Vyskalující bublina s reklamou - prosím o kontrolu logu

[Mirdu]

Ahoj , potřeboval bych kontrolu logu.

Při procházení netu mi vyskakuje vlevo dole bublina s reklamou na RU stránky (viz obr.)

sshot-10.png (65.4 KiB) Zobrazeno 2740 x

Zde přikládám log:

Kód: Vybrat vše

Logfile of random's system information tool 1.10 (written by random/random)
Run by Správce at 2017-04-26 07:59:47
Microsoft Windows 7 Ultimate  Service Pack 1
System drive C: has 22 GB (19%) free of 114 GB
Total RAM: 7371 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:59:55, on 26.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18639)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Aplikace\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTray.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Správce.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131304997813423936&GUID=75B712EB-7649-4C48-A77C-927D097D8AB1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files (x86)\Aplikace\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTRAY.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Shield Sentinel (mweshield) - "My Web Shield" - C:\Program Files\My Web Shield\mweshield.exe
O23 - Service: My Web Shield Consolidator (mweshieldup) - "My Web Shield" - C:\Program Files\My Web Shield\mweshieldup.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Crystal Rich Ltd - C:\Program Files (x86)\Aplikace\USB Safely Remove\USBSRService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9551 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Aplikace\USB Safely Remove\USBSRService.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files\My Web Shield\mweshield.exe"
"C:\Program Files\My Web Shield\mweshieldup.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PSIService.exe
"C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2648
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
"C:\Program Files (x86)\Aplikace\USB Safely Remove\USBSafelyRemove.exe" /startup
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTray.exe" 
"C:\Program Files (x86)\SpeedFan\speedfan.exe" 
AvastUI.exe /nogui
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /c
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Správce\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=57.0.2987.133 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef0ab3970,0x7fef0ab3960,0x7fef0ab3980
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4828 --on-initialized-event-handle=420 --parent-handle=428 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1184 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,18,19,20,23,26,41,74 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x1002 --gpu-device-id=0x9901 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=15.200.1046.0 --gpu-driver-date=6-22-2015 --service-request-channel-token=1D9A734A2E1AE4B905A58B6E00785365 --mojo-platform-channel-handle=1192 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1184 --primordial-pipe-token=95988904EF03A555F9B8D02CA8BF2CBA --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=95988904EF03A555F9B8D02CA8BF2CBA --renderer-client-id=22 --mojo-platform-channel-handle=1824 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1184 --primordial-pipe-token=875E47674C4F13D43B3FCEBF50CDD4F8 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=875E47674C4F13D43B3FCEBF50CDD4F8 --renderer-client-id=25 --mojo-platform-channel-handle=4956 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1184 --primordial-pipe-token=104A12D22B145066E0BB287C7E2E8630 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=104A12D22B145066E0BB287C7E2E8630 --renderer-client-id=26 --mojo-platform-channel-handle=5488 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1184 --primordial-pipe-token=1C86A83D4D5CEA4DE7AAD14ED429B8BC --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=1C86A83D4D5CEA4DE7AAD14ED429B8BC --renderer-client-id=27 --mojo-platform-channel-handle=2708 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1184 --primordial-pipe-token=0CE7B79D1B2E1DEA210C479D1F576955 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=0CE7B79D1B2E1DEA210C479D1F576955 --renderer-client-id=63 --mojo-platform-channel-handle=4164 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1184 --primordial-pipe-token=868727BDDB54B151F00BA6D63470BB5E --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=868727BDDB54B151F00BA6D63470BB5E --renderer-client-id=79 --mojo-platform-channel-handle=6032 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528 
"D:\Dokumenty\Stažené soubory\CHROME\RSITx64.exe" 
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe  /c 
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe  /ua /installsource scheduler 

=========Mozilla firefox=========

ProfilePath - C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "https://www.google.cz/webhp?ie=utf-8&oe=utf-8&client=firefox-b&gfe_rd=cr&ei=Luz4V9naC-na8AeQ6IGgAw#cns=0&gfe_rd=cr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.71.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852]
"Description"=RealMedia Plugin
"Path"=C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662]
"Description"=RealPlayer Version Plugin
"Path"=C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46]
"Description"=6.0.12.46
"Path"=C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeExManDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeExManDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll


C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\extensions\
support@lastpass.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14 69760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"fssui"=C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [2014-03-31 892608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"=C:\Program Files (x86)\Aplikace\USB Safely Remove\USBSafelyRemove.exe [2014-08-18 3378488]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-12-21 9292504]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTRAY.EXE [2016-03-24 680528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2017-04-17 28344776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTRAY.EXE [2016-03-24 680528]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-03-02 205512]

C:\Users\Správce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
SpeedFan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.avis"=ff_acm.acm
"vidc.x264"=x264vfw.dll
"vidc.XVID"=xvidvfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-04-26 07:59:47 ----D---- C:\rsit
2017-04-26 07:59:47 ----D---- C:\Program Files\trend micro
2017-04-26 07:59:16 ----D---- C:\ProgramData\SWCUTemp
2017-04-17 17:14:04 ----A---- C:\Windows\system32\DbxSvc.exe
2017-04-11 21:41:26 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-04-11 21:41:26 ----A---- C:\Windows\system32\mshtml.dll
2017-04-11 21:41:25 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-04-11 21:41:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-04-11 21:41:25 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-04-11 21:41:25 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-04-11 21:41:25 ----A---- C:\Windows\system32\wuaueng.dll
2017-04-11 21:41:25 ----A---- C:\Windows\system32\wininet.dll
2017-04-11 21:41:25 ----A---- C:\Windows\system32\ole32.dll
2017-04-11 21:41:25 ----A---- C:\Windows\system32\iertutil.dll
2017-04-11 21:41:25 ----A---- C:\Windows\system32\ieframe.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\wucltux.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\wuapi.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\win32spl.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\win32k.sys
2017-04-11 21:41:24 ----A---- C:\Windows\system32\urlmon.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\ucrtbase.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\samsrv.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\quartz.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\msfeeds.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\iedkcs32.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\gdi32.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-04-11 21:41:24 ----A---- C:\Windows\system32\cdosys.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\atmfd.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 21:41:24 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\samlib.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\mfmjpegdec.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 21:41:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\wuwebv.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\webcheck.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\vbscript.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\samlib.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-04-11 21:41:23 ----A---- C:\Windows\system32\ntdll.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\mfmjpegdec.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\jscript9.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\jscript.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\ie4uinit.exe
2017-04-11 21:41:23 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-04-11 21:41:23 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-04-11 21:41:23 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-04-11 21:41:23 ----A---- C:\Windows\system32\certcli.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\asycfilt.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 21:41:23 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-11 21:41:22 ----A---- C:\Windows\SYSWOW64\wups.dll
2017-04-11 21:41:22 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2017-04-11 21:41:22 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-04-11 21:41:22 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-04-11 21:41:22 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-04-11 21:41:22 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-04-11 21:41:22 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-04-11 21:41:22 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-04-11 21:41:22 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-04-11 21:41:22 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-04-11 21:41:22 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-04-11 21:41:22 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-04-11 21:41:22 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\wups2.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\wups.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\wudriver.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\wuauclt.exe
2017-04-11 21:41:22 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\wow64win.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\winsrv.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\srcore.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\srclient.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\smss.exe
2017-04-11 21:41:22 ----A---- C:\Windows\system32\schannel.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\rstrui.exe
2017-04-11 21:41:22 ----A---- C:\Windows\system32\rpcrt4.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\occache.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\ncrypt.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\msv1_0.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-11 21:41:22 ----A---- C:\Windows\system32\msrating.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\mshtmled.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\lsasrv.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\KernelBase.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\kernel32.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\kerberos.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\jsproxy.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\jscript9diag.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\inseng.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\ieUnatt.exe
2017-04-11 21:41:22 ----A---- C:\Windows\system32\ieui.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\ieapfltr.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\dxtrans.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\dxtmsft.dll
2017-04-11 21:41:22 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-04-11 21:41:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-04-11 21:41:22 ----A---- C:\Windows\system32\conhost.exe
2017-04-11 21:41:22 ----A---- C:\Windows\system32\advapi32.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 21:41:21 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\user.exe
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-04-11 21:41:21 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\wuapp.exe
2017-04-11 21:41:21 ----A---- C:\Windows\system32\wow64cpu.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\wow64.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\wdigest.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\tzres.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\TSpkg.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\sspisrv.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\sspicli.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\secur32.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\rpchttp.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\ntvdm64.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\msobjs.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\msaudite.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\lsass.exe
2017-04-11 21:41:21 ----A---- C:\Windows\system32\lpk.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\iesetup.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\iernonce.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-04-11 21:41:21 ----A---- C:\Windows\system32\fontsub.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-04-11 21:41:21 ----A---- C:\Windows\system32\drivers\appid.sys
2017-04-11 21:41:21 ----A---- C:\Windows\system32\dciman32.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\csrsrv.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\cryptbase.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\credssp.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\cdd.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\bcrypt.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\auditpol.exe
2017-04-11 21:41:21 ----A---- C:\Windows\system32\atmlib.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\appidsvc.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-04-11 21:41:21 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-04-11 21:41:21 ----A---- C:\Windows\system32\appidapi.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\apisetschema.dll
2017-04-11 21:41:21 ----A---- C:\Windows\system32\adtschema.dll

