ____D C:\Program Files\PDF Editor 5
2017-03-11 15:14 - 2013-03-12 13:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-03-11 15:08 - 2014-07-22 15:27 - 00000000 ____D C:\Users\xxx\AppData\Local\Citrix
2017-03-09 17:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sysprep
2017-03-09 17:50 - 2013-03-25 23:00 - 00000000 ____D C:\Users\DefaultAppPool
==================== Files in the root of some directories =======
2013-08-14 07:29 - 2013-08-21 20:35 - 0000083 _____ () C:\Users\xxx\AppData\Roaming\Camdata.ini
2013-08-14 07:29 - 2013-08-21 20:35 - 0000408 _____ () C:\Users\xxx\AppData\Roaming\CamLayout.ini
2013-08-14 07:29 - 2013-08-21 20:35 - 0000408 _____ () C:\Users\xxx\AppData\Roaming\CamShapes.ini
2013-08-14 07:29 - 2013-08-21 20:35 - 0004518 _____ () C:\Users\xxx\AppData\Roaming\CamStudio.cfg
2015-01-10 19:20 - 2015-01-10 19:20 - 0022328 _____ () C:\Users\xxx\AppData\Roaming\PnkBstrK.sys
2013-05-04 22:01 - 2013-05-04 22:01 - 0000047 _____ () C:\Users\xxx\AppData\Roaming\SwvUstatus.cfg
2013-05-03 14:35 - 2013-09-02 22:17 - 0005120 ____R () C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-16 21:43 - 2013-09-18 12:38 - 0000058 ____R () C:\Users\xxx\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-06-18 10:38 - 2013-06-18 10:38 - 0000292 ____R () C:\Users\xxx\AppData\Local\HamsterBookConverter.cfg
2013-09-21 18:08 - 2013-09-21 18:08 - 0004794 ____R () C:\Users\xxx\AppData\Local\recently-used.xbel
2013-08-15 22:28 - 2013-09-10 09:20 - 0007598 ____R () C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-03 00:39
==================== End of FRST.txt ============================
Ran by xxx (administrator) on XXX-PC (05-04-2017 09:25:36)
Running from C:\Users\xxx\Desktop
Loaded Profiles: xxx (Available Profiles: xxx)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PnkBstrB.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(© 2015 Microsoft Corporation) C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(DonationCoder) C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-09] (AVAST Software)
HKLM\...\Run: [Corel Update Helper] => c:\Program Files\Corel\Corel VideoStudio X9\pua.exe [1490888 2016-03-01] (Corel Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [352648 2017-03-12] (RealNetworks, Inc.)
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [T-Mobile CManager] => "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [BingSvc] => C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-13] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7348440 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\PROGRA~1\IBOARD\VBSScz\VBSS.scr
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-07-12] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\blink.lnk [2013-10-07]
ShortcutTarget: blink.lnk -> C:\Windows\blink.exe (Windows System Linker)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2014-06-30]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1312145065-2419162411-1920721547-1000] => Proxy is enabled.
