Logfile of random's system information tool 1.10 (written by random/random)
Run by kulivoko at 2015-01-29 17:25:31
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 4 GB (3%) free of 114 GB
Total RAM: 8149 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:25:32, on 29.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\VIA_XHCI\usb3Monitor.exe
C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\C2MP\TrayMenu.exe
C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\kulivoko.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: NotesBrowserHelperObject - {0E9EF4E6-4BF5-4350-95B6-EEB88E105783} - D:\Lotus\Notes\msie\nnotebho.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [!IBM Notes Browser Plugin IE Registration] REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults" /v notes /t REG_DWORD /d 2 /f
O4 - HKLM\..\Run: [Codec Settings UAC Manager] "C:\Windows\system32\C2MP\CodecUACManager.exe"
O4 - HKLM\..\Run: [Sound Blaster Recon3D PCIe Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\INSTALL\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\kulivoko\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Codec Pack Update Checker] "C:\Windows\system32\C2MP\UpdateChecker.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = kulivoko\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Odeslat do OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O4 - Global Startup: CodecPackTrayMenu.lnk = C:\Windows\SysWOW64\C2MP\TrayMenu.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab.co ... 5.24.0.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: notes - {D10B24B3-B653-4E94-ABAF-B4FA22F2E4EA} - D:\Lotus\Notes\msie\nnotebho.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\appinit_dll.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Sound Blaster Service (CtHdaSvc) - Creative Technology Ltd - C:\Windows\sysWow64\CtHdaSvc.exe
O23 - Service: DirMngr - Unknown owner - D:\INSTALL\GnuPG\dirmngr.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IBM Notes Diagnostics - IBM - D:\Lotus\Notes\nsd.exe
O23 - Service: Jedno přihlášení do programu IBM Notes (IBM Notes Single Logon) - IBM Corp - D:\Lotus\Notes\nslsvice.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Služba IBM Notes Smart Upgrade (LNSUSvc) - IBM Corp - D:\Lotus\Notes\SUService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Multi-user Cleanup Service - IBM Corp - D:\Lotus\Notes\ntmulti.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\INSTALL\VMWare\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 16429 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Lotus\Notes\nslsvice.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
C:\Windows\sysWow64\CtHdaSvc.exe
"D:\INSTALL\GnuPG\dirmngr.exe" --service
"C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe"
D:\Lotus\Notes\nsd.exe -svcinvoke -ini "D:\Lotus\Notes\notes.ini"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
D:\Lotus\Notes\SUService.exe
D:\Lotus\Notes\ntmulti.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\SysWOW64\vmnat.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
D:\INSTALL\VMWare\vmware-authd.exe
WLIDSvcM.exe 2624
C:\Windows\SysWOW64\vmnetdhcp.exe
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {A77A4A34-E9B2-4D71-923C-FB09A9B8C451}
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
"C:\VIA_XHCI\usb3Monitor.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" /r
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Windows\SysWOW64\C2MP\TrayMenu.exe"
"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe"
"C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5216.0.79168045\596212860" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,39 --gpu-vendor-id=0x1002 --gpu-device-id=0x6899 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=9.12.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy31Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5216.2.1094427569\475497542" /prefetch:673131151
"C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy31Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5216.4.433179386\862557041" /prefetch:673131151
"C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy31Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5216.5.572311896\896465" /prefetch:673131151
"C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy31Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5216.7.1094948844\744462423" /prefetch:673131151
"C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy31Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5216.13.173274245\1041796389" /prefetch:673131151
"C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy31Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5216.17.1285742383\1148072516" /prefetch:673131151
"C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy31Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5216.22.13202845\2066646714" /prefetch:673131151
"C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5216.23.934761734\1870589626" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy31Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5216.27.814624031\263065767" /prefetch:673131151
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
wmiadap.exe /F /T /R
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"D:\kulivoko\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job - C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job - C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job - C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job - C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\kulivoko\AppData\Roaming\Mozilla\Firefox\Profiles\p9x2o9vb.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=D:\INSTALL\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=D:\INSTALL\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\INSTALL\ADOBE\Acrobat\Air\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-11-04 218784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08 163720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-11-12 886480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-11-12 2334928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08 163720]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E9EF4E6-4BF5-4350-95B6-EEB88E105783}]
IBM Notes Browser Plug-in - D:\Lotus\Notes\msie\nnotebho.dll [2013-03-09 254568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-10-14 153248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-22 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21 141192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-11-12 710864]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-11-12 1729744]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-22 172968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21 141192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08 163720]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21 141192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"=C:\VIA_XHCI\usb3Monitor.exe [2011-07-12 331776]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-08-25 170304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-08-25 398656]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-08-25 441152]
"VIRTU MVP"=C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [2012-11-29 3049776]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 1331288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\INSTALL\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]
"Facebook Update"=C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24 138096]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart []
"SkyDrive"=C:\Users\kulivoko\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [2014-10-13 277672]
"Google Update"=C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-13 116648]
"Codec Pack Update Checker"=C:\Windows\system32\C2MP\UpdateChecker.exe []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"!IBM Notes Browser Plugin IE Registration"=REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults /v notes /t REG_DWORD /d 2 /f []
"Codec Settings UAC Manager"=C:\Windows\system32\C2MP\CodecUACManager.exe []