======List of files/folders modified in the last 1 month======

2017-04-26 07:59:47 ----RD---- C:\Program Files
2017-04-26 07:59:16 ----HD---- C:\ProgramData
2017-04-26 07:50:21 ----D---- C:\Windows\Temp
2017-04-26 07:33:24 ----D---- C:\Windows\system32\config
2017-04-26 07:24:52 ----D---- C:\Windows\System32
2017-04-26 07:24:52 ----D---- C:\Windows\inf
2017-04-26 07:24:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-26 07:22:09 ----D---- C:\Users\Správce\AppData\Roaming\USBSafelyRemove
2017-04-26 07:22:08 ----D---- C:\Program Files (x86)\SpeedFan
2017-04-26 07:20:10 ----D---- C:\Windows
2017-04-26 07:20:10 ----D---- C:\Program Files\Mozilla Firefox
2017-04-26 07:20:10 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-25 08:59:01 ----SHD---- C:\System Volume Information
2017-04-25 05:56:54 ----D---- C:\Windows\rescache
2017-04-24 19:19:17 ----D---- C:\Windows\system32\LogFiles
2017-04-24 12:29:20 ----D---- C:\Users\Správce\AppData\Roaming\Media Player Classic
2017-04-24 12:29:15 ----D---- C:\Windows\debug
2017-04-24 01:03:17 ----D---- C:\Users\Správce\AppData\Roaming\AIMP
2017-04-23 18:59:43 ----D---- C:\Windows\Microsoft.NET
2017-04-21 21:36:41 ----D---- C:\Program Files (x86)\AIMP3
2017-04-21 08:32:06 ----D---- C:\Users\Správce\AppData\Roaming\Dramatic Black & White
2017-04-21 08:32:04 ----D---- C:\Users\Správce\AppData\Roaming\JixiPixCommon
2017-04-21 07:42:13 ----D---- C:\Program Files (x86)\Dropbox
2017-04-21 07:42:12 ----D---- C:\Windows\system32\drivers
2017-04-19 09:30:55 ----D---- C:\Windows\system32\Tasks
2017-04-19 09:30:55 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-04-19 09:30:53 ----D---- C:\Windows\system32\Macromed
2017-04-19 09:30:30 ----D---- C:\Windows\SYSWOW64\Macromed
2017-04-12 23:14:57 ----SHD---- C:\Windows\Installer
2017-04-12 23:14:41 ----D---- C:\Windows\SysWOW64
2017-04-12 23:05:00 ----RD---- C:\Program Files (x86)
2017-04-12 15:13:05 ----RSD---- C:\Windows\assembly
2017-04-11 22:27:17 ----D---- C:\Windows\winsxs
2017-04-11 22:26:13 ----D---- C:\Windows\SYSWOW64\en-US
2017-04-11 22:26:13 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-04-11 22:26:13 ----D---- C:\Program Files\Internet Explorer
2017-04-11 22:26:12 ----D---- C:\Windows\system32\en-US
2017-04-11 22:26:12 ----D---- C:\Windows\system32\cs-CZ
2017-04-11 22:26:12 ----D---- C:\Windows\system32\Boot
2017-04-11 22:26:12 ----D---- C:\Windows\AppPatch
2017-04-11 22:26:12 ----D---- C:\Program Files (x86)\Internet Explorer
2017-04-11 22:22:36 ----D---- C:\Windows\system32\MRT
2017-04-11 22:16:09 ----AC---- C:\Windows\system32\MRT.exe
2017-04-11 22:16:03 ----D---- C:\Windows\system32\catroot2
2017-04-11 22:14:29 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-04-09 20:37:17 ----D---- C:\Windows\Tasks
2017-04-05 21:37:37 ----D---- C:\Program Files (x86)\Aplikace
2017-04-03 21:13:28 ----D---- C:\Windows\system32\NDF
2017-04-01 16:44:56 ----D---- C:\Windows\system32\DriverStore
2017-03-30 11:13:16 ----D---- C:\Windows\SoftwareDistribution
2017-03-29 12:14:13 ----D---- C:\Users\Správce\AppData\Roaming\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2012-10-11 82600]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2012-10-11 42664]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-03-02 189768]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-03-02 334600]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-03-02 48528]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-03-02 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-03-14 337592]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-11-21 530488]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-03-02 309272]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-03-02 100640]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-03-02 993608]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-03-22 548928]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 31400]
R1 mwescontroller;mwescontroller; \??\C:\Windows\system32\drivers\mwescontroller.sys [2016-11-09 56656]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 APXACC;AppEx Networks Accelerator LWF; C:\Windows\system32\DRIVERS\appexDrv.sys [2015-04-03 229056]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-03-02 126600]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-03-02 162528]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2014-03-31 58056]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\amdhub30.sys [2012-03-30 105088]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-06-23 21612032]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-06-23 663552]
R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\amdxhc.sys [2012-03-30 223872]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-03-01 104976]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2012-08-28 58536]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-03-02 38296]
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-21 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2015-04-23 25640]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl64.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2013-08-21 127488]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2013-08-21 18944]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2013-08-21 161280]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2013-08-21 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2013-08-21 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2013-08-21 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2013-08-21 158024]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-02-02 82640]
R2 AdobeUpdateService;AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-08-24 744640]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2017-02-27 2227312]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-06-23 245760]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-06-22 344064]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-03-02 262736]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2017-04-17 48944]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-03-31 1512640]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 mweshield;My Web Shield Sentinel; C:\Program Files\My Web Shield\mweshield.exe [2016-08-31 931640]
R2 mweshieldup;My Web Shield Consolidator; C:\Program Files\My Web Shield\mweshieldup.exe [2016-08-31 348472]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [2007-06-05 177704]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 USBSafelyRemoveService;USB Safely Remove Assistant; C:\Program Files (x86)\Aplikace\USB Safely Remove\USBSRService.exe [2014-08-18 1523000]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-03-02 7147320]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-20 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-20 125064]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-07 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27 144200]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-20 51320]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-07 143144]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-25 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-26 191944]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-02-29 1255736]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-19 271448]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]

-----------------EOF-----------------

[Rudy]

Zdravím!
Jak je na tom váš oper. systém s legalitou?

[Mirdu]

Asi ano :

sshot-11.png (78.15 KiB) Zobrazeno 2712 x

Ja to neinstaloval PC jsem před rokem zdědil.

To má vliv?

[Rudy]

Tohle uvidíte na cracklém systému také. My nelegální systémy neřešíme, protože jsou upravené a nevbím, jak se zachovají při mazání šmejdů. Nejsme tu od toho, abychom pak opravovali padlé systémy. Udělejte tento sken:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Dejte oba logy.

[Mirdu]

Log 1:

Kód: Vybrat vše

OTL Extras logfile created on: 28.4.2017 17:04:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Dokumenty\Stažené soubory\CHROME
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18638)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
 
7,20 Gb Total Physical Memory | 5,17 Gb Available Physical Memory | 71,76% Memory free
14,40 Gb Paging File | 12,20 Gb Available in Paging File | 84,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,57 Gb Total Space | 20,66 Gb Free Space | 18,52% Space Free | Partition Type: NTFS
Drive D: | 52,73 Gb Total Space | 33,28 Gb Free Space | 63,10% Space Free | Partition Type: NTFS
Drive E: | 777,34 Gb Total Space | 13,33 Gb Free Space | 1,71% Space Free | Partition Type: NTFS
Drive G: | 101,34 Gb Total Space | 46,98 Gb Free Space | 46,36% Space Free | Partition Type: NTFS
Drive H: | 100,00 Mb Total Space | 80,24 Mb Free Space | 80,24% Space Free | Partition Type: NTFS
 