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{2E2CA668-3954-42A5-8580-8AA5A06568D4}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6A79F534-6E4C-4533-B798-86BCF15AA33F}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{8CA8A9CA-8205-4B60-8176-9A92B0F038A8}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{EB6A1488-3FA0-4333-A0C5-FD040CD14269}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131082184119257812&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {80D05449-5284-4329-B3EA-E9FF6F1A8BB9} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {AB64792C-7080-4E2F-B393-F93B84B21279} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: No Name -> {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} -> No File
BHO: Pagealicious -> {60C07B56-542E-4054-A503-4E9E08DF2F84} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-12] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
BHO: Adblock -> {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} -> C:\Program Files\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll [2014-06-17] (Adblock)
Toolbar: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: q47now0d.default
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default [2017-04-05]
FF Extension: (Site Deployment Checker) - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\features\{868623e9-c59f-489c-8515-5357f4d67671}\deployment-checker@mozilla.org.xpi [2017-03-31]
FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1312145065-2419162411-1920721547-1000: @citrixonline.com/appdetectorplugin -> C:\Users\xxx\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-22] (Citrix Online)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-04] <==== ATTENTION
CHR Extension: (Prezentace Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-19]
CHR Extension: (Dokumenty Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-19]
CHR Extension: (Disk Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-19]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-19]
CHR Extension: (Vyhledávání Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-19]
CHR Extension: (Tabulky Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-19]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-19]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-04-04] <==== ATTENTION
CHR Extension: (Quick Searcher) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-05-17]
CHR Extension: (Telegram) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2016-02-11]
CHR Extension: (Facebook Power Editor) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\djicncbfodbeijpfpjjojkfhgbpjnlih [2013-12-22]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-08-06]
CHR Extension: (Avast Online Security) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-07]
CHR Extension: (Visual Search for Facebook) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\jeckllnpecnifhjomogoikfhiiflfpal [2013-12-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default [2017-04-05]
CHR Extension: (Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-11]
CHR Extension: (Disk Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-11]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-11]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-11]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-04]
CHR Extension: (Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-11]
CHR Extension: (Disk Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-11]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-11]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-11]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-04]
CHR Extension: (Quick Searcher) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-05-17]
CHR HKLM\...\Chrome\Extension: [aicancafipiklohohmoognddncljhkio] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [ghgmnfeamobhjmillnanbfhmkoeodooi] - C:\Users\xxx\AppData\Local\CRE\ghgmnfeamobhjmillnanbfhmkoeodooi.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aicancafipiklohohmoognddncljhkio] - <no Path/update_url>
CHR HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ghgmnfeamobhjmillnanbfhmkoeodooi] - C:\Users\xxx\AppData\Local\CRE\ghgmnfeamobhjmillnanbfhmkoeodooi.crx <not found>
Opera:
=======
OPR Extension: (Quick Searcher) - C:\Users\xxx\AppData\Roaming\Opera Software\Opera Stable\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-05-17]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-12] (AVAST Software)
S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2013-04-13] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2015-01-10] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [103736 2015-01-10] ()
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 pSP2clnt; C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe [406016 2016-06-05] () [File not signed]