"Sound Blaster Recon3D PCIe Control Panel"=C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [2012-12-18 976896]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-10-15 157480]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
CodecPackTrayMenu.lnk - C:\Windows\SysWOW64\C2MP\TrayMenu.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Users\kulivoko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\Dropbox.exe
Odeslat do OneNote.lnk - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\appinit_dll.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-08-24 441856]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.ffds"=ff_vfw.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-01-29 17:24:22 ----D---- C:\rsit
2015-01-29 17:24:22 ----D---- C:\Program Files\trend micro
2015-01-28 19:35:11 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-28 19:19:52 ----ASH---- C:\pagefile.sys
2015-01-28 19:18:50 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2015-01-28 19:18:36 ----D---- C:\Program Files\iPod
2015-01-28 19:18:35 ----D---- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-28 19:18:35 ----D---- C:\ProgramData\Apple Computer
2015-01-28 19:18:35 ----D---- C:\Program Files\iTunes
2015-01-28 19:18:35 ----D---- C:\Program Files (x86)\iTunes
2015-01-28 19:18:26 ----D---- C:\Program Files (x86)\Apple Software Update
2015-01-28 19:18:22 ----D---- C:\Program Files\Common Files\Apple
2015-01-28 19:17:54 ----D---- C:\Program Files\Bonjour
2015-01-28 19:17:54 ----D---- C:\Program Files (x86)\Bonjour
2015-01-25 12:53:09 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-01-25 12:53:09 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-01-25 12:53:09 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-01-25 12:53:09 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-01-25 12:53:09 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-01-25 12:53:09 ----A---- C:\Windows\system32\wuwebv.dll
2015-01-25 12:53:09 ----A---- C:\Windows\system32\wups2.dll
2015-01-25 12:53:09 ----A---- C:\Windows\system32\wups.dll
2015-01-25 12:53:09 ----A---- C:\Windows\system32\wudriver.dll
2015-01-25 12:53:09 ----A---- C:\Windows\system32\wucltux.dll
2015-01-25 12:53:09 ----A---- C:\Windows\system32\wuaueng.dll
2015-01-25 12:53:09 ----A---- C:\Windows\system32\wuauclt.exe
2015-01-25 12:53:09 ----A---- C:\Windows\system32\wuapp.exe
2015-01-25 12:53:09 ----A---- C:\Windows\system32\wuapi.dll
2015-01-25 12:53:09 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-01-25 12:53:09 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-01-21 01:47:07 ----HD---- C:\$Windows.~BT
2015-01-14 22:42:19 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-01-14 22:42:19 ----A---- C:\Windows\system32\profsvc.dll
2015-01-14 22:42:19 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-14 22:42:18 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-14 22:42:18 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-14 22:42:18 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-09 20:33:21 ----D---- C:\Program Files\McAfee Security Scan
======List of files/folders modified in the last 1 month======
2015-01-29 17:24:55 ----D---- C:\Windows\Temp
2015-01-29 17:24:22 ----RD---- C:\Program Files
2015-01-29 17:23:27 ----D---- C:\Windows\system32\config
2015-01-29 17:22:36 ----A---- C:\Windows\SYSWOW64\log.txt
2015-01-29 17:20:23 ----D---- C:\Users\kulivoko\AppData\Roaming\Dropbox
2015-01-29 17:20:05 ----D---- C:\ProgramData\VMware
2015-01-29 17:20:02 ----D---- C:\Windows
2015-01-29 17:19:54 ----SHD---- C:\System Volume Information
2015-01-29 17:19:54 ----HD---- C:\ProgramData
2015-01-29 17:18:09 ----D---- C:\ProgramData\Oracle
2015-01-29 17:18:03 ----SHD---- C:\Windows\Installer
2015-01-29 17:18:03 ----D---- C:\Windows\SysWOW64
2015-01-29 17:18:00 ----D---- C:\Program Files (x86)\Java
2015-01-29 17:14:25 ----D---- C:\Program Files (x86)\Google
2015-01-29 17:13:58 ----RD---- C:\Program Files (x86)
2015-01-29 17:13:26 ----D---- C:\Program Files\Common Files\Native Instruments
2015-01-29 17:12:52 ----D---- C:\Program Files (x86)\Common Files
2015-01-29 17:12:17 ----D---- C:\Program Files (x86)\Creative
2015-01-29 17:12:16 ----D---- C:\Windows\System32
2015-01-29 17:10:39 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-01-29 16:59:42 ----D---- C:\Windows\inf
2015-01-29 16:59:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-01-29 16:55:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 19:20:21 ----D---- C:\Users\kulivoko\AppData\Roaming\Apple Computer
2015-01-28 19:19:25 ----D---- C:\Windows\system32\catroot
2015-01-28 19:18:50 ----DC---- C:\Windows\system32\DRVSTORE
2015-01-28 19:18:50 ----D---- C:\Windows\system32\drivers
2015-01-28 19:18:27 ----D---- C:\Windows\system32\Tasks
2015-01-28 19:18:26 ----D---- C:\ProgramData\Apple
2015-01-28 19:18:25 ----D---- C:\Windows\system32\DriverStore
2015-01-28 19:18:22 ----D---- C:\Program Files\Common Files
2015-01-28 19:14:08 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2015-01-28 19:12:52 ----D---- C:\Windows\system32\cs-CZ
2015-01-25 19:59:49 ----D---- C:\Windows\Panther
2015-01-25 14:17:11 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-01-25 13:44:38 ----D---- C:\Windows\rescache
2015-01-25 12:53:11 ----D---- C:\Windows\winsxs
2015-01-25 12:53:10 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-01-25 12:53:09 ----D---- C:\Windows\system32\catroot2
2015-01-25 12:51:02 ----D---- C:\Windows\system32\wfp
2015-01-25 12:51:02 ----D---- C:\Windows\PolicyDefinitions
2015-01-25 12:51:01 ----D---- C:\Windows\Tasks
2015-01-25 12:51:01 ----D---- C:\Windows\system32\wbem
2015-01-25 12:51:01 ----D---- C:\Windows\system32\Macromed
2015-01-25 12:50:58 ----D---- C:\Windows\AppCompat
2015-01-25 12:50:56 ----D---- C:\Windows\registration
2015-01-25 12:50:48 ----SD---- C:\ProgramData\Microsoft
2015-01-24 16:26:39 ----D---- C:\Windows\Logs
2015-01-24 16:26:05 ----D---- C:\Windows\SoftwareDistribution
2015-01-23 20:08:23 ----D---- C:\Windows\system32\appmgmt
2015-01-17 20:37:54 ----D---- C:\Windows\SYSWOW64\C2MP
2015-01-16 03:25:25 ----D---- C:\Program Files\Microsoft Office 15
2015-01-10 16:00:51 ----D---- C:\Users\kulivoko\AppData\Roaming\Skype
2015-01-09 20:33:22 ----D---- C:\ProgramData\McAfee Security Scan
2014-12-31 12:14:31 ----N---- C:\Windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2012-02-01 568600]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 269008]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2013-10-08 85584]
R0 vsock;vSockets Driver; C:\Windows\system32\drivers\vsock.sys [2013-10-08 73296]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-04 283200]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2014-05-16 254240]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2014-05-16 128288]
R2 Dokan;Dokan; \??\C:\Windows\system32\drivers\dokan.sys [2011-01-10 120408]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2014-02-27 54464]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 125584]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2014-04-14 46160]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2014-04-14 31448]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2014-04-14 64728]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 11278336]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-12-19 552960]
R3 CompFilter64;UVCCompositeFilter; C:\Windows\system32\DRIVERS\lvbflt64.sys [2012-09-21 24608]
R3 cthda;Sound Blaster HDAudio; C:\Windows\system32\drivers\cthda.sys [2013-07-30 1049880]
R3 cthdb;SB Recon3D PCIe Audio Bus Filter; C:\Windows\system32\DRIVERS\cthdb.sys [2013-07-30 28440]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-09-21 351520]
R3 LVUVC64;Logitech HD Webcam C525(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-09-21 4763680]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 MonitorFunction;Driver for Monitor; C:\Windows\system32\DRIVERS\TVMonitor.sys [2013-06-06 16376]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2014-05-16 141600]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2014-05-16 156448]