Computer Name: SPRÁVCE-PC | User Name: Správce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-886474415-2201385491-2332788101-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.txt [@ = Speccy.File] -- D:\Dokumenty\Stažené soubory\CHROME\Speccy43-Windows-bin\Speccy.exe ()
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4C53E8D8-DB65-4016-BE32-096F6C7B980C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7EB15E2A-648D-45FC-9849-5BC07454FF90}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{D6CD43E8-578A-452F-8D2D-F3D03A5E5B8F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E8D9F4-CD0C-47DB-8450-D0290BF1F880}" = protocol=6 | dir=in | app=c:\program files (x86)\aplikace\μtorrent 2.2.1\utorrent.exe | 
"{115C1EAB-CD64-40D8-9ADF-1221A53C6BF5}" = dir=in | app=%programfiles%\zoner\photo studio 19\program64\zps.exe | 
"{3A30EA10-EF2D-45BD-8FCE-983D62075052}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{3AABF22A-9CA5-4AAC-BAF8-987E007B0933}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{3B397731-DFFD-4D40-BF70-4C0FA8A46441}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{4016865D-0A0A-4105-8E25-D802D939990A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{4633845E-3596-4E6C-AB10-FCB80861DD05}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{4C78ADF0-09A5-4014-AFFD-26DE6C9BDBE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{51E8BBF4-EABB-44CC-86BE-1E1E7ECD3E55}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{56E59ABE-E417-470D-990A-6E3FD4882339}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{73046B79-8EF2-47CE-8FC4-35C935DAC93F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{7EACF989-AE69-423E-A543-C68C458C7BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8704EC8C-2333-4641-BAB9-FCA7E97F017A}" = protocol=17 | dir=in | app=c:\program files (x86)\aplikace\μtorrent 2.2.1\utorrent.exe | 
"{915BC5A0-C0DB-4339-9B5A-D80FC783AEED}" = protocol=6 | dir=in | app=c:\program files\zoner\photo studio 19\program64\zps.exe | 
"{995B09CE-16A4-4ED0-A19F-C2E5893A9484}" = dir=in | app=%programfiles%\zoner\photo studio 19\program32\zps.exe | 
"{9F5ED82F-BA58-4857-9FDD-85F98A9017EE}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{AF649394-8402-4B6A-92E3-9168750AB392}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B2BB5299-5E03-4FE1-8FCB-22BDFF6BB02B}" = dir=in | app=c:\program files\zoner\photo studio 18\program32\mediaserver.exe | 
"{B96046DE-5E2E-47E5-ABDF-BCA80A20E4EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{BFE1FF25-2CD4-4C1B-BCA9-A36179529A24}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{CA3A490C-BF3F-4146-84EF-3E7F2B974976}" = dir=in | app=c:\program files (x86)\dropbox\client\dropbox.exe | 
"{D703D055-0369-4F03-B951-BBCA5A67C3B9}" = protocol=17 | dir=in | app=c:\program files\zoner\photo studio 19\program64\zps.exe | 
"{E2022BE3-9A2D-4F3B-B342-F711AEB067BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{EBD341AB-7FD6-43A0-A1ED-ADE71D00EC95}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{EE5DBE16-0BD2-42EE-B0EC-99BCFE91AD6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{F7074B8E-7EF8-446D-A6CD-E46B8FB78667}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{F935C286-10A9-4C92-BBCF-9D02EDE2908C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{FDB83BB2-DB4A-4770-B2C7-47DBFC5EE396}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"TCP Query User{5CB52CB2-3B13-4958-ABDA-CD7EA7282A8E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{B4AFC419-CD4F-4692-9CE1-462E820E9FFA}C:\program files (x86)\airdroid\airdroid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airdroid\airdroid.exe | 
"TCP Query User{BAB715B7-A3A2-4DD1-8D6E-A6BB10F254DB}C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\frd.exe | 
"TCP Query User{DC8F897E-B754-4CB5-9B06-DA48AD8C29C3}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{E955037A-CD9E-4737-AF73-4D5BB73B9A4A}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{F30079E1-7C22-4854-8374-5081298710F3}C:\program files (x86)\qip 2012\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip 2012\qip.exe | 
"TCP Query User{F956F727-491B-4AD5-8390-EC2C155F4CDE}C:\program files (x86)\aplikace\mozilive\mozilive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aplikace\mozilive\mozilive.exe | 
"UDP Query User{000B61DD-BAAE-430A-A391-E2C504996482}C:\program files (x86)\airdroid\airdroid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airdroid\airdroid.exe | 
"UDP Query User{1394FEBB-3D11-4DE6-A295-9607588C748D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{15D27B14-8E6E-4FA8-8018-59D93532F201}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{1D96AA9B-AC35-4A95-8316-010CE7C0FAAE}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{2105A04B-D043-4E31-AD17-17B721845E56}C:\program files (x86)\aplikace\mozilive\mozilive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aplikace\mozilive\mozilive.exe | 
"UDP Query User{2A588AC6-BDD6-4173-9E9C-D44D91BF0494}C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\frd.exe | 
"UDP Query User{C058795D-59D2-4143-A89D-81090A85A532}C:\program files (x86)\qip 2012\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip 2012\qip.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{14D58A97-B60E-A858-34D8-95469C02F7EC}" = AMD Catalyst Install Manager
"{17511557-C430-486A-AB5A-87A8134B2613}" = PSPPro64
"{17704FA2-B1D2-4D5C-A23D-BDA0D2BC9CC7}" = IPM_PSP_COM64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.6.6.6957 (3975d54) (64-bit)
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{488622BF-9493-6999-34FB-247CAD274CF7}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}" = HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4
"{7B50D081-E670-3B43-A460-0E2CDB5CE984}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23918
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C3E2581-B212-D5C6-35A1-DD5A9C3DA29B}" = AMD Accelerated Video Transcoding
"{90140000-0015-0405-1000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-1000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-1000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-1000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-1000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0405-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Czech) 2010
"{90140000-0044-0405-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{94BFDEF9-D91D-4B5D-8A60-08514C7191AF}" = AMD Steady Video Plug-In 
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AA4EBB14-EFFA-63D0-6DA2-4D91BD220313}" = AMD Fuel
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"{C270821D-2479-D0F4-1BD1-7BBAF6762A98}" = AMD Wireless Display v3.0
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{DFFEB619-5455-3697-B145-243D936DB95B}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23918
"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F0E9E759-8F58-C17F-4637-23EFFB25FDB5}" = ccc-utility64
"{F49B9ED5-C8EB-4BA4-B01A-B2ABA8061A9F}}_is1" = Dramatic Black and White version 2.55
"{F5733897-B788-4AB1-B399-166A9FBB47A8}" = AMD USB 3.0 Device Detector
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"jdownloader2" = JDownloader 2
"MediaInfo" = MediaInfo 0.7.70
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Mozilla Firefox 53.0 (x64 cs)" = Mozilla Firefox 53.0 (x64 cs)
"mweshield" = My Web Shield
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotomatixPro5x64_is1" = Photomatix Pro version 5.1.1
"Shop for HP Supplies" = Shop for HP Supplies
"Topaz Glow 2" = Topaz Glow 2
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"WinRAR archiver" = WinRAR 5.11 (64-bit)
"x64 Components_is1" = x64 Components v3.3.9
"ZonerPhotoStudio18_CZ_is1" = Zoner Photo Studio 18
"ZonerPhotoStudioX_CZ_is1" = Zoner Photo Studio X
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{176F50D6-6857-49CE-B731-65F757EE3F0D}" = Corel PaintShop Pro X7 
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{095FC6D2-DF7E-40C1-B4AF-FFB3EC472BEB}" = C5300
"{099218A5-A723-43DC-8DB5-6173656A1E94}" = Dropbox Update Helper
"{0D80125B-C320-1FDD-847C-CA76AE33C6EF}" = CCC Help Polish
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{1115F21B-40B9-E8A0-5FC7-EAA24AE83198}" = CCC Help Greek
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{17088A4E-3CF3-4F12-926D-2A9E8085B8EC}" = Setup
"{171083F5-B7B2-95DB-FBD4-2F619543600C}" = CCC Help Dutch
"{17289BF4-5826-447B-A20A-738044D0B3E5}" = PSPPContent
"{1735F0DE-B173-4116-BABC-653A12FB9238}" = PSPPHelp
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{176F50D6-6857-49CE-B731-65F757EE3F0D}" = ICA
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{23172FAC-5B54-A75D-A3C6-77E899AFD299}" = Catalyst Control Center Graphics Previews Common
"{232D2FE9-0E75-8FD5-7900-271F6B539481}" = AMD Catalyst Control Center
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{281D4E9F-ACAE-5476-48FA-938859AEB66D}" = CCC Help Spanish
"{2865cd27-6b8b-4413-8272-cd968f316050}_is1" = XVM verze 6.3.2.1
"{2BC9C2FF-E0B7-40F9-B1A5-6F80663C301B}" = Windows Live Family Safety
"{2E035141-58A1-E886-0391-F87D2FABF641}" = CCC Help Danish
"{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FD5045F-EE54-2922-CA89-A0B4F71366F1}" = CCC Help German
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{315E5E8B-0560-413A-B604-622A4C8BECBD}" = FLAC Frontend
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{41221990-DB5B-BF65-A859-D78880DC7CCD}" = CCC Help Russian
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}" = Google Earth Pro
"{460F31BB-57EB-FBC0-9A82-CC9CF41B531A}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5377B3C8-6130-CCAC-DA09-1940969E7E42}" = CCC Help French
"{559ADC36-3333-B93C-2A9A-034638AC418A}" = CCC Help Norwegian
"{567C4A87-9029-4001-ACF1-CFC0717EC1A0}" = PS_AIO_04_C5300_Software_Min
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{634EE4B5-7711-E2CA-AD5A-D951B9672E48}" = CCC Help Thai
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7DE5EA5D-C933-4549-9A44-5BC671F23BBF}_is1" = Ulož.to FileManager verze 2.02
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83B66481-A1FC-C2CF-327A-B755E8971A82}" = Catalyst Control Center InstallProxy
"{83FB6520-3C26-A8BC-8712-F4A938207EB4}" = CCC Help Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{914533BC-F2F0-72AB-FF98-767FA8D5C37E}" = CCC Help Turkish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{958CE762-7D6D-6E6D-B7CE-1A7F07107C6E}" = CCC Help English
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.2
"{9958B0E1-B751-D87A-EFFF-B616676C31B7}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9A470EA9-FF86-4C0E-992C-572BF2B9D6FF}" = Windows Live Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A901B032-E26C-07D0-1CE8-9D066DB59165}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0804-1033-1959-001824214663}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1029-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Czech
"{ADCED59B-3FD6-984F-B5F1-0C561F678143}" = CCC Help Swedish
"{AF0ACDD1-3842-47C7-B153-B8DB92CDA42D}" = Virtual Com port driver V1.4.0
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B5FC62F5-A367-37A5-9FD2-A6E137C0096F}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23918
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BD9CFD69-EB91-354E-9C98-D439E6091932}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23918
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1A5CD70-ABEA-45A2-5A6C-B97D839EBE45}" = CCC Help Korean
"{C2B5BA39-7E72-4A96-FD46-BFC6C03FFC4A}" = CCC Help Czech
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1464D57-8585-4CE1-B219-D977157E530E}_is1" = MoZiLive 1.2.9.3
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D609F0DB-AE53-4590-8B73-89810EDFB992}_is1" = CanWay version 1.1.12
"{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918
"{DC302EDB-79AE-9B2F-83D0-B5771501FA10}" = CCC Help Italian
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE4C5E90-ED67-53FF-427E-FDE77DD54938}" = CCC Help Japanese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E100E2B5-F2EF-4955-AB7A-C3F2125A3BCD}" = Windows Live UX Platform Language Pack
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{ED57DECF-703A-786F-0E45-786738FE3454}" = CCC Help Hungarian
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6430171-B86B-4639-839E-374913E7911D}" = Google Earth
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8938EAF-550A-4641-CBC2-D0F0A5434543}" = CCC Help Chinese Traditional
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"µTorrent CZ_is1" = µTorrent CZ 1.7.7 (build 8179)
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player NPAPI" = Adobe Flash Player 25 NPAPI
"Adobe Flash Player PPAPI" = Adobe Flash Player 25 PPAPI
"AIMP" = AIMP
"AirDroid" = AirDroid 3.4.0.1
"Aslains_WoT_Modpack_Installer_is1" = Aslain's WoT Modpack verze 9.17.1.30
"Audacity_is1" = Audacity 2.0.6
"Avast Antivirus" = Avast Free Antivirus
"Avidemux 2.6 - 64bits (64-bit)" = Avidemux 2.6 - 64bits
"CloneCD" = CloneCD
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-04-20
"Dropbox" = Dropbox
"Easy CD-DA Extractor 15" = Easy CD-DA Extractor 15
"Exact Audio Copy" = Exact Audio Copy 1.3
"FastShare.cz_is1" = FastShare.cz verze 2.3.1
"Freemake Video Converter_is1" = Freemake Video Converter verze 4.1.5
"GeoGet_is1" = GeoGet verze 2.9.9.775
"GeoSetter_is1" = GeoSetter 3.4.16
"GeoSetterBeta_is1" = GeoSetter 3.4.53 beta
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"LAME_is1" = LAME v3.99.3 (for Windows)
"MozBackup" = MozBackup 1.5.1
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nik Collection" = Nik Collection
"Notepad++" = Notepad++
"PHSP_17_0_1" = Adobe Photoshop CC 2015.5
"PSPad editor_is1" = PSPad editor
"RealAlt_is1" = Real Alternative 1.8.0
"Seznam DVD 2011_is1" = Seznam DVD 2011
"SpeedFan" = SpeedFan (remove only)
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Textures.com Panorama Corrector_is1" = Textures.com Panorama Corrector v2.6
"Topaz Adjust 5" = Topaz Adjust 5
"Topaz BW Effects 2" = Topaz B&W Effects
"Topaz Clarity" = Topaz Clarity
"Topaz Clean 3" = Topaz Clean 3
"Topaz DeJpeg 4" = Topaz DeJpeg 4
"Topaz DeNoise 6" = Topaz DeNoise 6
"Topaz Detail 3" = Topaz Detail 3
"Topaz Fusion Express 2" = Topaz Fusion Express 2
"Topaz Fusion Express 2 (64-bit)" = Topaz Fusion Express 2 (64-bit)
"Topaz Impression 2" = Topaz Impression 2
"Topaz InFocus" = Topaz InFocus
"Topaz Lens Effects" = Topaz Lens Effects
"Topaz ReStyle" = Topaz ReStyle
"Topaz Simplify 4" = Topaz Simplify 4
"Topaz Star Effects" = Topaz Star Effects
"UltimateOutsider_GwxControlPanel" = GWX Control Panel
"USB Safely Remove_is1" = USB Safely Remove 5.2
"WinLiveSuite" = Windows Live Essentials
"WinSnap" = WinSnap
"Xvid Video Codec 1.3.3" = Xvid Video Codec
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-886474415-2201385491-2332788101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"58f19a2872fb977e" = Urwigo
"QIP 2012" = QIP 2012 4.0.9379
"QipGuard" = QIP Internet Guardian
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25.4.2017 13:09:31 | Computer Name = Správce-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.4.2017 1:16:16 | Computer Name = Správce-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.4.2017 1:20:19 | Computer Name = Správce-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.4.2017 10:15:06 | Computer Name = Správce-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.4.2017 15:41:57 | Computer Name = Správce-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.4.2017 1:44:28 | Computer Name = Správce-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.4.2017 1:48:45 | Computer Name = Správce-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro c:\program files (x86)\adobe\adobe
 creative cloud\utils\Creative Cloud Uninstaller.exe se nezdařilo. Chyba v souboru
 manifestu nebo zásad  na řádku .  Verze součásti požadovaná aplikací je v konfliktu
 s jinou verzí součásti, která je již aktivní.  Konfliktní součásti:  Součást 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Součást
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error - 27.4.2017 11:35:49 | Computer Name = Správce-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.4.2017 10:41:31 | Computer Name = Správce-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.4.2017 10:44:56 | Computer Name = Správce-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro c:\program files (x86)\adobe\adobe
 creative cloud\utils\Creative Cloud Uninstaller.exe se nezdařilo. Chyba v souboru
 manifestu nebo zásad  na řádku .  Verze součásti požadovaná aplikací je v konfliktu
 s jinou verzí součásti, která je již aktivní.  Konfliktní součásti:  Součást 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Součást
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
[ System Events ]
Error - 26.4.2017 6:30:06 | Computer Name = Správce-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = Zpracování zásad skupiny selhalo. Systém Windows nemohl použít nastavení
 zásad týkající se registru pro objekt zásad skupiny LocalGPO. Nastavení zásad skupiny
 nebude vyřešeno, dokud nebude vyřešena tato událost. Další informace o názvu souboru
 a cestě, které jsou příčinou selhání, zobrazíte pomocí detailů událostí.
 
Error - 26.4.2017 10:15:15 | Computer Name = Správce-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = Zpracování zásad skupiny selhalo. Systém Windows nemohl použít nastavení
 zásad týkající se registru pro objekt zásad skupiny LocalGPO. Nastavení zásad skupiny
 nebude vyřešeno, dokud nebude vyřešena tato událost. Další informace o názvu souboru
 a cestě, které jsou příčinou selhání, zobrazíte pomocí detailů událostí.
 
Error - 26.4.2017 15:42:08 | Computer Name = Správce-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = Zpracování zásad skupiny selhalo. Systém Windows nemohl použít nastavení
 zásad týkající se registru pro objekt zásad skupiny LocalGPO. Nastavení zásad skupiny
 nebude vyřešeno, dokud nebude vyřešena tato událost. Další informace o názvu souboru
 a cestě, které jsou příčinou selhání, zobrazíte pomocí detailů událostí.
 