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-07-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-07-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-07-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-07-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-07-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [438296 2016-07-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118152 2016-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2012-12-13] (Windows (R) Win 7 DDK provider)
S3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [43520 2008-09-22] (VIA Technologies, Inc. ) [File not signed]
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. )
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-04-09] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-05] (Realtek Semiconductor Corporation )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2015-01-02] (Duplex Secure Ltd.)
U3 a9v3qj89; C:\Windows\system32\Drivers\a9v3qj89.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]
S3 vhidmini; system32\DRIVERS\walvhid.sys [X]
S3 WinRing0_1_2_0; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-05 09:25 - 2017-04-05 09:26 - 00019954 _____ C:\Users\xxx\Desktop\FRST.txt
2017-04-05 09:25 - 2017-04-05 09:25 - 00000000 ____D C:\FRST
2017-04-05 09:24 - 2017-04-05 09:24 - 00000274 _____ C:\Users\xxx\Desktop\fixlist.txt
2017-04-05 09:18 - 2017-04-05 09:18 - 01766912 _____ (Farbar) C:\Users\xxx\Desktop\FRST.exe
2017-04-04 18:07 - 2017-04-04 22:01 - 00000000 ____D C:\Program Files\trend micro
2017-04-04 18:07 - 2017-04-04 18:08 - 00000000 ____D C:\rsit
2017-04-04 18:07 - 2017-04-04 18:07 - 01206272 _____ C:\Users\xxx\Desktop\RSIT.exe
2017-04-04 17:56 - 2017-04-04 18:01 - 00000000 ____D C:\32788R22FWJFW
2017-04-04 17:55 - 2017-04-04 17:56 - 05660310 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2017-04-04 16:37 - 2017-04-04 21:43 - 00000000 ____D C:\AdwCleaner
2017-04-04 16:14 - 2017-04-04 16:14 - 00000000 ____D C:\Users\xxx\AppData\Local\ESET
2017-04-04 14:57 - 2017-04-04 14:57 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-04 14:57 - 2017-04-04 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-04 14:56 - 2017-04-04 14:57 - 00000000 ____D C:\Program Files\CCleaner
2017-04-04 10:20 - 2017-04-04 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxPro - MetaTrader
2017-04-04 06:41 - 2017-04-04 16:35 - 00000000 ____D C:\Users\xxx\AppData\Roaming\fxgen
2017-04-03 17:43 - 2017-04-03 17:43 - 00001815 _____ C:\Users\Public\Desktop\XM MT4.lnk
2017-04-03 17:43 - 2017-04-03 17:43 - 00000000 ____D C:\Program Files\XM MT4
2017-04-03 17:05 - 2017-04-03 17:05 - 00000000 _SHDC C:\AppCache
2017-04-03 14:12 - 2017-04-03 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XM MT4
2017-03-31 09:36 - 2017-03-31 09:36 - 00000000 ____D C:\Users\xxx\Documents\Moje palety
2017-03-28 11:55 - 2017-03-28 11:55 - 00001002 _____ C:\Users\xxx\Desktop\GuitarPro6.lnk
2017-03-28 11:53 - 2017-03-28 11:53 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
2017-03-28 11:52 - 2017-03-28 11:53 - 00000000 ____D C:\Program Files\Guitar Pro 6
2017-03-28 10:49 - 2017-03-28 10:49 - 00000000 ____D C:\Users\xxx\AppData\Local\bestx_software
2017-03-28 10:42 - 2017-03-28 10:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate ZIP Cracker Trial
2017-03-28 10:36 - 2017-03-28 11:25 - 00000000 ____D C:\Users\xxx\AppData\Roaming\rarunlocker
2017-03-28 10:20 - 2017-03-29 09:21 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Guitar Pro 6
2017-03-28 10:20 - 2017-03-28 10:20 - 00000000 ____D C:\ProgramData\Guitar Pro 6
2017-03-27 20:59 - 2017-03-27 20:59 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-03-27 20:59 - 2017-03-27 20:59 - 00000969 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-03-27 20:57 - 2017-03-27 20:57 - 00000000 ____D C:\Users\xxx\AppData\Local\Audacity
2017-03-22 11:01 - 2017-03-22 10:58 - 00002771 _____ C:\Users\Public\Desktop\CorelDRAW X7.lnk
2017-03-22 10:58 - 2017-03-22 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7
2017-03-22 10:51 - 2017-03-22 11:01 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7
2017-03-21 10:24 - 2017-03-24 10:20 - 00000000 ____D C:\Program Files\MetaTrader 4 Admiral Markets
2017-03-21 10:24 - 2017-03-21 10:24 - 00002015 _____ C:\Users\Public\Desktop\Admiral Markets.lnk
2017-03-21 10:24 - 2017-03-21 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 4 Admiral Markets
2017-03-20 20:59 - 2017-03-20 20:59 - 00001978 _____ C:\Users\xxx\Desktop\FL Studio 12.lnk
2017-03-20 20:59 - 2017-03-20 20:59 - 00000000 ____D C:\Program Files\VstPlugins
2017-03-20 20:59 - 2017-03-20 20:59 - 00000000 ____D C:\Program Files\ASIO4ALL v2
2017-03-20 19:06 - 2017-03-20 19:06 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-03-20 19:05 - 2017-03-20 19:05 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2017-03-20 19:04 - 2017-03-20 20:58 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-03-20 19:04 - 2017-03-20 19:04 - 00000000 ____D C:\Users\xxx\Documents\Image-Line