R3 VirtuWDDM;VirtuWDDM; C:\Windows\system32\DRIVERS\VirtuWDDM.sys [2012-11-29 97072]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2014-04-14 33496]
R3 VUSB3HUB;VIA USB 3 Root Hub Service; C:\Windows\system32\DRIVERS\ViaHub3.sys [2012-01-20 205312]
S1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys []
S1 hwinterface;hwinterface; C:\Windows\System32\Drivers\hwinterface.sys []
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2014-10-22 21712]
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2013-01-20 25640]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2014-10-22 25640]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2013-03-09 30528]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-08-24 9000256]
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
S3 radpms;Driver for RADPMS Device; C:\Windows\system32\DRIVERS\radpms.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-08-15 54784]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2014-05-16 115488]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2012-05-04 2196592]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2014-04-14 20560]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-12-19 240640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-10-07 60744]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2014-11-12 2449592]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2012-10-08 423424]
R2 CtHdaSvc;Sound Blaster Service; C:\Windows\sysWow64\CtHdaSvc.exe [2013-07-30 103936]
R2 DirMngr;DirMngr; D:\INSTALL\GnuPG\dirmngr.exe [2013-10-07 218112]
R2 DokanMounter;DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
R2 IBM Notes Diagnostics;IBM Notes Diagnostics; D:\Lotus\Notes\nsd.exe [2013-03-09 5162088]
R2 IBM Notes Single Logon;Jedno přihlášení do programu IBM Notes; D:\Lotus\Notes\nslsvice.exe [2013-03-09 57448]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-16 277784]
R2 LNSUSvc;Služba IBM Notes Smart Upgrade ; D:\Lotus\Notes\SUService.exe [2013-03-09 1654376]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 23784]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; D:\Lotus\Notes\ntmulti.exe [2013-03-09 37480]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2012-05-04 27760]
R2 VMAuthdService;VMware Authorization Service; D:\INSTALL\VMWare\vmware-authd.exe [2014-04-14 86744]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\syswow64\vmnetdhcp.exe [2014-04-14 359128]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-02-27 906432]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\syswow64\vmnat.exe [2014-04-14 437976]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-10-15 643880]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-22 116648]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25 267440]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-08-25 276288]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-07-10 79360]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-22 116648]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 289256]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-28 114800]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-06-02 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2014-06-02 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-02-08 569024]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-14 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o preventivni kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosim o preventivni kontrolu
Zdravim 
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosim o preventivni kontrolu
zdravim,
log zde:
# AdwCleaner v4.111 - Logfile created 19/02/2015 at 17:40:17
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : kulivoko - KULIVOKO-PC
# Running from : D:\kulivoko\Downloads\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\kulivoko\AppData\Local\Conduit
Folder Deleted : C:\Users\kulivoko\AppData\Local\eSupport.com
Folder Deleted : C:\Users\kulivoko\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\kulivoko\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\kulivoko\AppData\Roaming\RHEng
Folder Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [3568 bytes] - [19/02/2015 17:30:10]
AdwCleaner[S0].txt - [3197 bytes] - [19/02/2015 17:40:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3256 bytes] ##########
log zde:
# AdwCleaner v4.111 - Logfile created 19/02/2015 at 17:40:17
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : kulivoko - KULIVOKO-PC
# Running from : D:\kulivoko\Downloads\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\kulivoko\AppData\Local\Conduit
Folder Deleted : C:\Users\kulivoko\AppData\Local\eSupport.com
Folder Deleted : C:\Users\kulivoko\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\kulivoko\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\kulivoko\AppData\Roaming\RHEng
Folder Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [3568 bytes] - [19/02/2015 17:30:10]
AdwCleaner[S0].txt - [3197 bytes] - [19/02/2015 17:40:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3256 bytes] ##########
Re: Prosim o preventivni kontrolu
Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosim o preventivni kontrolu
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 19.2.2015
Čas skenování: 18:23:15
Protokol: gg.txt
Správce: Ano
Verze: 2.00.4.1028
Databáze malwaru: v2015.02.19.07
Databáze rootkitů: v2015.02.03.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: kulivoko
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 649012
Uplynulý čas: 1 hod, 4 min, 51 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjištěny položek)
Moduly: 0
(Žádné zákerné zjištěny položek)
Klíče registru: 0
(Žádné zákerné zjištěny položek)
Hodnoty registru: 0
(Žádné zákerné zjištěny položek)
Data registru: 0
(Žádné zákerné zjištěny položek)
Složky: 0
(Žádné zákerné zjištěny položek)
Soubory: 5
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumnceopwav.exe, , [e37036eacbbfe94d8b54b9837a882cd4],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmnceopwav.exe, , [59face529af053e3ecee82cb39c9e31d],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmnceopwav.exe, , [282b7fa11f6b45f1f73043f319e8f10f],
Trojan.Agent, D:\SKOLA\res_trojuh.zip, , [c48f7ba5a6e4330312e6933e887dbd43],
PUP.Optional.Conduit.A, C:\Users\kulivoko\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx, , [8dc626facfbb0e285dfa12a5a95a49b7],
Fyzické sektory: 0
(Žádné zákerné zjištěny položek)
(end)
www.malwarebytes.org
Datum skenování: 19.2.2015
Čas skenování: 18:23:15
Protokol: gg.txt
Správce: Ano
Verze: 2.00.4.1028
Databáze malwaru: v2015.02.19.07
Databáze rootkitů: v2015.02.03.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: kulivoko
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 649012
Uplynulý čas: 1 hod, 4 min, 51 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjištěny položek)
Moduly: 0
(Žádné zákerné zjištěny položek)
Klíče registru: 0
(Žádné zákerné zjištěny položek)
Hodnoty registru: 0
(Žádné zákerné zjištěny položek)
Data registru: 0
(Žádné zákerné zjištěny položek)
Složky: 0
(Žádné zákerné zjištěny položek)
Soubory: 5
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumnceopwav.exe, , [e37036eacbbfe94d8b54b9837a882cd4],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmnceopwav.exe, , [59face529af053e3ecee82cb39c9e31d],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmnceopwav.exe, , [282b7fa11f6b45f1f73043f319e8f10f],
Trojan.Agent, D:\SKOLA\res_trojuh.zip, , [c48f7ba5a6e4330312e6933e887dbd43],
PUP.Optional.Conduit.A, C:\Users\kulivoko\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx, , [8dc626facfbb0e285dfa12a5a95a49b7],
Fyzické sektory: 0
(Žádné zákerné zjištěny položek)
(end)
Re: Prosim o preventivni kontrolu
Tohle znate? D:\SKOLA\res_trojuh.zip Pokud to nepotrebujete, do karanteny s tim.
Ostatni nalezy hodte urcite do karanteny. Po restartu pc test zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.
Ostatni nalezy hodte urcite do karanteny. Po restartu pc test zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosim o preventivni kontrolu
sken jiz nic nenasel, budeme dal nejak postupovat?