Error - 27.4.2017 1:44:32 | Computer Name = Správce-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = Zpracování zásad skupiny selhalo. Systém Windows nemohl použít nastavení
 zásad týkající se registru pro objekt zásad skupiny LocalGPO. Nastavení zásad skupiny
 nebude vyřešeno, dokud nebude vyřešena tato událost. Další informace o názvu souboru
 a cestě, které jsou příčinou selhání, zobrazíte pomocí detailů událostí.
 
Error - 27.4.2017 3:18:32 | Computer Name = Správce-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = Zpracování zásad skupiny selhalo. Systém Windows nemohl použít nastavení
 zásad týkající se registru pro objekt zásad skupiny LocalGPO. Nastavení zásad skupiny
 nebude vyřešeno, dokud nebude vyřešena tato událost. Další informace o názvu souboru
 a cestě, které jsou příčinou selhání, zobrazíte pomocí detailů událostí.
 
Error - 27.4.2017 5:07:32 | Computer Name = Správce-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = Zpracování zásad skupiny selhalo. Systém Windows nemohl použít nastavení
 zásad týkající se registru pro objekt zásad skupiny LocalGPO. Nastavení zásad skupiny
 nebude vyřešeno, dokud nebude vyřešena tato událost. Další informace o názvu souboru
 a cestě, které jsou příčinou selhání, zobrazíte pomocí detailů událostí.
 
Error - 27.4.2017 6:41:32 | Computer Name = Správce-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = Zpracování zásad skupiny selhalo. Systém Windows nemohl použít nastavení
 zásad týkající se registru pro objekt zásad skupiny LocalGPO. Nastavení zásad skupiny
 nebude vyřešeno, dokud nebude vyřešena tato událost. Další informace o názvu souboru
 a cestě, které jsou příčinou selhání, zobrazíte pomocí detailů událostí.
 
Error - 27.4.2017 11:36:01 | Computer Name = Správce-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = Zpracování zásad skupiny selhalo. Systém Windows nemohl použít nastavení
 zásad týkající se registru pro objekt zásad skupiny LocalGPO. Nastavení zásad skupiny
 nebude vyřešeno, dokud nebude vyřešena tato událost. Další informace o názvu souboru
 a cestě, které jsou příčinou selhání, zobrazíte pomocí detailů událostí.
 
Error - 28.4.2017 10:42:09 | Computer Name = Správce-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = Zpracování zásad skupiny selhalo. Systém Windows nemohl použít nastavení
 zásad týkající se registru pro objekt zásad skupiny LocalGPO. Nastavení zásad skupiny
 nebude vyřešeno, dokud nebude vyřešena tato událost. Další informace o názvu souboru
 a cestě, které jsou příčinou selhání, zobrazíte pomocí detailů událostí.
 
Error - 28.4.2017 11:02:13 | Computer Name = Správce-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = Zpracování zásad skupiny selhalo. Systém Windows nemohl použít nastavení
 zásad týkající se registru pro objekt zásad skupiny LocalGPO. Nastavení zásad skupiny
 nebude vyřešeno, dokud nebude vyřešena tato událost. Další informace o názvu souboru
 a cestě, které jsou příčinou selhání, zobrazíte pomocí detailů událostí.
 
< End of report >

[Mirdu]

Log 2: čás

Kód: Vybrat vše

OTL logfile created on: 28.4.2017 17:04:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Dokumenty\Stažené soubory\CHROME
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18638)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
 
7,20 Gb Total Physical Memory | 5,17 Gb Available Physical Memory | 71,76% Memory free
14,40 Gb Paging File | 12,20 Gb Available in Paging File | 84,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,57 Gb Total Space | 20,66 Gb Free Space | 18,52% Space Free | Partition Type: NTFS
Drive D: | 52,73 Gb Total Space | 33,28 Gb Free Space | 63,10% Space Free | Partition Type: NTFS
Drive E: | 777,34 Gb Total Space | 13,33 Gb Free Space | 1,71% Space Free | Partition Type: NTFS
Drive G: | 101,34 Gb Total Space | 46,98 Gb Free Space | 46,36% Space Free | Partition Type: NTFS
Drive H: | 100,00 Mb Total Space | 80,24 Mb Free Space | 80,24% Space Free | Partition Type: NTFS
 
Computer Name: SPRÁVCE-PC | User Name: Správce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2017.04.28 17:02:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Dokumenty\Stažené soubory\CHROME\OTL.exe
PRC - [2017.04.12 23:04:53 | 000,288,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
PRC - [2017.03.18 21:06:14 | 009,441,432 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2017.03.02 08:22:15 | 000,262,736 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2017.02.27 10:55:02 | 002,227,312 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
PRC - [2017.02.02 23:21:46 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016.08.24 08:45:06 | 000,744,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
PRC - [2016.06.29 20:01:22 | 008,166,536 | ---- | M] () -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2016.03.24 17:01:36 | 000,680,528 | ---- | M] (ZONER software) -- C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTray.exe
PRC - [2015.12.07 01:44:38 | 000,143,144 | ---- | M] (Dropbox, Inc.) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
PRC - [2014.08.18 07:39:26 | 003,378,488 | ---- | M] (Crystal Rich Ltd) -- C:\Program Files (x86)\Aplikace\USB Safely Remove\USBSafelyRemove.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2017.04.28 17:02:20 | 000,192,512 | ---- | M] () -- C:\Users\Správce\AppData\Local\Temp\sfamcc00001.dll
MOD - [2017.04.28 17:02:20 | 000,158,720 | ---- | M] () -- C:\Users\Správce\AppData\Local\Temp\sfareca00001.dll
MOD - [2017.03.02 08:22:15 | 000,170,216 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2017.03.02 08:22:13 | 000,290,352 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
MOD - [2016.12.07 23:14:41 | 048,936,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2016.06.29 20:01:22 | 008,166,536 | ---- | M] () -- C:\Program Files (x86)\SpeedFan\speedfan.exe
MOD - [2014.11.21 23:03:30 | 000,003,072 | ---- | M] () -- C:\Program Files (x86)\Aplikace\USB Safely Remove\msimg32.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2017.04.26 20:02:52 | 000,048,944 | ---- | M] (Dropbox, Inc.) [Auto | Running] -- C:\Windows\SysNative\DbxSvc.exe -- (DbxSvc)
SRV:[b]64bit:[/b] - [2017.03.25 19:56:51 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2017.03.02 08:22:15 | 000,262,736 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2017.03.02 08:22:13 | 007,147,320 | ---- | M] (AVAST Software s.r.o.) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe -- (aswbIDSAgent)
SRV:[b]64bit:[/b] - [2016.08.31 16:59:46 | 000,348,472 | ---- | M] ("My Web Shield") [Auto | Running] -- C:\Program Files\My Web Shield\mweshieldup.exe -- (mweshieldup)
SRV:[b]64bit:[/b] - [2016.08.31 16:59:42 | 000,931,640 | ---- | M] ("My Web Shield") [Auto | Running] -- C:\Program Files\My Web Shield\mweshield.exe -- (mweshield)
SRV:[b]64bit:[/b] - [2016.08.22 18:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2015.06.23 03:14:38 | 000,245,760 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2015.06.22 21:37:14 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:[b]64bit:[/b] - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2017.04.26 07:18:19 | 000,191,944 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017.04.19 09:30:55 | 000,271,448 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017.03.20 00:48:06 | 000,105,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2017.02.27 10:55:02 | 002,227,312 | ---- | M] (Adobe Systems, Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe -- (AGSService)
SRV - [2017.02.02 23:21:46 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016.08.24 08:45:06 | 000,744,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe -- (AdobeUpdateService)
SRV - [2015.12.07 01:44:38 | 000,143,144 | ---- | M] (Dropbox, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdatem)
SRV - [2015.12.07 01:44:38 | 000,143,144 | ---- | M] (Dropbox, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdate)
SRV - [2014.08.18 07:39:26 | 001,523,000 | ---- | M] (Crystal Rich Ltd) [Auto | Running] -- C:\Program Files (x86)\Aplikace\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2017.03.22 00:00:02 | 000,548,928 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2017.03.14 16:15:33 | 000,337,592 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswvmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2017.03.02 08:22:18 | 000,162,528 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:[b]64bit:[/b] - [2017.03.02 08:22:18 | 000,126,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2017.03.02 08:22:18 | 000,100,640 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2017.03.02 08:22:18 | 000,075,704 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2017.03.02 08:22:18 | 000,038,296 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:[b]64bit:[/b] - [2017.03.02 08:22:15 | 000,993,608 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2017.03.02 08:22:13 | 000,334,600 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbloga.sys -- (aswblog)
DRV:[b]64bit:[/b] - [2017.03.02 08:22:13 | 000,309,272 | ---- | M] (AVAST Software s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys -- (aswbidsdriver)
DRV:[b]64bit:[/b] - [2017.03.02 08:22:13 | 000,189,768 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbidsha.sys -- (aswbidsh)
DRV:[b]64bit:[/b] - [2017.03.02 08:22:13 | 000,048,528 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbuniva.sys -- (aswbuniv)
DRV:[b]64bit:[/b] - [2016.11.09 17:03:08 | 000,056,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwescontroller.sys -- (mwescontroller)
DRV:[b]64bit:[/b] - [2016.03.01 05:55:36 | 000,104,976 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2015.06.23 04:03:38 | 021,612,032 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2015.06.23 03:10:50 | 000,663,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2015.06.11 19:15:53 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2015.04.03 01:14:26 | 000,229,056 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC)
DRV:[b]64bit:[/b] - [2014.11.21 17:45:11 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2014.03.31 22:06:06 | 000,058,056 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2014.02.11 17:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\AMD\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.3)
DRV:[b]64bit:[/b] - [2013.08.29 03:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2013.08.21 06:31:30 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:[b]64bit:[/b] - [2013.08.21 06:31:30 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:[b]64bit:[/b] - [2013.08.21 06:31:30 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:[b]64bit:[/b] - [2013.08.21 06:31:28 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:[b]64bit:[/b] - [2013.08.21 06:31:28 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:[b]64bit:[/b] - [2013.08.21 06:31:28 | 000,158,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:[b]64bit:[/b] - [2013.08.21 06:31:28 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:[b]64bit:[/b] - [2013.01.23 13:31:52 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:[b]64bit:[/b] - [2013.01.23 13:31:52 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:[b]64bit:[/b] - [2013.01.23 13:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:[b]64bit:[/b] - [2013.01.23 13:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:[b]64bit:[/b] - [2012.10.11 22:49:10 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:[b]64bit:[/b] - [2012.10.11 22:49:08 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:[b]64bit:[/b] - [2012.08.28 14:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2012.03.30 03:44:54 | 000,223,872 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:[b]64bit:[/b] - [2012.03.30 03:44:52 | 000,105,088 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:[b]64bit:[/b] - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2009.02.13 21:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:[b]64bit:[/b] - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2015.04.23 20:17:08 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.12.29 22:59:38 | 000,028,664 | ---- | M] (Almico Software) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-886474415-2201385491-2332788101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-886474415-2201385491-2332788101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = F0 4E C2 74 62 59 D2 01  [binary data]
IE - HKU\S-1-5-21-886474415-2201385491-2332788101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-886474415-2201385491-2332788101-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-886474415-2201385491-2332788101-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE10
IE - HKU\S-1-5-21-886474415-2201385491-2332788101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-886474415-2201385491-2332788101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.context.loadInBackground: true
FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.cz/webhp?ie=utf-8&oe=utf-8&client=firefox-b&gfe_rd=cr&ei=Luz4V9naC-na8AeQ6IGgAw#cns=0&gfe_rd=cr"
FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.11
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.5.0.2
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:53.0
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 53.0\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 53.0\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014.09.09 16:35:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014.09.09 16:35:58 | 000,000,000 | ---D | M]
 