2017-03-20 19:04 - 2017-03-20 19:04 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Image-Line
2017-03-20 19:04 - 2017-03-20 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-03-20 18:43 - 2017-03-20 20:59 - 00000000 ____D C:\Program Files\Image-Line
2017-03-20 13:00 - 2017-03-20 13:00 - 00000000 ____D C:\Users\xxx\AppData\Local\Zynaptiq
2017-03-20 12:55 - 2017-03-20 13:01 - 00000000 ____D C:\Users\xxx\AppData\Roaming\MAGIX
2017-03-20 12:55 - 2017-03-20 12:55 - 00000000 ____D C:\Users\xxx\AppData\Local\Xara
2017-03-20 12:53 - 2017-03-20 18:10 - 00000000 ____D C:\Program Files\Common Files\MAGIX Services
2017-03-15 08:04 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 08:04 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 08:04 - 2017-03-04 05:28 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 08:04 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 08:04 - 2017-03-02 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 08:04 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 08:04 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 08:04 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 08:04 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 08:04 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 08:04 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 08:04 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 08:04 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 08:04 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 08:04 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 08:04 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 08:04 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 08:04 - 2017-03-02 19:44 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 08:04 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 08:04 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 08:04 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 08:04 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 08:04 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 08:04 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 08:04 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 08:04 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 08:04 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 08:04 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 08:04 - 2017-03-02 19:19 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 08:04 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 08:04 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 08:04 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 08:04 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 08:04 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 08:04 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 08:04 - 2017-02-11 17:50 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 08:04 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 08:04 - 2017-02-10 18:17 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 08:04 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 08:04 - 2017-02-10 16:33 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 08:04 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-03-15 08:04 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 08:04 - 2017-02-09 18:19 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 08:04 - 2017-02-09 18:19 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 08:04 - 2017-02-09 18:16 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 08:04 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 08:04 - 2017-02-09 17:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 08:04 - 2017-02-09 17:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 08:04 - 2017-02-09 17:52 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 08:04 - 2017-02-09 17:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 08:04 - 2017-02-09 17:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 08:04 - 2017-02-09 17:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 08:04 - 2017-02-06 18:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 08:04 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 08:04 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 08:04 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 08:03 - 2017-02-11 17:50 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 08:03 - 2017-02-11 17:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 08:03 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 08:03 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 08:03 - 2017-02-09 17:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 08:03 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 08:03 - 2017-02-09 17:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 08:03 - 2017-02-09 17:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 08:03 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 08:03 - 2017-02-09 17:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 08:03 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 08:03 - 2017-02-09 17:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 08:03 - 2017-02-09 17:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 08:03 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 08:03 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-13 15:00 - 2017-03-13 15:00 - 00000000 ____D C:\Users\xxx\AppData\Local\Macromedia