Re: Prosim o preventivni kontrolu
MBAM muzete odinstalovat. Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosim o preventivni kontrolu
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by kulivoko (administrator) on KULIVOKO-PC on 20-02-2015 23:42:34
Running from C:\Users\kulivoko\Desktop
Loaded Profiles: kulivoko (Available profiles: kulivoko)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IBM Corp) D:\Lotus\Notes\nslsvice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
() D:\INSTALL\GnuPG\dirmngr.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(IBM) D:\Lotus\Notes\nsd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IBM Corp) D:\Lotus\Notes\SUService.exe
(IBM Corp) D:\Lotus\Notes\ntmulti.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) D:\INSTALL\VMWare\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\kulivoko\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [VIRTU MVP] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3049776 2012-11-29] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [!IBM Notes Browser Plugin IE Registration] => REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults" /v notes /t REG_DWORD /d 2 /f
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\C2MP\CodecUACManager.exe [60344 2014-12-21] ()
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [976896 2012-12-18] (Creative Technology Ltd)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [DAEMON Tools Lite] => D:\INSTALL\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [Facebook Update] => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-24] (Facebook Inc.)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [SkyDrive] => C:\Users\kulivoko\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-13] (Microsoft Corporation)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [Google Update] => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-13] (Google Inc.)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [Codec Pack Update Checker] => "C:\Windows\system32\C2MP\UpdateChecker.exe"
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\MountPoints2: {264129a4-6ea5-11e2-b0f1-902b34d6c4e3} - F:\install.exe
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\MountPoints2: {f8c4b865-5d84-11e2-ae80-806e6f6e6963} - G:\Run.exe
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [473392 2012-11-29] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [434480 2012-11-29] (Lucidlogix Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\kulivoko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\kulivoko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: IBM Notes Browser Plug-in -> {0E9EF4E6-4BF5-4350-95B6-EEB88E105783} -> D:\Lotus\Notes\msie\nnotebho.dll (IBM Corp)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 5.24.0.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
Handler-x32: notes - {D10B24B3-B653-4E94-ABAF-B4FA22F2E4EA} - D:\Lotus\Notes\msie\nnotebho.dll (IBM Corp)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
FireFox:
========
FF ProfilePath: C:\Users\kulivoko\AppData\Roaming\Mozilla\Firefox\Profiles\p9x2o9vb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> D:\INSTALL\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\INSTALL\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> D:\INSTALL\ADOBE\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2656396209-808181322-151742322-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\kulivoko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2656396209-808181322-151742322-1000: @tools.google.com/Google Update;version=3 -> C:\Users\kulivoko\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2656396209-808181322-151742322-1000: @tools.google.com/Google Update;version=9 -> C:\Users\kulivoko\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\INSTALL\ADOBE\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\INSTALL\ADOBE\Acrobat\Browser\WCFirefoxExtn [2013-05-29]
FF HKLM-x32\...\Firefox\Extensions: [IBMNotesBrowserExtension@ibm.com] - D:\Lotus\Notes\mozilla
FF Extension: IBM Notes Browser Plug-in Extension - D:\Lotus\Notes\mozilla [2014-07-12]
FF HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-24]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-07-12]
CHR Extension: (Google Docs) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-13]
CHR Extension: (Readlang) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apcnmoajpaldpbepelpjgbplhoeidhia [2014-08-25]
CHR Extension: (Google Drive) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-13]
CHR Extension: (YouTube) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-13]
CHR Extension: (Pushbullet) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-06-26]
CHR Extension: (Google Search) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-13]
CHR Extension: (No Name) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2015-02-19]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-05-30]
CHR Extension: (Gmail Offline) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-08-03]
CHR Extension: (timeStats) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejifodhjoeeenihgfpjijjmpomaphmah [2014-08-03]
CHR Extension: (Google Sheets) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-24]
CHR Extension: (Google Keep - notes and lists) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-06-26]
CHR Extension: (Kindle Cloud Reader) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-08-03]
CHR Extension: (Google Play Books) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-01-13]
CHR Extension: (Google Wallet) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-01-13]
CHR Extension: (Launch Readlang Web Reader) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2014-08-25]
CHR Extension: (Watch Free Movies Online) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofihpagioalfmgekegeijhaglbapgbmn [2014-08-03]
CHR Extension: (Red Bull TV) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbalkogcfbpplioohgihkidalmomblfc [2014-08-03]
CHR Extension: (No Name) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\INSTALL\ADOBE\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
StartMenuInternet: Google Chrome.QYXD6X2AZLNA624KSGSE5K2XAQ - C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-07-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2013-07-30] (Creative Technology Ltd)
R2 DirMngr; D:\INSTALL\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 IBM Notes Diagnostics; D:\Lotus\Notes\nsd.exe [5162088 2013-03-09] (IBM)
R2 IBM Notes Single Logon; D:\Lotus\Notes\nslsvice.exe [57448 2013-03-09] (IBM Corp)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 LNSUSvc; D:\Lotus\Notes\SUService.exe [1654376 2013-03-09] (IBM Corp)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Multi-user Cleanup Service; D:\Lotus\Notes\ntmulti.exe [37480 2013-03-09] (IBM Corp)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
R2 VMAuthdService; D:\INSTALL\VMWare\vmware-authd.exe [86744 2014-04-14] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2012-11-06] () [File not signed]
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1049880 2013-07-30] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-07-30] (Creative Technology Ltd)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-04] (DT Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-03-09] ()
S1 hwinterface; C:\Windows\SysWOW64\Drivers\hwinterface.sys [3026 2013-09-17] (Logix4u) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-05-16] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S1 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 radpms; system32\DRIVERS\radpms.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\kulivoko\AppData\Local\Temp\tmp7E2A.tmp [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-20 23:42 - 2015-02-20 23:42 - 00029570 _____ () C:\Users\kulivoko\Desktop\FRST.txt
2015-02-20 23:42 - 2015-02-20 23:42 - 00000000 ____D () C:\FRST
2015-02-20 23:41 - 2015-02-20 23:39 - 02086912 _____ (Farbar) C:\Users\kulivoko\Desktop\FRST64.exe
2015-02-20 23:41 - 2015-02-20 23:36 - 00112640 _____ (forum.viry.cz) C:\Users\kulivoko\Desktop\FRSTLauncher.exe
2015-02-20 15:15 - 2015-02-20 15:15 - 00000022 _____ () C:\Windows\S.dirmngr
2015-02-19 22:31 - 2015-02-20 23:12 - 00000000 ____D () C:\Program Files\iTunes
2015-02-19 22:31 - 2015-02-19 22:31 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-19 22:31 - 2015-02-19 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-19 22:31 - 2015-02-19 22:31 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-19 22:31 - 2015-02-19 22:31 - 00000000 ____D () C:\Program Files\iPod
2015-02-19 22:31 - 2015-02-19 22:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-19 18:21 - 2015-02-19 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-19 18:09 - 2015-02-19 18:09 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-02-19 18:04 - 2015-02-19 18:04 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-02-19 17:30 - 2015-02-19 17:40 - 00000000 ____D () C:\AdwCleaner
2015-02-16 07:40 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-16 07:40 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-16 07:40 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-16 07:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-16 07:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-01-29 17:24 - 2015-01-29 17:25 - 00000000 ____D () C:\Program Files\trend micro
2015-01-29 17:24 - 2015-01-29 17:24 - 00000000 ____D () C:\rsit
2015-01-29 17:00 - 2015-01-29 17:00 - 00010233 _____ () C:\Windows\SysWOW64\hs_err_pid5152.log
2015-01-28 20:27 - 2015-01-28 20:27 - 00010233 _____ () C:\Windows\SysWOW64\hs_err_pid2980.log
2015-01-28 19:35 - 2015-01-28 19:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 19:18 - 2015-02-19 22:31 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-28 19:18 - 2015-01-28 19:18 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-28 19:18 - 2015-01-28 19:18 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-01-28 19:18 - 2015-01-28 19:18 - 00000000 ____D () C:\Users\kulivoko\AppData\Local\Apple Computer