[2016.10.08 14:52:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Extensions
[2016.12.27 21:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\browser-extension-data
[2016.12.27 21:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\browser-extension-data\firefox@tampermonkey.net
[2017.04.25 08:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\extension-data
[2017.04.25 08:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\extensions
[2017.03.31 19:09:45 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\extensions\support@lastpass.com
[2017.04.25 08:58:23 | 000,990,403 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\extensions\firefox@tampermonkey.net.xpi
[2017.01.20 15:33:28 | 000,428,713 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\extensions\firegestures@xuldev.org.xpi
[2016.10.11 19:56:45 | 000,181,909 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\extensions\linkificator@markapola.xpi
[2017.04.25 08:58:24 | 001,643,467 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\extensions\uBlock0@raymondhill.net.xpi
[2016.11.30 19:08:33 | 000,148,784 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
[2016.11.27 20:35:50 | 001,055,311 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2017.01.20 15:33:28 | 000,896,333 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2017.04.25 08:58:26 | 000,005,328 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\features\{8b12896d-90a2-4976-a964-3dc49b9ed2ba}\disable-cert-transparency@mozilla.org.xpi
[2017.04.25 08:58:27 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\features\{8b12896d-90a2-4976-a964-3dc49b9ed2ba}\disable-prefetch@mozilla.org.xpi
[2017.04.25 08:58:27 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\features\{8b12896d-90a2-4976-a964-3dc49b9ed2ba}\e10srollout@mozilla.org.xpi
[2017.03.28 12:05:48 | 000,008,115 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\features\{badc8473-e753-4f8e-b666-0e37d909274b}\deployment-checker@mozilla.org.xpi
[2017.03.28 12:05:48 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\features\{badc8473-e753-4f8e-b666-0e37d909274b}\e10srollout@mozilla.org.xpi
[2017.04.09 20:46:50 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\features\{bbb40520-98be-4c0b-8f2a-e3d3bc9506bf}\disable-prefetch@mozilla.org.xpi
[2017.04.09 20:46:50 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\features\{bbb40520-98be-4c0b-8f2a-e3d3bc9506bf}\e10srollout@mozilla.org.xpi
File not found (No name found) -- C:\USERS\SPRáVCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\138WM592.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
File not found (No name found) -- C:\USERS\SPRáVCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\138WM592.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
File not found (No name found) -- C:\USERS\SPRáVCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\138WM592.DEFAULT\EXTENSIONS\SUPPORT@LASTPASS.COM
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.6_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegfbpchoheaflicfmggkmlmcccpjpgd\1.3.0_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjfekefhjemchdeigphccilhncnjldn\4.1.256.673_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.12.1_1\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\45.0.0_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\enofjgiadilpmldfknojklfjbeaooiap\3.1_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\4.1.45.87_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb\3.9.17_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\
CHR - Extension: No name found = C:\Users\Správce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkejgpgaflkeonkliblcplomemekogop\2.47_0\
 