2017-03-12 16:29 - 2017-04-05 09:23 - 00000000 ____D C:\Users\xxx\AppData\LocalLow\Mozilla
2017-03-12 16:29 - 2017-04-02 16:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-12 16:29 - 2017-04-02 16:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-12 16:29 - 2017-03-12 16:38 - 00000000 ____D C:\Users\xxx\AppData\Local\Mozilla
2017-03-12 16:29 - 2017-03-12 16:29 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-12 16:29 - 2017-03-12 16:29 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-12 11:01 - 2017-03-12 10:53 - 00000030 ____C C:\AVScanner.ini
2017-03-12 09:39 - 2017-03-12 09:39 - 00000000 ____D C:\Users\xxx\.cache
2017-03-12 07:19 - 2017-03-12 07:19 - 00000000 ____D C:\Users\xxx\AppData\Local\CrashRpt
2017-03-11 21:24 - 2017-03-11 21:24 - 00001160 _____ C:\Users\xxx\Desktop\Format Factory.lnk
2017-03-11 21:24 - 2017-03-11 21:24 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2017-03-11 18:44 - 2017-03-16 16:56 - 00000000 ____D C:\Users\xxx\Documents\Corel VideoStudio Pro
2017-03-11 18:42 - 2017-03-13 14:19 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Ulead Systems
2017-03-11 18:39 - 2017-03-11 18:39 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2017-03-11 18:39 - 2017-03-11 18:39 - 00000000 ____D C:\Program Files\Haali
2017-03-11 18:34 - 2017-03-11 18:34 - 00000988 _____ C:\Users\Public\Desktop\Video Studio.lnk
2017-03-11 18:34 - 2017-03-11 18:34 - 00000983 _____ C:\Users\Public\Desktop\Screen Cap.lnk
2017-03-11 18:34 - 2017-03-11 18:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio X9
2017-03-11 17:40 - 2017-03-11 17:40 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-11 17:40 - 2017-03-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-11 17:17 - 2017-03-12 11:09 - 00000000 ____D C:\ProgramData\McAfee
2017-03-11 16:33 - 2017-03-11 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-03-09 18:00 - 2017-03-09 18:00 - 00000000 ____D C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2017-03-09 17:50 - 2017-03-09 17:50 - 00262144 _____ C:\Users\DefaultAppPool\ntuser.man
2017-03-09 14:38 - 2017-03-11 15:01 - 00000000 ____D C:\ProgramData\Avg
2017-03-09 14:38 - 2017-03-11 15:00 - 00000000 ____D C:\Users\xxx\AppData\Local\AvgSetupLog
2017-03-09 14:38 - 2017-03-09 17:48 - 00000000 ____D C:\Users\xxx\AppData\Local\Avg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-05 09:06 - 2015-06-18 10:06 - 00000646 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job
2017-04-05 08:49 - 2014-07-22 15:28 - 00000550 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job
2017-04-04 21:54 - 2013-07-17 22:36 - 00000000 ____D C:\Users\xxx\AppData\Local\CrashDumps
2017-04-04 21:51 - 2009-07-14 06:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-04 21:51 - 2009-07-14 06:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-04 21:44 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-04 17:46 - 2009-07-14 06:53 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-04 17:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-04-04 16:33 - 2013-07-27 14:04 - 00000000 ____D C:\Users\xxx\AppData\Roaming\uTorrent
2017-04-04 16:28 - 2013-07-28 14:19 - 00000000 ____D C:\Users\xxx\AppData\LocalLow\SecurePlugin
2017-04-04 14:59 - 2013-03-11 22:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
2017-04-04 14:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\ModemLogs
2017-04-03 16:01 - 2013-03-06 17:31 - 01670520 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-03 16:01 - 2009-07-14 10:44 - 00702688 _____ C:\Windows\system32\perfh005.dat
2017-04-03 16:01 - 2009-07-14 10:44 - 00152446 _____ C:\Windows\system32\perfc005.dat
2017-03-29 13:45 - 2013-09-23 16:31 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Corel
2017-03-29 13:05 - 2013-03-24 22:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Audacity
2017-03-28 12:59 - 2013-09-22 08:49 - 04209736 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-28 10:06 - 2013-09-30 11:48 - 00293040 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2017-03-27 20:59 - 2013-03-24 22:15 - 00000000 ____D C:\Program Files\Audacity
2017-03-22 11:02 - 2016-06-05 19:08 - 00000000 ____D C:\ProgramData\Corel
2017-03-22 10:59 - 2016-06-05 14:24 - 00000000 ____D C:\Users\Public\Documents\Corel
2017-03-22 10:58 - 2016-06-05 19:07 - 00000000 ____D C:\Program Files\Corel
2017-03-20 12:53 - 2013-03-30 01:52 - 00000000 ____D C:\Program Files\MSXML 4.0