2015-01-28 19:18 - 2015-01-28 19:18 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-28 19:18 - 2015-01-28 19:18 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-28 19:18 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-28 19:17 - 2015-01-28 19:17 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-28 19:17 - 2015-01-28 19:17 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-25 12:53 - 2015-01-25 12:53 - 02916352 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 02589696 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-25 12:53 - 2015-01-25 12:53 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-25 12:53 - 2015-01-25 12:53 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-25 12:53 - 2015-01-25 12:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-01-21 01:47 - 2015-01-25 21:55 - 00000000 ___HD () C:\$Windows.~BT
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-20 23:17 - 2013-01-20 15:43 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-20 23:16 - 2013-02-24 17:11 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job
2015-02-20 23:06 - 2013-01-13 14:33 - 01420781 _____ () C:\Windows\WindowsUpdate.log
2015-02-20 23:05 - 2013-01-13 14:45 - 00000974 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job
2015-02-20 22:59 - 2011-04-12 09:34 - 00702820 _____ () C:\Windows\system32\perfh005.dat
2015-02-20 22:59 - 2011-04-12 09:34 - 00153698 _____ () C:\Windows\system32\perfc005.dat
2015-02-20 22:59 - 2009-07-14 06:13 - 01660972 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 22:55 - 2014-06-22 09:33 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-20 22:50 - 2014-10-22 19:41 - 00014649 _____ () C:\Windows\setupact.log
2015-02-20 22:48 - 2013-02-24 17:11 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job
2015-02-20 15:23 - 2009-07-14 05:45 - 00033120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-20 15:23 - 2009-07-14 05:45 - 00033120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 15:16 - 2014-09-28 06:58 - 00000000 ___RD () C:\Users\kulivoko\Dropbox
2015-02-20 15:16 - 2014-06-22 09:33 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 15:16 - 2013-08-29 16:58 - 00000000 ____D () C:\Users\kulivoko\AppData\Roaming\Dropbox
2015-02-20 15:15 - 2014-12-16 23:22 - 00023002 _____ () C:\SUService.log
2015-02-20 15:15 - 2014-10-22 19:41 - 00016640 _____ () C:\Windows\PFRO.log
2015-02-20 15:15 - 2014-06-27 08:02 - 00000000 ____D () C:\ProgramData\VMware
2015-02-20 15:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-19 23:43 - 2013-03-01 08:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-19 21:09 - 2013-01-14 09:53 - 00000000 ____D () C:\Users\kulivoko\AppData\Local\CRE
2015-02-19 21:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-02-19 20:18 - 2014-07-03 22:23 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-02-19 20:18 - 2014-07-03 22:23 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-02-19 18:05 - 2013-01-22 15:54 - 00000000 ____D () C:\Users\kulivoko\AppData\Local\Adobe
2015-02-19 18:04 - 2013-01-22 15:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-19 17:07 - 2009-07-14 05:45 - 00438760 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-16 17:08 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-16 17:07 - 2014-07-24 17:44 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-16 17:07 - 2014-07-24 17:40 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-16 17:07 - 2014-07-24 17:40 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-16 17:07 - 2014-07-24 17:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-16 17:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-16 15:05 - 2013-01-13 14:45 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job
2015-02-16 07:35 - 2014-09-28 06:57 - 00000000 ____D () C:\Users\kulivoko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-07 15:00 - 2013-01-13 14:45 - 00003954 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA
2015-02-07 15:00 - 2013-01-13 14:45 - 00003558 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core
2015-02-07 14:50 - 2014-06-22 09:33 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 14:50 - 2014-06-22 09:33 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 04:17 - 2013-01-20 15:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 04:17 - 2013-01-20 15:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 04:17 - 2013-01-20 15:43 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-29 17:18 - 2013-12-04 00:50 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-29 17:18 - 2013-04-11 12:32 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-29 17:14 - 2014-06-22 09:33 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-29 17:13 - 2014-12-13 23:15 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2015-01-29 17:12 - 2013-07-10 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2015-01-29 17:12 - 2013-07-10 08:48 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-29 17:10 - 2013-01-13 14:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-29 17:09 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-29 17:05 - 2015-01-04 16:58 - 00001975 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-01-29 16:55 - 2014-09-17 16:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 19:20 - 2013-07-21 05:28 - 00000000 ____D () C:\Users\kulivoko\AppData\Roaming\Apple Computer
2015-01-28 19:18 - 2013-07-20 11:37 - 00000000 ____D () C:\ProgramData\Apple
2015-01-28 19:14 - 2014-10-15 00:06 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-01-25 19:59 - 2013-01-13 14:26 - 00000000 ____D () C:\Windows\Panther
2015-01-25 13:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-25 12:52 - 2013-01-13 14:33 - 00000000 ____D () C:\Users\kulivoko
2015-01-25 12:51 - 2013-01-20 15:43 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-25 12:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-25 12:50 - 2014-03-24 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-01-25 12:50 - 2013-01-13 14:47 - 00000000 ____D () C:\Users\kulivoko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-25 12:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-25 12:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-23 20:11 - 2013-07-10 08:48 - 00000078 ___RH () C:\Windows\ctfile.rfc
2015-01-23 20:11 - 2013-07-10 08:48 - 00000000 ____D () C:\Users\Public\Creative
2015-01-23 20:08 - 2013-08-27 14:23 - 00000000 ____D () C:\Windows\system32\appmgmt
==================== Files in the root of some directories =======
2013-08-28 17:23 - 2013-08-28 17:38 - 0000385 _____ () C:\Users\kulivoko\AppData\Roaming\burnaware.ini
2013-12-11 01:01 - 2013-12-11 01:44 - 0000110 _____ () C:\Users\kulivoko\AppData\Roaming\net.telestream.wirecast.webstream.xml
2013-12-11 00:53 - 2014-09-20 11:13 - 0081785 _____ () C:\Users\kulivoko\AppData\Roaming\net.telestream.wirecast.xml
2013-12-11 00:53 - 2013-12-11 00:53 - 0014120 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0005028 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_main.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0014543 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0014186 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0004755 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_BAMBUSER_AFFILIATE_ID_brandingimage_destination.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0004935 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_CHURCHSTREAMING_AFFILIATE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0003123 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_DACAST_AFFILIATE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0004149 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_HIGH_SCHOOL_CUBE_AFFIALITE_ID_brandingimage_destination.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0004356 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFIALITE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0003439 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0003825 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_main.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0005621 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_AFFIALITE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0005621 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2014-09-20 11:12 - 2014-09-20 11:12 - 0001451 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_SHOWCASTER_AFFILIATE_ID_brandingimage_destination.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0010088 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_destination.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0004482 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_main.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0007122 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMING_MEDIA_HOSTING_AFFILIATE_ID_brandingimage_destination.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0010619 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFIALITE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0010619 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2014-09-20 11:12 - 2014-09-20 11:12 - 0016966 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_STRETCH_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0008986 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFIALITE_ID_brandingimage_destination.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0003302 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFIALITE_ID_brandingimage_destination.png
2014-12-06 22:11 - 2014-12-06 22:37 - 0000600 _____ () C:\Users\kulivoko\AppData\Local\PUTTY.RND
2014-09-13 10:59 - 2014-09-13 10:59 - 0000882 _____ () C:\Users\kulivoko\AppData\Local\recently-used.xbel