O1 HOSTS File: ([2016.11.02 02:04:37 | 000,000,866 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost 
O1 - Hosts: ::1             localhost 
O1 - Hosts: 0.0.0.0 account.zoner.com
O2:[b]64bit:[/b] - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software)
O4 - HKLM..\Run: [Dropbox] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-886474415-2201385491-2332788101-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-886474415-2201385491-2332788101-1000..\Run: [USB Safely Remove] C:\Program Files (x86)\Aplikace\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd)
O4 - HKU\S-1-5-21-886474415-2201385491-2332788101-1000..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTRAY.EXE (ZONER software)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Správce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-886474415-2201385491-2332788101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-886474415-2201385491-2332788101-1000\..Trusted Domains: localhost ([]* in Důvěryhodné weby)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.211.45.3 212.96.160.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A569925E-F0A9-4EC5-989F-FD258A53D474}: DhcpNameServer = 213.211.45.3 212.96.160.7
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:[b]64bit:[/b] - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{652d75fc-377c-11e4-a0dd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{652d75fc-377c-11e4-a0dd-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Run.exe
O33 - MountPoints2\{c9d20729-38fc-11e4-a2d2-902b34abcfaf}\Shell - "" = AutoRun
O33 - MountPoints2\{c9d20729-38fc-11e4-a2d2-902b34abcfaf}\Shell\AutoRun\command - "" = H:\ZTE_Handset_USB_Driver.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\winopen.exe "$EXEDIR$\Anglictina.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:[b]64bit:[/b] msacm.aacacm - AACACM.acm (fccHandler)
Drivers32:[b]64bit:[/b] msacm.ac3acm - ac3acm.acm (fccHandler)
Drivers32:[b]64bit:[/b] msacm.ac3filter - ac3filter64.acm ()
Drivers32:[b]64bit:[/b] msacm.avis - ff_acm.acm ()
Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:[b]64bit:[/b] msacm.l3pacm - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:[b]64bit:[/b] msacm.lameacm - lameACM.acm (http://www.mp3dev.org/)
Drivers32:[b]64bit:[/b] VIDC.FFDS - ff_vfw.dll ()
Drivers32:[b]64bit:[/b] VIDC.LAGS - lagarith.dll ( )
Drivers32:[b]64bit:[/b] vidc.x264 - x264vfw.dll ()
Drivers32:[b]64bit:[/b] vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2017.04.28 17:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SWCUTemp
[2017.04.28 17:02:23 | 000,000,000 | ---D | C] -- C:\Users\Správce\AppData\Roaming\Google
[2017.04.27 11:40:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2017.04.27 07:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
[2017.04.26 20:02:52 | 000,048,944 | ---- | C] (Dropbox, Inc.) -- C:\Windows\SysNative\DbxSvc.exe
[2017.04.26 17:21:56 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\AdobeGC
[2017.04.26 12:09:16 | 000,000,000 | ---D | C] -- C:\Users\Správce\AppData\Local\Tempzxpsign6b03c973f2292c19
[2017.04.26 08:44:35 | 000,000,000 | ---D | C] -- C:\Users\Správce\AppData\Local\Tempzxpsign3b5aaddb9f80764b
[2017.04.26 07:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2017.04.26 07:59:47 | 000,000,000 | ---D | C] -- C:\rsit
[2017.04.11 21:41:25 | 002,064,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2017.04.11 21:41:24 | 003,165,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2017.04.11 21:41:24 | 002,131,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2017.04.11 21:41:24 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2017.04.11 21:41:24 | 001,574,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2017.04.11 21:41:24 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2017.04.11 21:41:24 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2017.04.11 21:41:24 | 000,994,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2017.04.11 21:41:24 | 000,922,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2017.04.11 21:41:24 | 000,806,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2017.04.11 21:41:24 | 000,769,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2017.04.11 21:41:24 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2017.04.11 21:41:24 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2017.04.11 21:41:24 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2017.04.11 21:41:24 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2017.04.11 21:41:24 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2017.04.11 21:41:24 | 000,382,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2017.04.11 21:41:24 | 000,308,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2017.04.11 21:41:24 | 000,265,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2017.04.11 21:41:24 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
[2017.04.11 21:41:24 | 000,063,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-private-l1-1-0.dll
[2017.04.11 21:41:24 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
[2017.04.11 21:41:24 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
[2017.04.11 21:41:24 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
[2017.04.11 21:41:24 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-runtime-l1-1-0.dll
[2017.04.11 21:41:24 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-convert-l1-1-0.dll
[2017.04.11 21:41:24 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
[2017.04.11 21:41:24 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
[2017.04.11 21:41:24 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
[2017.04.11 21:41:24 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-filesystem-l1-1-0.dll
[2017.04.11 21:41:24 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-process-l1-1-0.dll
[2017.04.11 21:41:24 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
[2017.04.11 21:41:24 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-conio-l1-1-0.dll
[2017.04.11 21:41:24 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
[2017.04.11 21:41:24 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-locale-l1-1-0.dll
[2017.04.11 21:41:24 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
[2017.04.11 21:41:24 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-environment-l1-1-0.dll
[2017.04.11 21:41:24 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
[2017.04.11 21:41:24 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-2-0.dll
[2017.04.11 21:41:24 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l2-1-0.dll
[2017.04.11 21:41:24 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
[2017.04.11 21:41:24 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-timezone-l1-1-0.dll
[2017.04.11 21:41:24 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
[2017.04.11 21:41:24 | 000,011,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-2-0.dll
[2017.04.11 21:41:23 | 006,045,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2017.04.11 21:41:23 | 005,548,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2017.04.11 21:41:23 | 004,000,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2017.04.11 21:41:23 | 003,945,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2017.04.11 21:41:23 | 001,732,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2017.04.11 21:41:23 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2017.04.11 21:41:23 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2017.04.11 21:41:23 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2017.04.11 21:41:23 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2017.04.11 21:41:23 | 000,725,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2017.04.11 21:41:23 | 000,706,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2017.04.11 21:41:23 | 000,631,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2017.04.11 21:41:23 | 000,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2017.04.11 21:41:23 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2017.04.11 21:41:23 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2017.04.11 21:41:23 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2017.04.11 21:41:23 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2017.04.11 21:41:23 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2017.04.11 21:41:23 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmjpegdec.dll
[2017.04.11 21:41:23 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmjpegdec.dll
[2017.04.11 21:41:23 | 000,020,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-math-l1-1-0.dll
[2017.04.11 21:41:23 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-multibyte-l1-1-0.dll
[2017.04.11 21:41:23 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
[2017.04.11 21:41:23 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-string-l1-1-0.dll
[2017.04.11 21:41:23 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
[2017.04.11 21:41:23 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-stdio-l1-1-0.dll
[2017.04.11 21:41:23 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
[2017.04.11 21:41:23 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-time-l1-1-0.dll
[2017.04.11 21:41:23 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-2-0.dll
[2017.04.11 21:41:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
[2017.04.11 21:41:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
[2017.04.11 21:41:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-heap-l1-1-0.dll
[2017.04.11 21:41:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-utility-l1-1-0.dll
[2017.04.11 21:41:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
[2017.04.11 21:41:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
[2017.04.11 21:41:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-1.dll
[2017.04.11 21:41:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
[2017.04.11 21:41:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
[2017.04.11 21:41:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l2-1-0.dll
[2017.04.11 21:41:22 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2017.04.11 21:41:22 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2017.04.11 21:41:22 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2017.04.11 21:41:22 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2017.04.11 21:41:22 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2017.04.11 21:41:22 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2017.04.11 21:41:22 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2017.04.11 21:41:22 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2017.04.11 21:41:22 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2017.04.11 21:41:22 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2017.04.11 21:41:22 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2017.04.11 21:41:22 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2017.04.11 21:41:22 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2017.04.11 21:41:22 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2017.04.11 21:41:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2017.04.11 21:41:22 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2017.04.11 21:41:22 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2017.04.11 21:41:22 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2017.04.11 21:41:22 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2017.04.11 21:41:22 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2017.04.11 21:41:22 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2017.04.11 21:41:22 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2017.04.11 21:41:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2017.04.11 21:41:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2017.04.11 21:41:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2017.04.11 21:41:22 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2017.04.11 21:41:22 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2017.04.11 21:41:22 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2017.04.11 21:41:22 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2017.04.11 21:41:22 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2017.04.11 21:41:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2017.04.11 21:41:22 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2017.04.11 21:41:22 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2017.04.11 21:41:22 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2017.04.11 21:41:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2017.04.11 21:41:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2017.04.11 21:41:22 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2017.04.11 21:41:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2017.04.11 21:41:22 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2017.04.11 21:41:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2017.04.11 21:41:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2017.04.11 21:41:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2017.04.11 21:41:21 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2017.04.11 21:41:21 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2017.04.11 21:41:21 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2017.04.11 21:41:21 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2017.04.11 21:41:21 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2017.04.11 21:41:21 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2017.04.11 21:41:21 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2017.04.11 21:41:21 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2017.04.11 21:41:21 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2017.04.11 21:41:21 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2017.04.11 21:41:21 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2017.04.11 21:41:21 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcrypt.dll
[2017.04.11 21:41:21 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2017.04.11 21:41:21 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2017.04.11 21:41:21 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2017.04.11 21:41:21 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2017.04.11 21:41:21 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2017.04.11 21:41:21 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2017.04.11 21:41:21 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2017.04.11 21:41:21 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2017.04.11 21:41:21 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2017.04.11 21:41:21 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2017.04.11 21:41:21 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2017.04.11 21:41:21 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2017.04.11 21:41:21 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2017.04.11 21:41:21 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2017.04.11 21:41:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2017.04.11 21:41:21 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2017.04.11 21:41:21 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2017.04.11 21:41:21 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2017.04.11 21:41:21 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2017.04.11 21:41:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2017.04.11 21:41:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2017.04.11 21:41:21 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2017.04.11 21:41:21 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2017.04.11 21:41:21 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2017.04.11 21:41:21 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2017.04.11 21:41:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2017.04.11 21:41:21 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2017.04.11 21:41:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2017.04.11 21:41:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2017.04.11 21:41:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2017.04.11 21:41:21 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2017.04.11 21:41:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2017.04.11 21:41:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2017.04.11 21:41:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2017.04.11 21:41:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2017.04.11 21:41:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2017.04.11 21:41:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2017.04.11 21:41:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2017.04.11 21:41:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2017.04.11 21:41:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2017.04.11 21:41:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2017.04.11 21:41:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2017.04.11 21:41:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2017.04.11 21:41:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2017.04.11 21:41:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2017.04.11 21:41:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2017.04.11 21:41:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2017.04.11 21:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2017.04.11 21:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2017.04.11 21:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2017.04.11 21:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2017.04.11 21:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2017.04.11 21:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2017.04.11 21:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2017.04.11 21:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2017.04.11 21:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2017.04.11 21:41:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2017.04.11 21:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2017.04.11 21:41:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2017.04.28 17:07:18 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2017.04.28 16:49:29 | 000,029,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017.04.28 16:49:29 | 000,029,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017.04.28 16:46:13 | 001,584,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017.04.28 16:46:13 | 000,669,194 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2017.04.28 16:46:13 | 000,654,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017.04.28 16:46:13 | 000,142,040 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2017.04.28 16:46:13 | 000,122,436 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017.04.28 16:41:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017.04.28 16:41:22 | 1501,986,815 | -HS- | M] () -- C:\hiberfil.sys
[2017.04.27 17:45:28 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\spu_storage.bin
[2017.04.27 11:27:15 | 000,000,623 | ---- | M] () -- D:\Dokumenty\Petr\Vycapy_sever.tap
[2017.04.26 20:02:52 | 000,048,944 | ---- | M] (Dropbox, Inc.) -- C:\Windows\SysNative\DbxSvc.exe
[2017.04.23 22:12:21 | 000,000,278 | ---- | M] () -- C:\Users\Správce\AppData\Local\Ciferace.ini
[2017.04.19 09:30:55 | 000,802,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017.04.19 09:30:55 | 000,144,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017.04.11 22:26:57 | 004,984,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017.04.11 22:14:29 | 001,560,786 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017.04.05 21:41:15 | 000,000,177 | ---- | M] () -- C:\Users\Správce\AppData\Local\setupciferace0-302.ini
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2017.04.28 17:07:18 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2017.04.27 11:27:15 | 000,000,623 | ---- | C] () -- D:\Dokumenty\Petr\Vycapy_sever.tap
[2017.04.05 21:41:15 | 000,000,177 | ---- | C] () -- C:\Users\Správce\AppData\Local\setupciferace0-302.ini
[2016.12.26 20:23:50 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\8D472AAF62.sys
[2016.12.26 00:56:25 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\AEE72B0202.sys
[2016.12.24 12:28:28 | 000,002,568 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2016.12.24 12:28:28 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\E89DEA9E5E.sys
[2016.12.24 12:28:28 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\64575685C1.sys
[2016.12.24 12:28:28 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\6AFECDF30E.sys
[2016.11.17 00:19:08 | 000,003,714 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2016.10.08 12:55:16 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2016.09.15 01:40:52 | 000,000,028 | ---- | C] () -- C:\Windows\WinSnap64.INI
[2015.07.20 23:46:07 | 000,007,605 | ---- | C] () -- C:\Users\Správce\AppData\Local\Resmon.ResmonCfg
[2015.06.23 03:59:20 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2015.06.23 03:59:20 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2015.06.23 03:14:52 | 000,143,872 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
[2015.06.23 03:14:50 | 000,189,952 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2015.06.23 03:09:30 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\hsa-thunk.dll
[2014.11.06 22:08:05 | 000,000,270 | RHS- | C] () -- C:\Users\Správce\ntuser.pol
[2014.10.07 22:57:29 | 000,000,147 | ---- | C] () -- C:\Users\Správce\AppData\Roaming\MoZiLive.ini
[2014.09.23 21:43:15 | 000,015,326 | ---- | C] () -- C:\Users\Správce\AppData\Roaming\preview.html
[2014.09.18 12:13:49 | 000,000,278 | ---- | C] () -- C:\Users\Správce\AppData\Local\Ciferace.ini
[2014.09.18 08:26:51 | 000,000,126 | ---- | C] () -- C:\Users\Správce\AppData\Local\ciferace-0-154.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016.08.29 17:31:19 | 014,183,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016.08.29 17:12:50 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2015.11.21 15:54:54 | 000,000,000 | ---D | M] -- C:\Users\Děti\AppData\Roaming\AIMP3
[2017.04.26 17:22:03 | 000,000,000 | ---D | M] -- C:\Users\Děti\AppData\Roaming\AMD
[2014.09.09 15:04:20 | 000,000,000 | ---D | M] -- C:\Users\Děti\AppData\Roaming\AVAST Software
[2017.01.05 20:16:45 | 000,000,000 | ---D | M] -- C:\Users\Děti\AppData\Roaming\Dramatic Black & White
[2017.02.24 19:50:14 | 000,000,000 | ---D | M] -- C:\Users\Děti\AppData\Roaming\GHISLER
[2017.01.05 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\Děti\AppData\Roaming\JixiPixCommon
[2014.11.06 23:03:54 | 000,000,000 | ---D | M] -- C:\Users\Děti\AppData\Roaming\Notepad++
[2016.10.02 01:54:21 | 000,000,000 | ---D | M] -- C:\Users\Děti\AppData\Roaming\onOne Software
[2015.03.24 19:36:44 | 000,000,000 | ---D | M] -- C:\Users\Děti\AppData\Roaming\Ulead Systems
[2015.07.08 15:31:54 | 000,000,000 | ---D | M] -- C:\Users\Děti\AppData\Roaming\Wargaming.net
[2016.06.14 20:14:35 | 000,000,000 | ---D | M] -- C:\Users\Děti\AppData\Roaming\Zoner
[2017.03.13 18:41:37 | 000,000,000 | ---D | M] -- C:\Users\Ostatní\AppData\Roaming\AIMP
[2014.09.09 11:28:25 | 000,000,000 | ---D | M] -- C:\Users\Ostatní\AppData\Roaming\AVAST Software
[2017.03.07 17:30:54 | 000,000,000 | ---D | M] -- C:\Users\Ostatní\AppData\Roaming\Dramatic Black & White
[2016.11.30 17:20:16 | 000,000,000 | ---D | M] -- C:\Users\Ostatní\AppData\Roaming\GHISLER
[2017.03.07 17:30:45 | 000,000,000 | ---D | M] -- C:\Users\Ostatní\AppData\Roaming\JixiPixCommon
[2016.10.02 01:54:21 | 000,000,000 | ---D | M] -- C:\Users\Ostatní\AppData\Roaming\onOne Software
[2016.12.07 21:42:14 | 000,000,000 | ---D | M] -- C:\Users\Ostatní\AppData\Roaming\Wargaming.net
[2016.06.14 20:15:50 | 000,000,000 | ---D | M] -- C:\Users\Ostatní\AppData\Roaming\Zoner
[2014.11.19 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AC3Filter
[2017.04.24 01:03:17 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AIMP
[2016.01.20 18:28:12 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AIMP3
[2017.02.28 10:55:00 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AirDroid
[2015.07.30 01:31:11 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AMD
[2015.03.11 21:59:31 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Audacity
[2014.09.09 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AVAST Software
[2014.09.12 19:32:42 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AVG
[2014.11.17 03:19:27 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\avidemux
[2015.07.20 22:32:48 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Cocoon Software
[2017.04.21 08:32:06 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Dramatic Black & White
[2016.04.25 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Dropbox
[2016.10.02 01:40:24 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\DxO Labs
[2016.11.22 10:36:30 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\EAC
[2014.09.08 21:18:28 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\GHISLER
[2014.09.23 21:42:28 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\GSBuilder
[2015.10.30 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\HDRsoft
[2017.04.21 08:32:04 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\JixiPixCommon
[2016.05.13 10:32:14 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\kompozer.net
[2014.11.16 16:54:53 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\MOBILedit! PhoneCopier
[2014.10.07 23:29:13 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\MoZiLive
[2016.09.13 19:57:20 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Notepad++
[2016.11.17 01:30:33 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\onOne Software
[2016.10.01 22:47:23 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\PDAppFlex
[2014.09.10 09:22:55 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\QIP
[2014.09.10 09:16:19 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\QipGuard
[2014.11.18 00:45:49 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Shark007
[2015.07.09 00:29:27 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Soda PDF 3D Reader
[2016.01.20 19:32:17 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Tibo Software
[2016.10.02 01:21:06 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Tiffen
[2017.02.16 13:37:22 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\TS3Client
[2014.12.23 00:51:23 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Ulead Systems
[2014.11.13 14:21:13 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Ulozto File Manager
[2017.04.28 17:02:16 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\USBSafelyRemove
[2017.03.29 12:14:13 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\uTorrent
[2014.09.13 22:47:25 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\VitySoft
[2014.09.10 10:12:02 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Wargaming.net
[2016.09.30 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Zoner
[2014.11.06 23:15:34 | 000,000,000 | ---D | M] -- C:\Users\Škola\AppData\Roaming\AVAST Software
[2016.10.02 01:54:22 | 000,000,000 | ---D | M] -- C:\Users\Škola\AppData\Roaming\onOne Software
[2014.12.29 19:21:43 | 000,000,000 | ---D | M] -- C:\Users\Škola\AppData\Roaming\Ulead Systems
 
[color=#E56717]========== Purity Check ==========[/color]
 
KONEC 1.části

[Mirdu]

Log č2 část 2.