2017-03-20 12:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2017-03-20 12:53 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-15 21:16 - 2015-09-10 09:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 20:47 - 2013-03-12 13:51 - 00000000 ____D C:\Users\xxx\AppData\Roaming\vlc
2017-03-15 18:38 - 2013-04-15 18:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-15 18:37 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-15 18:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\inetsrv
2017-03-15 18:32 - 2013-08-09 22:59 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 18:27 - 2013-04-15 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-15 18:27 - 2013-03-07 00:11 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-15 17:40 - 2013-06-22 13:11 - 00000000 ____D C:\Users\xxx\.thumbnails
2017-03-14 14:59 - 2013-03-12 10:08 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-14 14:59 - 2013-03-12 10:08 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-14 14:59 - 2013-03-12 10:07 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-13 11:00 - 2013-04-26 19:41 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Real
2017-03-12 11:09 - 2015-07-29 09:49 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-12 11:04 - 2013-07-31 17:36 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-12 11:03 - 2013-11-27 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2017-03-12 11:03 - 2013-04-26 19:36 - 00000000 ____D C:\ProgramData\Real
2017-03-12 10:53 - 2014-07-04 14:43 - 00000000 ____D C:\Users\xxx\AppData\Local\Adobe
2017-03-12 09:39 - 2013-03-06 17:22 - 00000000 ____D C:\Users\xxx
2017-03-12 07:36 - 2013-03-11 10:43 - 00000000 ____D C:\ProgramData\Norton
2017-03-12 07:17 - 2013-11-27 20:22 - 00285576 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll
2017-03-12 07:17 - 2013-11-27 20:22 - 00207752 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2017-03-12 07:17 - 2013-04-26 19:42 - 00000000 ____D C:\Program Files\RealNetworks
2017-03-11 18:39 - 2013-10-22 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2017-03-11 17:40 - 2013-03-12 15:56 - 00000000 ____D C:\Program Files\WinRAR
2017-03-11 16:33 - 2014-01-07 15:33 - 00000000 ____D C:\Program Files\7-Zip
2017-03-11 15:21 - 2013-09-30 12:16 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Seznam.cz
2017-03-11 15:20 - 2014-09-26 15:19 - 00000000 ____D C:\ProgramData\Skype
2017-03-11 15:20 - 2013-08-14 07:34 - 00000000 ____D C:\Program Files\Seznam.cz
2017-03-11 15:20 - 2013-03-13 09:28 - 00000000 ____D C:\ProgramData\Tablet
2017-03-11 15:18 - 2009-07-14 04:04 - 00000592 _____ C:\Windows\win.ini
2017-03-11 15:15 - 2013-03-28 12:25 - 00000000 ____D C:\ProgramData\ScanSoft
2017-03-11 15:14 - 2017-02-25 10:20 - 00000000 ____D C:\Program Files\PDF Editor 5
2017-03-11 15:14 - 2013-03-12 13:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-03-11 15:08 - 2014-07-22 15:27 - 00000000 ____D C:\Users\xxx\AppData\Local\Citrix
2017-03-09 17:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sysprep
2017-03-09 17:50 - 2013-03-25 23:00 - 00000000 ____D C:\Users\DefaultAppPool
==================== Files in the root of some directories =======
2013-08-14 07:29 - 2013-08-21 20:35 - 0000083 _____ () C:\Users\xxx\AppData\Roaming\Camdata.ini
2013-08-14 07:29 - 2013-08-21 20:35 - 0000408 _____ () C:\Users\xxx\AppData\Roaming\CamLayout.ini
2013-08-14 07:29 - 2013-08-21 20:35 - 0000408 _____ () C:\Users\xxx\AppData\Roaming\CamShapes.ini
2013-08-14 07:29 - 2013-08-21 20:35 - 0004518 _____ () C:\Users\xxx\AppData\Roaming\CamStudio.cfg
2015-01-10 19:20 - 2015-01-10 19:20 - 0022328 _____ () C:\Users\xxx\AppData\Roaming\PnkBstrK.sys
2013-05-04 22:01 - 2013-05-04 22:01 - 0000047 _____ () C:\Users\xxx\AppData\Roaming\SwvUstatus.cfg
2013-05-03 14:35 - 2013-09-02 22:17 - 0005120 ____R () C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-16 21:43 - 2013-09-18 12:38 - 0000058 ____R () C:\Users\xxx\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-06-18 10:38 - 2013-06-18 10:38 - 0000292 ____R () C:\Users\xxx\AppData\Local\HamsterBookConverter.cfg
2013-09-21 18:08 - 2013-09-21 18:08 - 0004794 ____R () C:\Users\xxx\AppData\Local\recently-used.xbel
2013-08-15 22:28 - 2013-09-10 09:20 - 0007598 ____R () C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-03 00:39
==================== End of FRST.txt ============================
Re: Zaplněné C
- vycisti registre CCleanerom
- ak je disk C zaplneny - vypni obnovu systemu - restart - zapni obnovu
- napis, aky je stav PC
- ak je disk C zaplneny - vypni obnovu systemu - restart - zapni obnovu
- napis, aky je stav PC
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Zaplněné C
Vypadá to nadějně..
Už to je lepší. Zadal jsem ještě vyčištění Disku, a je to mnohem lepší.
Díky moc. Něco vám přispěji do kasičky.
Už to je lepší. Zadal jsem ještě vyčištění Disku, a je to mnohem lepší.
Díky moc. Něco vám přispěji do kasičky.
Přispějete na provoz fóra?