2014-09-15 22:18 - 2014-12-06 10:39 - 0007597 _____ () C:\Users\kulivoko\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\kulivoko\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfrikpe.dll
C:\Users\kulivoko\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\kulivoko\AppData\Local\Temp\Quarantine.exe
C:\Users\kulivoko\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kulivoko\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-16 07:56
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:111.57 GB) (Free:6.83 GB) NTFS
Drive d: () (Fixed) (Total:833.85 GB) (Free:167.35 GB) NTFS
Drive f: (SimCity) (CDROM) (Total:3.01 GB) (Free:0 GB) CDFS
Drive h: (KULIVOKO -) (Removable) (Total:1.88 GB) (Free:1.15 GB) FAT32
Available physical RAM: 6087.94 MB
Total physical RAM: 8149.27 MB
Percentage of memory in use: 25%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: B100A5DF)
Disk: 1 (Size: 931.5 GB) (Disk ID: 60839EAF)
Partition 1: (Active) - (Size=833.9 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\TEMP:8927A071
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\kulivoko\Desktop" je 2 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by kulivoko (administrator) on KULIVOKO-PC on 20-02-2015 23:42:34
Running from C:\Users\kulivoko\Desktop
Loaded Profiles: kulivoko (Available profiles: kulivoko)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IBM Corp) D:\Lotus\Notes\nslsvice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
() D:\INSTALL\GnuPG\dirmngr.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(IBM) D:\Lotus\Notes\nsd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IBM Corp) D:\Lotus\Notes\SUService.exe
(IBM Corp) D:\Lotus\Notes\ntmulti.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) D:\INSTALL\VMWare\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\kulivoko\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [VIRTU MVP] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3049776 2012-11-29] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [!IBM Notes Browser Plugin IE Registration] => REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults" /v notes /t REG_DWORD /d 2 /f
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\C2MP\CodecUACManager.exe [60344 2014-12-21] ()
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [976896 2012-12-18] (Creative Technology Ltd)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [DAEMON Tools Lite] => D:\INSTALL\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [Facebook Update] => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-24] (Facebook Inc.)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [SkyDrive] => C:\Users\kulivoko\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-13] (Microsoft Corporation)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [Google Update] => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-13] (Google Inc.)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [Codec Pack Update Checker] => "C:\Windows\system32\C2MP\UpdateChecker.exe"
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\MountPoints2: {264129a4-6ea5-11e2-b0f1-902b34d6c4e3} - F:\install.exe
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\MountPoints2: {f8c4b865-5d84-11e2-ae80-806e6f6e6963} - G:\Run.exe
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [473392 2012-11-29] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [434480 2012-11-29] (Lucidlogix Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\kulivoko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\kulivoko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kulivoko\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: IBM Notes Browser Plug-in -> {0E9EF4E6-4BF5-4350-95B6-EEB88E105783} -> D:\Lotus\Notes\msie\nnotebho.dll (IBM Corp)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 5.24.0.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
Handler-x32: notes - {D10B24B3-B653-4E94-ABAF-B4FA22F2E4EA} - D:\Lotus\Notes\msie\nnotebho.dll (IBM Corp)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
FireFox:
========
FF ProfilePath: C:\Users\kulivoko\AppData\Roaming\Mozilla\Firefox\Profiles\p9x2o9vb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> D:\INSTALL\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\INSTALL\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> D:\INSTALL\ADOBE\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2656396209-808181322-151742322-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\kulivoko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2656396209-808181322-151742322-1000: @tools.google.com/Google Update;version=3 -> C:\Users\kulivoko\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2656396209-808181322-151742322-1000: @tools.google.com/Google Update;version=9 -> C:\Users\kulivoko\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\INSTALL\ADOBE\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\INSTALL\ADOBE\Acrobat\Browser\WCFirefoxExtn [2013-05-29]
FF HKLM-x32\...\Firefox\Extensions: [IBMNotesBrowserExtension@ibm.com] - D:\Lotus\Notes\mozilla
FF Extension: IBM Notes Browser Plug-in Extension - D:\Lotus\Notes\mozilla [2014-07-12]
FF HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-24]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-07-12]
CHR Extension: (Google Docs) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-13]
CHR Extension: (Readlang) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apcnmoajpaldpbepelpjgbplhoeidhia [2014-08-25]
CHR Extension: (Google Drive) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-13]
CHR Extension: (YouTube) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-13]
CHR Extension: (Pushbullet) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-06-26]
CHR Extension: (Google Search) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-13]
CHR Extension: (No Name) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2015-02-19]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-05-30]
CHR Extension: (Gmail Offline) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-08-03]
CHR Extension: (timeStats) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejifodhjoeeenihgfpjijjmpomaphmah [2014-08-03]
CHR Extension: (Google Sheets) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-24]
CHR Extension: (Google Keep - notes and lists) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-06-26]
CHR Extension: (Kindle Cloud Reader) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-08-03]
CHR Extension: (Google Play Books) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-01-13]
CHR Extension: (Google Wallet) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-01-13]
CHR Extension: (Launch Readlang Web Reader) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2014-08-25]
CHR Extension: (Watch Free Movies Online) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofihpagioalfmgekegeijhaglbapgbmn [2014-08-03]
CHR Extension: (Red Bull TV) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbalkogcfbpplioohgihkidalmomblfc [2014-08-03]
CHR Extension: (No Name) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\INSTALL\ADOBE\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
StartMenuInternet: Google Chrome.QYXD6X2AZLNA624KSGSE5K2XAQ - C:\Users\kulivoko\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-07-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2013-07-30] (Creative Technology Ltd)
R2 DirMngr; D:\INSTALL\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 IBM Notes Diagnostics; D:\Lotus\Notes\nsd.exe [5162088 2013-03-09] (IBM)
R2 IBM Notes Single Logon; D:\Lotus\Notes\nslsvice.exe [57448 2013-03-09] (IBM Corp)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 LNSUSvc; D:\Lotus\Notes\SUService.exe [1654376 2013-03-09] (IBM Corp)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Multi-user Cleanup Service; D:\Lotus\Notes\ntmulti.exe [37480 2013-03-09] (IBM Corp)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
R2 VMAuthdService; D:\INSTALL\VMWare\vmware-authd.exe [86744 2014-04-14] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2012-11-06] () [File not signed]
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1049880 2013-07-30] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-07-30] (Creative Technology Ltd)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-04] (DT Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-03-09] ()
S1 hwinterface; C:\Windows\SysWOW64\Drivers\hwinterface.sys [3026 2013-09-17] (Logix4u) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-05-16] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S1 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 radpms; system32\DRIVERS\radpms.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\kulivoko\AppData\Local\Temp\tmp7E2A.tmp [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-20 23:42 - 2015-02-20 23:42 - 00029570 _____ () C:\Users\kulivoko\Desktop\FRST.txt
2015-02-20 23:42 - 2015-02-20 23:42 - 00000000 ____D () C:\FRST
2015-02-20 23:41 - 2015-02-20 23:39 - 02086912 _____ (Farbar) C:\Users\kulivoko\Desktop\FRST64.exe
2015-02-20 23:41 - 2015-02-20 23:36 - 00112640 _____ (forum.viry.cz) C:\Users\kulivoko\Desktop\FRSTLauncher.exe
2015-02-20 15:15 - 2015-02-20 15:15 - 00000022 _____ () C:\Windows\S.dirmngr
2015-02-19 22:31 - 2015-02-20 23:12 - 00000000 ____D () C:\Program Files\iTunes
2015-02-19 22:31 - 2015-02-19 22:31 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-19 22:31 - 2015-02-19 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-19 22:31 - 2015-02-19 22:31 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-19 22:31 - 2015-02-19 22:31 - 00000000 ____D () C:\Program Files\iPod
2015-02-19 22:31 - 2015-02-19 22:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-19 18:21 - 2015-02-19 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-19 18:09 - 2015-02-19 18:09 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-02-19 18:04 - 2015-02-19 18:04 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-02-19 17:30 - 2015-02-19 17:40 - 00000000 ____D () C:\AdwCleaner