Kód: Vybrat vše

 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]<  >[/color]
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2016.11.29 08:24:24 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
[2016.11.29 08:24:24 | 000,000,908 | ---- | C] () -- C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
 
[color=#A23BEC]< MD5 for: AUTOCHK.EXE  >[/color]
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2016.08.29 17:04:37 | 003,229,696 | ---- | M] (Microsoft Corporation) MD5=38AE1B3C38FAEF56FE4907922F0385BA -- C:\Windows\explorer.exe
[2016.08.29 17:04:37 | 003,229,696 | ---- | M] (Microsoft Corporation) MD5=38AE1B3C38FAEF56FE4907922F0385BA -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_b0517adca98752cc\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2016.08.29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\SysWOW64\explorer.exe
[2016.08.29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_baa6252edde814c7\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
[color=#A23BEC]< MD5 for: HAL.DLL  >[/color]
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2015.04.11 06:31:36 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=43DCEC23557C32F7702C8D5BC729738F -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_2df8898bfd178df8\services.exe
[2015.04.13 05:28:33 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=71C85477DF9347FE8E7BC55768473FCA -- C:\Windows\SysNative\services.exe
[2015.04.13 05:28:33 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=71C85477DF9347FE8E7BC55768473FCA -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_2d7fe646e3ec3705\services.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012.10.03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013.09.08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014.04.05 04:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010.11.21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.09.07 04:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2016.07.07 17:36:20 | 001,896,168 | ---- | M] (Microsoft Corporation) MD5=B2875D7ABB82867DC3AA03D991940201 -- C:\Windows\SysNative\drivers\tcpip.sys
[2016.07.07 17:36:20 | 001,896,168 | ---- | M] (Microsoft Corporation) MD5=B2875D7ABB82867DC3AA03D991940201 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23496_none_117904649662b62b\tcpip.sys
[2012.10.03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.07.17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014.07.17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014.07.16 05:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< %systemroot%*.* /U /s >[/color]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[8 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[8 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\twain_32\*.tmp files -> C:\Windows\twain_32\*.tmp -> ]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2014.11.19 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AC3Filter
[2016.11.22 10:53:18 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AccurateRip
[2016.10.01 22:23:22 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Adobe
[2015.03.11 21:04:01 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Ahead
[2017.04.24 01:03:17 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AIMP
[2016.01.20 18:28:12 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AIMP3
[2017.02.28 10:55:00 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AirDroid
[2015.07.30 01:31:11 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AMD
[2014.09.08 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\ATI
[2015.03.11 21:59:31 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Audacity
[2014.09.09 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AVAST Software
[2014.09.12 19:32:42 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\AVG
[2014.11.17 03:19:27 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\avidemux
[2015.07.20 22:32:48 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Cocoon Software
[2014.12.23 00:52:50 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Corel
[2017.04.21 08:32:06 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Dramatic Black & White
[2016.04.25 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Dropbox
[2015.09.13 20:34:43 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\dvdcss
[2016.10.02 01:40:24 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\DxO Labs
[2016.11.22 10:36:30 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\EAC
[2014.09.08 21:18:28 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\GHISLER
[2017.04.28 17:02:23 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Google
[2014.09.09 01:01:58 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\GRETECH
[2014.09.23 21:42:28 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\GSBuilder
[2015.10.30 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\HDRsoft
[2014.09.09 16:37:32 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\HP
[2014.09.08 19:25:02 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Identities
[2017.04.21 08:32:04 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\JixiPixCommon
[2016.05.13 10:32:14 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\kompozer.net
[2014.09.08 21:37:17 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Macromedia
[2011.04.12 10:45:27 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Media Center Programs
[2017.04.24 12:29:20 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Media Player Classic
[2015.07.20 22:23:03 | 000,000,000 | --SD | M] -- C:\Users\Správce\AppData\Roaming\Microsoft
[2014.11.16 16:54:53 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\MOBILedit! PhoneCopier
[2014.10.07 23:29:13 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\MoZiLive
[2016.10.08 14:52:27 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Mozilla
[2014.11.21 17:43:27 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Nero
[2016.09.13 19:57:20 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Notepad++
[2016.11.17 01:30:33 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\onOne Software
[2016.10.01 22:47:23 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\PDAppFlex
[2015.09.21 09:28:27 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\PSpad
[2014.09.10 09:22:55 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\QIP
[2014.09.10 09:16:19 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\QipGuard
[2016.09.28 20:29:30 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Real
[2014.11.18 00:45:49 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Shark007
[2015.07.09 00:29:27 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Soda PDF 3D Reader
[2016.01.20 19:32:17 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Tibo Software
[2016.10.02 01:21:06 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Tiffen
[2017.02.16 13:37:22 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\TS3Client
[2014.12.23 00:51:23 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Ulead Systems
[2014.11.13 14:21:13 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Ulozto File Manager
[2017.04.28 17:02:16 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\USBSafelyRemove
[2017.03.29 12:14:13 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\uTorrent
[2014.09.13 22:47:25 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\VitySoft
[2014.09.10 10:12:02 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Wargaming.net
[2014.09.11 01:23:09 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\WinRAR
[2016.09.30 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\Správce\AppData\Roaming\Zoner
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2017.04.21 21:36:32 | 009,474,328 | ---- | M] (AIMP DevTeam) -- C:\Users\Správce\AppData\Roaming\AIMP\UpdateInstaller.exe
[2013.11.01 12:53:29 | 025,886,208 | ---- | M] () -- C:\Users\Správce\AppData\Roaming\Cocoon Software\QuickMediaConverter\bin\Std\FFmpeg.exe
[2007.03.22 12:46:42 | 000,126,976 | ---- | M] () -- C:\Users\Správce\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2015.07.20 22:43:09 | 000,920,952 | R--- | M] (WIBU-SYSTEMS AG) -- C:\Users\Správce\AppData\Roaming\Microsoft\Installer\{2D7C348F-1AC4-4AB3-87E4-F76EF7E3A916}\Icon_cmu32_cmd.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe
[2015.07.20 22:23:03 | 000,010,134 | R--- | M] () -- C:\Users\Správce\AppData\Roaming\Microsoft\Installer\{94BFDEF9-D91D-4B5D-8A60-08514C7191AF}\ARPPRODUCTICON.exe
[2014.06.23 13:35:12 | 000,436,720 | ---- | M] (QIP.ru) -- C:\Users\Správce\AppData\Roaming\QipGuard\QipGuard.exe
[2014.06.23 13:35:14 | 000,391,664 | ---- | M] () -- C:\Users\Správce\AppData\Roaming\QipGuard\QipGuard_upd.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job >[/color]
[2017.01.24 08:19:27 | 000,000,904 | ---- | M] () -- C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
[2017.01.24 08:19:27 | 000,000,908 | ---- | M] () -- C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /3 >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.* /3 >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >[/color]
"USB Safely Remove" = C:\Program Files (x86)\Aplikace\USB Safely Remove\USBSafelyRemove.exe /startup -- [2014.08.18 07:39:26 | 003,378,488 | ---- | M] (Crystal Rich Ltd)
"CCleaner Monitoring" = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR -- [2016.12.21 19:49:42 | 009,292,504 | ---- | M] (Piriform Ltd)
"Zoner Photo Studio Autoupdate" = "C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTRAY.EXE" -- [2016.03.24 17:01:36 | 000,680,528 | ---- | M] (ZONER software)
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >[/color]
[2017.03.27 19:28:47 | 000,815,312 | ---- | M] (Microsoft Corporation) MD5=C846AE3506AC61A3B38C8DFA3AA72B42 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
[color=#A23BEC]< %PROGRAMFILES%\Opera\opera.exe /md5 >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >[/color]
[2017.04.19 07:03:27 | 001,144,664 | ---- | M] (Google Inc.) MD5=B8C827F6DF6BD5C12E2C182F9DCF60E1 -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< %SystemDrive%\PhysicalMBR.bin /md5 >[/color]
[2017.04.28 17:07:18 | 000,000,512 | ---- | M] () MD5=0086F36F0B7BC8B257F89FC226376C3D -- C:\PhysicalMBR.bin
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< *crack* /s >[/color]
[2010.02.21 02:22:00 | 000,000,386 | ---- | M] () -- \Dokumenty\Petr\GeoGet\data\offline\sysimg\WM\Cracker_Barrel_Restaurants.gif
[2010.02.21 01:22:00 | 000,000,386 | ---- | M] () -- \Dokumenty\Petr\GeoGet\distdata\offline\sysimg\WM\Cracker_Barrel_Restaurants.gif
 
[color=#A23BEC]< *keygen* /s >[/color]
 
[color=#A23BEC]< *loader* /s >[/color]
[2016.04.24 22:58:18 | 003,029,032 | ---- | M] () -- \Dokumenty\Stažené soubory\Uloz.to_Uploader-setup(1).exe
[2016.05.17 11:08:55 | 003,222,264 | ---- | M] () -- \Dokumenty\Stažené soubory\Uloz.to_Uploader-setup(2).exe
[2016.05.25 21:24:16 | 003,222,560 | ---- | M] () -- \Dokumenty\Stažené soubory\Uloz.to_Uploader-setup(3).exe
[2016.07.26 22:09:02 | 003,260,584 | ---- | M] () -- \Dokumenty\Stažené soubory\Uloz.to_Uploader-setup(4).exe
[2015.04.29 07:57:14 | 002,553,050 | ---- | M] () -- \Dokumenty\Stažené soubory\Uloz.to_Uploader-setup.exe
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2016.10.02 01:54:22 | 000,000,000 | ---D | M](C:\Users\Spr?vce\AppData\Roaming\onOne Software) -- C:\Users\Spr�vce\AppData\Roaming\onOne Software
[2016.10.02 01:54:18 | 000,000,000 | ---D | M](C:\Users\Spr?vce\AppData\Roaming\Adobe) -- C:\Users\Spr�vce\AppData\Roaming\Adobe
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns4
@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns3
@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns2
@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns1

< End of report >

[Rudy]

Spusťte znovu OTL jako správce.
Do spodniho okna vlozte nasledujici text:

:OTL
@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns4
@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns3
@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns2
@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns1
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-886474415-2201385491-2332788101-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... 02&pc=UE10
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18 - Protocol\Handler\ms-help - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{652d75fc-377c-11e4-a0dd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{652d75fc-377c-11e4-a0dd-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Run.exe
O33 - MountPoints2\{c9d20729-38fc-11e4-a2d2-902b34abcfaf}\Shell - "" = AutoRun
O33 - MountPoints2\{c9d20729-38fc-11e4-a2d2-902b34abcfaf}\Shell\AutoRun\command - "" = H:\ZTE_Handset_USB_Driver.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\winopen.exe "$EXEDIR$\Anglictina.exe"


:files
C:\Users\Správce\AppData\Local\Temp
C:\Windows\SysWow64\8D472AAF62.sys
C:\Windows\SysWow64\AEE72B0202.sys
C:\Windows\SysWow64\KGyGaAvL.sys
C:\Windows\SysWow64\E89DEA9E5E.sys
C:\Windows\SysWow64\64575685C1.sys
C:\Windows\SysWow64\6AFECDF30E.sys
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[Mirdu]

Předchozí bot proveden, zde je log:

Kód: Vybrat vše

All processes killed
========== OTL ==========
Unable to delete ADS C:\ProgramData\Nalpeiron:user.ns4 .
Unable to delete ADS C:\ProgramData\Nalpeiron:user.ns3 .
Unable to delete ADS C:\ProgramData\Nalpeiron:user.ns2 .
Unable to delete ADS C:\ProgramData\Nalpeiron:user.ns1 .
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-886474415-2201385491-2332788101-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{652d75fc-377c-11e4-a0dd-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{652d75fc-377c-11e4-a0dd-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{652d75fc-377c-11e4-a0dd-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{652d75fc-377c-11e4-a0dd-806e6f6e6963}\ not found.
File G:\Run.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d20729-38fc-11e4-a2d2-902b34abcfaf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9d20729-38fc-11e4-a2d2-902b34abcfaf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d20729-38fc-11e4-a2d2-902b34abcfaf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9d20729-38fc-11e4-a2d2-902b34abcfaf}\ not found.
File H:\ZTE_Handset_USB_Driver.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\winopen.exe "$EXEDIR$\Anglictina.exe" not found.
========== FILES ==========
C:\Users\Správce\AppData\Local\Temp\_avast_ folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\WPDNSE folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\world_of_tanks\com.modxvm.xfw\native folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\world_of_tanks\com.modxvm.xfw folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\world_of_tanks folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\Rar$EXa0.477 folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\PhotoshopCrashes folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\script folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Win32API\File folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Win32API folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Win32\API folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Win32 folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\warnings folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\unicore\To folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\unicore\lib\nt folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\unicore\lib\lb folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\unicore\lib\jt folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\unicore\lib\hst folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\unicore\lib\gc_sc folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\unicore\lib\ea folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\unicore\lib\dt folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\unicore\lib\ccc folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\unicore\lib\bc folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\unicore\lib folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\unicore folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Time folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Tie folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\threads folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Text folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Term folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Scalar folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\PerlIO folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\MIME folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Math\BigInt folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Math folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\List folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\IO\Socket folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\IO folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Image\ExifTool\Lang folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Image\ExifTool\Charset folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Image\ExifTool folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Image folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Hash folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\File\Spec folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\File folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Exporter folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Encode folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Digest folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Compress folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Class folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Carp folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Win32API\File folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Win32API folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Win32\API folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Win32 folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\threads\shared folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\threads folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Thread folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Term\ReadKey folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Term folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Storable folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Socket folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\re folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\POSIX folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\PerlIO\encoding folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\PerlIO folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\MIME\Base64 folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\MIME folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\List\Util folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\List folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\IO folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\File\Glob folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\File folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Fcntl folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Encode folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\DynaLoader folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Digest\SHA folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Digest\MD5 folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Digest folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Cwd folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Compress\Zlib folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto\Compress folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\auto folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\Archive folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\ActiveState folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib\ActivePerl folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc\lib folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16\inc folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce\cache-exiftool-9.16 folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\par-Spr_vce folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\mozilla-temp-files folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\lilo.4076 folder moved successfully.
Folder move failed. C:\Users\Správce\AppData\Local\Temp\hsperfdata_Správce scheduled to be moved on reboot.
C:\Users\Správce\AppData\Local\Temp\cep_cache\PHSP_17.0.1_com.adobe.preview.loader\Local Storage folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\cep_cache\PHSP_17.0.1_com.adobe.preview.loader\GPUCache folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\cep_cache\PHSP_17.0.1_com.adobe.preview.loader\Dictionaries folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\cep_cache\PHSP_17.0.1_com.adobe.preview.loader folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\cep_cache folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\boost_interprocess_Správce\Topaz_IPC folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\boost_interprocess_Správce folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\BCLTMP\chrome folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\BCLTMP folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\852_3070 folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\4612_29027 folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\4304_28824 folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\4112_32593 folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\340_6573 folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\04281702-00001310-qmmszw88qn folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\04270745-00000fb0-4948u533zu folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\04260722-000008bc-voihy86qxh folder moved successfully.
C:\Users\Správce\AppData\Local\Temp\04250845-00000ea4-5vqd4t42xg folder moved successfully.
Folder move failed. C:\Users\Správce\AppData\Local\Temp scheduled to be moved on reboot.
C:\Windows\SysWow64\8D472AAF62.sys moved successfully.
C:\Windows\SysWow64\AEE72B0202.sys moved successfully.
C:\Windows\SysWow64\KGyGaAvL.sys moved successfully.
C:\Windows\SysWow64\E89DEA9E5E.sys moved successfully.
C:\Windows\SysWow64\64575685C1.sys moved successfully.
C:\Windows\SysWow64\6AFECDF30E.sys moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Děti
->Temp folder emptied: 41523767 bytes
->Temporary Internet Files folder emptied: 10250106 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 372594107 bytes
->Google Chrome cache emptied: 108774244 bytes
->Flash cache emptied: 99654 bytes
 
User: Ostatní
->Temp folder emptied: 221149623 bytes
->Temporary Internet Files folder emptied: 21349313 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 368341337 bytes
->Google Chrome cache emptied: 6237507 bytes
->Flash cache emptied: 53040 bytes
 
User: Public
 
User: Správce
->Temp folder emptied: 2827721 bytes
->Temporary Internet Files folder emptied: 2072506 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24769342 bytes
->Google Chrome cache emptied: 26786484 bytes
->Flash cache emptied: 538 bytes
 
User: Správce
 
User: Spr�vce
 
User: Škola
->Temp folder emptied: 12384799 bytes
->Temporary Internet Files folder emptied: 5224 bytes
->FireFox cache emptied: 131604336 bytes
->Flash cache emptied: 707 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5347418 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50635 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1 293,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Děti
->Flash cache emptied: 0 bytes
 
User: Ostatní
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Správce
->Flash cache emptied: 0 bytes
 
User: Správce
 
User: Spr�vce
 
User: Škola
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 04282017_222149

Files\Folders moved on Reboot...
C:\Users\Správce\AppData\Local\Temp\hsperfdata_Správce folder moved successfully.
C:\Users\Správce\AppData\Local\Temp folder moved successfully.
File\Folder C:\Users\Ostatní\AppData\Local\Temp\OICE_DB5DA05F-F634-4D2C-8D58-B4ABB1404EB0.0\E3F4B8F6. not found!
File\Folder C:\Users\Ostatní\AppData\Local\Temp\OICE_28C07754-4F32-4C7C-BAA1-1F926EAA443A.0\14461A89. not found!
File\Folder C:\Users\Správce\AppData\Local\Temp\hsperfdata_Správce\5036 not found!
File\Folder C:\Users\Správce\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File\Folder C:\Users\Správce\AppData\Local\Temp\proxy_vole5758418987931928326.dll not found!
File move failed. C:\Windows\temp\_avast_\AvLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CreativeCloud\ACC\ACC.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\adobegc.log scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Rudy]

Smazáno. Nastala nějaká změna?

[Mirdu]

Ne bublina vyskakuje stále, ale dělá to jen na webu nezabezpečeném (http) na https to nedělá. A vypadá to že je to Flash.

[Rudy]

Spusťte ještě tyto skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[Mirdu]

Zde logy:

1 Zoek

Kód: Vybrat vše

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Spr vce on ne 30.04.2017 at 12:18:31,24.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\SPRVCE~1\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2016-10-04-200241.log	1311 bytes
C:\zoek-results2017-04-29-200435.log	7166 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handled within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\DTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\8wpkduu3.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\DTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\8wpkduu3.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\OSTATN~1\AppData\Roaming\Mozilla\Firefox\Profiles\1lsjg5qy.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\OSTATN~1\AppData\Roaming\Mozilla\Firefox\Profiles\1lsjg5qy.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\SPRVCE~1\AppData\Roaming\kompozer.net\KompoZer\Profiles\gdsbnisb.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\SPRVCE~1\AppData\Roaming\kompozer.net\KompoZer\Profiles\gdsbnisb.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\SPRVCE~1\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\SPRVCE~1\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\KOLA~1\AppData\Roaming\Mozilla\Firefox\Profiles\au3fhqi0.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\KOLA~1\AppData\Roaming\Mozilla\Firefox\Profiles\au3fhqi0.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\DTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\8wpkduu3.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\OSTATN~1\AppData\Roaming\Mozilla\Firefox\Profiles\1lsjg5qy.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\SPRVCE~1\AppData\Roaming\kompozer.net\KompoZer\Profiles\gdsbnisb.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\SPRVCE~1\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\KOLA~1\AppData\Roaming\Mozilla\Firefox\Profiles\au3fhqi0.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [09.09.2014 16:35]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [09.09.2014 16:35]

==== Firefox Extensions ======================

ProfilePath: C:\Users\DTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\8wpkduu3.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

ProfilePath: C:\Users\SPRVCE~1\AppData\Roaming\kompozer.net\KompoZer\Profiles\gdsbnisb.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt

ProfilePath: C:\Users\SPRVCE~1\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default
- Undetermined - C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\138wm592.default\extensions\support@lastpass.com
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- FireGestures - %ProfilePath%\extensions\firegestures@xuldev.org.xpi
- Linkificator - %ProfilePath%\extensions\linkificator@markapola.xpi
- uBlock Origin - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi
- gtranslate - %ProfilePath%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

ProfilePath: C:\Users\KOLA~1\AppData\Roaming\Mozilla\Firefox\Profiles\au3fhqi0.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\KOLA~1\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86


Tas - DTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmcjnlohkgadhncnjiijddiempmnageh
Chrome Media Router - DTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Chrome Media Router - OSTATN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\DTI~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\DTI~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully
C:\Users\OSTATN~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\OSTATN~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131304997813423936&GUID=75B712EB-7649-4C48-A77C-927D097D8AB1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131304997813423936&GUID=75B712EB-7649-4C48-A77C-927D097D8AB1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\DTI~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\DTI~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\OSTATN~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\OSTATN~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\DTI~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\DTI~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\OSTATN~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\OSTATN~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\OSTATN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\OSTATN~1\AppData\Local\Mozilla\Firefox\Profiles\1lsjg5qy.default\cache2 emptied successfully
C:\Users\OSTATN~1\AppData\Roaming\Mozilla\Firefox\Profiles\1lsjg5qy.default\storage\default\https+++www.kupi.cz\cache emptied successfully
C:\Users\OSTATN~1\AppData\Roaming\Mozilla\Firefox\Profiles\1lsjg5qy.default\storage\default\https+++www.youtube.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\DTI~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\OSTATN~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=73 folders=51 152721094 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DTI~1\AppData\Local\Temp emptied successfully
C:\Users\OSTATN~1\AppData\Local\Temp emptied successfully
C:\Users\KOLA~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\SPRVCE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ne 30.04.2017 at 20:40:03,30 ======================

JTR

Kód: Vybrat vše

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Ultimate x64 
Ran by Spr vce (Administrator) on ne 30.04.2017 at 20:42:47,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 12 

Failed to delete: C:\Program Files\my web shield (Folder) 
Successfully deleted: C:\ProgramData\filefinder (Folder) 
Successfully deleted: C:\Users\Spr vce\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb (Folder) 
Successfully deleted: C:\Users\Spr vce\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_obciceimmggglbmelaidpjlmodcebijb_0.localstorage (File) 
Successfully deleted: C:\Users\Spr vce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U7QI8WF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Spr vce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KPF86TH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Spr vce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFGJFKRL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Spr vce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1Q8OXBO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U7QI8WF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KPF86TH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFGJFKRL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1Q8OXBO (Temporary Internet Files Folder) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 30.04.2017 at 20:45:35,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Rudy]

Změnilo se něco nyní?

[Mirdu]

Vypadá to OK, zatím na ně nic nevyskočilo, budu to tak 3 dny testovat a sledovat.
Kdyby se něco objevilo, nebo změnilo tak se ozvu.

Díky za pomoc.