2015-02-16 07:40 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-16 07:40 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-16 07:40 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-16 07:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-16 07:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-01-29 17:24 - 2015-01-29 17:25 - 00000000 ____D () C:\Program Files\trend micro
2015-01-29 17:24 - 2015-01-29 17:24 - 00000000 ____D () C:\rsit
2015-01-29 17:00 - 2015-01-29 17:00 - 00010233 _____ () C:\Windows\SysWOW64\hs_err_pid5152.log
2015-01-28 20:27 - 2015-01-28 20:27 - 00010233 _____ () C:\Windows\SysWOW64\hs_err_pid2980.log
2015-01-28 19:35 - 2015-01-28 19:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 19:18 - 2015-02-19 22:31 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-28 19:18 - 2015-01-28 19:18 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-28 19:18 - 2015-01-28 19:18 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-01-28 19:18 - 2015-01-28 19:18 - 00000000 ____D () C:\Users\kulivoko\AppData\Local\Apple Computer
2015-01-28 19:18 - 2015-01-28 19:18 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-28 19:18 - 2015-01-28 19:18 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-28 19:18 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-28 19:17 - 2015-01-28 19:17 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-28 19:17 - 2015-01-28 19:17 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-25 12:53 - 2015-01-25 12:53 - 02916352 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 02589696 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-25 12:53 - 2015-01-25 12:53 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-25 12:53 - 2015-01-25 12:53 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-25 12:53 - 2015-01-25 12:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-01-25 12:53 - 2015-01-25 12:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-01-21 01:47 - 2015-01-25 21:55 - 00000000 ___HD () C:\$Windows.~BT
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-20 23:17 - 2013-01-20 15:43 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-20 23:16 - 2013-02-24 17:11 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job
2015-02-20 23:06 - 2013-01-13 14:33 - 01420781 _____ () C:\Windows\WindowsUpdate.log
2015-02-20 23:05 - 2013-01-13 14:45 - 00000974 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job
2015-02-20 22:59 - 2011-04-12 09:34 - 00702820 _____ () C:\Windows\system32\perfh005.dat
2015-02-20 22:59 - 2011-04-12 09:34 - 00153698 _____ () C:\Windows\system32\perfc005.dat
2015-02-20 22:59 - 2009-07-14 06:13 - 01660972 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 22:55 - 2014-06-22 09:33 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-20 22:50 - 2014-10-22 19:41 - 00014649 _____ () C:\Windows\setupact.log
2015-02-20 22:48 - 2013-02-24 17:11 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job
2015-02-20 15:23 - 2009-07-14 05:45 - 00033120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-20 15:23 - 2009-07-14 05:45 - 00033120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 15:16 - 2014-09-28 06:58 - 00000000 ___RD () C:\Users\kulivoko\Dropbox
2015-02-20 15:16 - 2014-06-22 09:33 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 15:16 - 2013-08-29 16:58 - 00000000 ____D () C:\Users\kulivoko\AppData\Roaming\Dropbox
2015-02-20 15:15 - 2014-12-16 23:22 - 00023002 _____ () C:\SUService.log
2015-02-20 15:15 - 2014-10-22 19:41 - 00016640 _____ () C:\Windows\PFRO.log
2015-02-20 15:15 - 2014-06-27 08:02 - 00000000 ____D () C:\ProgramData\VMware
2015-02-20 15:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-19 23:43 - 2013-03-01 08:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-19 21:09 - 2013-01-14 09:53 - 00000000 ____D () C:\Users\kulivoko\AppData\Local\CRE
2015-02-19 21:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-02-19 20:18 - 2014-07-03 22:23 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-02-19 20:18 - 2014-07-03 22:23 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-02-19 18:05 - 2013-01-22 15:54 - 00000000 ____D () C:\Users\kulivoko\AppData\Local\Adobe
2015-02-19 18:04 - 2013-01-22 15:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-19 17:07 - 2009-07-14 05:45 - 00438760 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-16 17:08 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-16 17:07 - 2014-07-24 17:44 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-16 17:07 - 2014-07-24 17:40 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-16 17:07 - 2014-07-24 17:40 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-16 17:07 - 2014-07-24 17:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-16 17:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-16 15:05 - 2013-01-13 14:45 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job
2015-02-16 07:35 - 2014-09-28 06:57 - 00000000 ____D () C:\Users\kulivoko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-07 15:00 - 2013-01-13 14:45 - 00003954 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA
2015-02-07 15:00 - 2013-01-13 14:45 - 00003558 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core
2015-02-07 14:50 - 2014-06-22 09:33 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 14:50 - 2014-06-22 09:33 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 04:17 - 2013-01-20 15:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 04:17 - 2013-01-20 15:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 04:17 - 2013-01-20 15:43 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-29 17:18 - 2013-12-04 00:50 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-29 17:18 - 2013-04-11 12:32 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-29 17:14 - 2014-06-22 09:33 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-29 17:13 - 2014-12-13 23:15 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2015-01-29 17:12 - 2013-07-10 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2015-01-29 17:12 - 2013-07-10 08:48 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-29 17:10 - 2013-01-13 14:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-29 17:09 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-29 17:05 - 2015-01-04 16:58 - 00001975 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-01-29 16:55 - 2014-09-17 16:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 19:20 - 2013-07-21 05:28 - 00000000 ____D () C:\Users\kulivoko\AppData\Roaming\Apple Computer
2015-01-28 19:18 - 2013-07-20 11:37 - 00000000 ____D () C:\ProgramData\Apple
2015-01-28 19:14 - 2014-10-15 00:06 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-01-25 19:59 - 2013-01-13 14:26 - 00000000 ____D () C:\Windows\Panther
2015-01-25 13:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-25 12:52 - 2013-01-13 14:33 - 00000000 ____D () C:\Users\kulivoko
2015-01-25 12:51 - 2013-01-20 15:43 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-25 12:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-25 12:50 - 2014-03-24 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-01-25 12:50 - 2013-01-13 14:47 - 00000000 ____D () C:\Users\kulivoko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-25 12:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-25 12:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-23 20:11 - 2013-07-10 08:48 - 00000078 ___RH () C:\Windows\ctfile.rfc
2015-01-23 20:11 - 2013-07-10 08:48 - 00000000 ____D () C:\Users\Public\Creative
2015-01-23 20:08 - 2013-08-27 14:23 - 00000000 ____D () C:\Windows\system32\appmgmt
==================== Files in the root of some directories =======
2013-08-28 17:23 - 2013-08-28 17:38 - 0000385 _____ () C:\Users\kulivoko\AppData\Roaming\burnaware.ini
2013-12-11 01:01 - 2013-12-11 01:44 - 0000110 _____ () C:\Users\kulivoko\AppData\Roaming\net.telestream.wirecast.webstream.xml
2013-12-11 00:53 - 2014-09-20 11:13 - 0081785 _____ () C:\Users\kulivoko\AppData\Roaming\net.telestream.wirecast.xml
2013-12-11 00:53 - 2013-12-11 00:53 - 0014120 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0005028 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_main.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0014543 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0014186 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0004755 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_BAMBUSER_AFFILIATE_ID_brandingimage_destination.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0004935 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_CHURCHSTREAMING_AFFILIATE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0003123 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_DACAST_AFFILIATE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0004149 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_HIGH_SCHOOL_CUBE_AFFIALITE_ID_brandingimage_destination.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0004356 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFIALITE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0003439 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0003825 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_main.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0005621 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_AFFIALITE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0005621 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2014-09-20 11:12 - 2014-09-20 11:12 - 0001451 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_SHOWCASTER_AFFILIATE_ID_brandingimage_destination.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0010088 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_destination.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0004482 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_main.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0007122 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMING_MEDIA_HOSTING_AFFILIATE_ID_brandingimage_destination.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0010619 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFIALITE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0010619 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2014-09-20 11:12 - 2014-09-20 11:12 - 0016966 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_STRETCH_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2013-12-11 00:53 - 2013-12-11 00:53 - 0008986 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFIALITE_ID_brandingimage_destination.png
2014-07-30 10:01 - 2014-07-30 10:01 - 0003302 _____ () C:\Users\kulivoko\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFIALITE_ID_brandingimage_destination.png
2014-12-06 22:11 - 2014-12-06 22:37 - 0000600 _____ () C:\Users\kulivoko\AppData\Local\PUTTY.RND
2014-09-13 10:59 - 2014-09-13 10:59 - 0000882 _____ () C:\Users\kulivoko\AppData\Local\recently-used.xbel
2014-09-15 22:18 - 2014-12-06 10:39 - 0007597 _____ () C:\Users\kulivoko\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\kulivoko\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfrikpe.dll
C:\Users\kulivoko\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\kulivoko\AppData\Local\Temp\Quarantine.exe
C:\Users\kulivoko\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kulivoko\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-16 07:56
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:111.57 GB) (Free:6.83 GB) NTFS
Drive d: () (Fixed) (Total:833.85 GB) (Free:167.35 GB) NTFS
Drive f: (SimCity) (CDROM) (Total:3.01 GB) (Free:0 GB) CDFS
Drive h: (KULIVOKO -) (Removable) (Total:1.88 GB) (Free:1.15 GB) FAT32
Available physical RAM: 6087.94 MB
Total physical RAM: 8149.27 MB
Percentage of memory in use: 25%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: B100A5DF)
Disk: 1 (Size: 931.5 GB) (Disk ID: 60839EAF)
Partition 1: (Active) - (Size=833.9 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\TEMP:8927A071
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\kulivoko\Desktop" je 2 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- (10.07 KiB) Staženo 57 x
Re: Prosim o preventivni kontrolu
Odinstalujte McAfee Security Scan Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [DAEMON Tools Lite] => D:\INSTALL\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [Facebook Update] => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-24] (Facebook Inc.)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [Google Update] => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-13] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
FF HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR Extension: (No Name) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2015-02-19]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S1 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\kulivoko\AppData\Local\Temp\tmp7E2A.tmp [X]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-22 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-22 116648]
2015-02-19 18:21 - 2015-02-19 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 17:05 - 2015-01-04 16:58 - 00001975 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\TEMP:8927A071
Hosts:
EmptyTemp:
Reboot:
EndKliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosim o preventivni kontrolu
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by kulivoko at 2015-02-21 21:47:01 Run:1
Running from C:\Users\kulivoko\Desktop
Loaded Profiles: kulivoko (Available profiles: kulivoko)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [DAEMON Tools Lite] => D:\INSTALL\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [Facebook Update] => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-24] (Facebook Inc.)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [Google Update] => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-13] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
FF HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR Extension: (No Name) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2015-02-19]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S1 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\kulivoko\AppData\Local\Temp\tmp7E2A.tmp [X]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-22 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-22 116648]
2015-02-19 18:21 - 2015-02-19 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 17:05 - 2015-01-04 16:58 - 00001975 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\TEMP:8927A071
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value deleted successfully.
HKU\S-1-5-21-2656396209-808181322-151742322-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
HKU\S-1-5-21-2656396209-808181322-151742322-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value deleted successfully.
HKU\S-1-5-21-2656396209-808181322-151742322-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleDriveSync => value deleted successfully.
HKU\S-1-5-21-2656396209-808181322-151742322-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKU\S-1-5-21-2656396209-808181322-151742322-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => Value not found.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi not found.
C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk => Moved successfully.
McComponentHostService => Service not found.
Avgfwfd => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
AdobeARMservice => Service deleted successfully.
gupdate => Service deleted successfully.
AdobeFlashPlayerUpdateSvc => Service deleted successfully.
gupdatem => Service deleted successfully.
C:\ProgramData\Malwarebytes => Moved successfully.
"C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk" => File/Directory not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => Moved successfully.
C:\ProgramData\TEMP => ":4FC01C57" ADS removed successfully.
C:\ProgramData\TEMP => ":8927A071" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.5 GB temporary data.
The system needed a reboot.
==== End of Fixlog 21:47:34 ====
Ran by kulivoko at 2015-02-21 21:47:01 Run:1
Running from C:\Users\kulivoko\Desktop
Loaded Profiles: kulivoko (Available profiles: kulivoko)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [DAEMON Tools Lite] => D:\INSTALL\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [Facebook Update] => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-24] (Facebook Inc.)
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Run: [Google Update] => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-13] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
FF HKU\S-1-5-21-2656396209-808181322-151742322-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR Extension: (No Name) - C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2015-02-19]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S1 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\kulivoko\AppData\Local\Temp\tmp7E2A.tmp [X]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-22 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-22 116648]
2015-02-19 18:21 - 2015-02-19 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 17:05 - 2015-01-04 16:58 - 00001975 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => C:\Users\kulivoko\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => C:\Users\kulivoko\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\TEMP:8927A071
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value deleted successfully.
HKU\S-1-5-21-2656396209-808181322-151742322-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
HKU\S-1-5-21-2656396209-808181322-151742322-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value deleted successfully.
HKU\S-1-5-21-2656396209-808181322-151742322-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleDriveSync => value deleted successfully.
HKU\S-1-5-21-2656396209-808181322-151742322-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKU\S-1-5-21-2656396209-808181322-151742322-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => Value not found.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi not found.
C:\Users\kulivoko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk => Moved successfully.
McComponentHostService => Service not found.
Avgfwfd => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
AdobeARMservice => Service deleted successfully.
gupdate => Service deleted successfully.
AdobeFlashPlayerUpdateSvc => Service deleted successfully.
gupdatem => Service deleted successfully.
C:\ProgramData\Malwarebytes => Moved successfully.
"C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk" => File/Directory not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2656396209-808181322-151742322-1000UA.job => Moved successfully.
C:\ProgramData\TEMP => ":4FC01C57" ADS removed successfully.
C:\ProgramData\TEMP => ":8927A071" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.5 GB temporary data.
The system needed a reboot.
==== End of Fixlog 21:47:34 ====
Re: Prosim o preventivni kontrolu
Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce) vyosek píše:
- Stahnete a spustte
- Ponechte zatrzitkou pouze u volby Remote disinfection tools
- Kliknete na Run
Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)
Defragmentujte disk(y) (SSD Disky ne!)Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.
Pak napiste, jak je na tom pc.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosim o preventivni kontrolu
vsechno co jste psal, jsem udelal, pc se zda byt v poradku, velmi vam dekuji za pomoc
Re: Prosim o preventivni kontrolu
Nemate zac!
Mejte se a treba zase nekdy
Mejte se a treba zase nekdy
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?