Malware

Zpráva

markyzamek · #1 Příspěvek od **markyzamek** » 14 dub 2016 07:16

Dobrý den, prosím o pomoc. Začal jsem používat nějakou dobu nepoužívaný, neaktualizovaný a nečištěný pc přítelkyně.
Když jsem v internetovém prohlížeči, kamkoliv kliknu, přesměruje mě to na jinou - reklamní - stránku.
Z různých diskuzí a poraden jsem si zjistil, že se může jednat o malware.
Původní antivirus je zastaralý, tak jsem stáhl free home verzi Avastu, IOBit Malware fighter.
MF při scanu nic nenašel, Avast našel asi 5 souborů, při léčení se podařily vyléčit jen 2, u ostatních hlásil chybu, že je nelze najít. Problém s reklamou v Chtomu i Mozzile stále přetrvává.
Stáhl jsem tedy Spybot Search and Destroy a ani ten nenašel nic. Imunizoval jsem alespoň systém (jestli to k něčemu je).
Nevím, zda scany scanují celý systém, nebo jen disk C (hlavní disk; pak tu je ještě disk D). U některých programů jsem to v nastavení dokázal změnit, ale v některých jsem tuto možnost nenašel a tím pádem mám obavy, že neproběhla kompletní kontrola.
Po přečtení dalších diskuzí jsem stáhl aplikace Gmer, která nejspíše našla nějaký rootkit v mém systému. Poté jsem konečně stáhl i RSIT a udělal scan i tam.

Scan Gmeru, který mi našel nějaké "Threads":
GMER 2.1.19322 - http://www.gmer.net
Rootkit scan 2016-04-14 08:09:22
Windows 5.1.2600 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AADS-00M2B0 rev.01.00A01 465,76GB
Running: gmer.exe; Driver: C:\Users\MIRA~1\AppData\Local\Temp\ugloypoc.sys

---- Modules - GMER 2.1 ----

Module \??\C:\Users\MIRA~1\AppData\Local\Temp\ugloypoc.sys (GMER) fffff88006c42000-fffff88006c52000 (65536 bytes)

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [1032:3040] 000007fef76720c0
Thread C:\Windows\System32\svchost.exe [1032:3048] 000007fef76726a8
Thread C:\Windows\System32\svchost.exe [1032:2240] 000007fef76729dc
Thread C:\Windows\System32\svchost.exe [1032:2104] 000007fef76729dc
Thread C:\Windows\System32\svchost.exe [1032:2352] 000007fef76729dc
Thread C:\Windows\System32\svchost.exe [1032:3640] 000007fef65344e0
Thread C:\Windows\system32\svchost.exe [1056:3148] 000007fef6c50ea8
Thread C:\Windows\system32\svchost.exe [1056:3152] 000007fef6c49db0
Thread C:\Windows\system32\svchost.exe [1056:3180] 000007fef6c4aa10
Thread C:\Windows\system32\svchost.exe [1056:3188] 000007fef6c51c94
Thread C:\Windows\system32\svchost.exe [1056:4592] 000007feefa8d3c8
Thread C:\Windows\system32\svchost.exe [1056:4596] 000007feefa8d3c8
Thread C:\Windows\system32\svchost.exe [1056:4600] 000007feefa8d3c8
Thread C:\Windows\system32\svchost.exe [1056:4604] 000007feefa8d3c8
Thread C:\Windows\system32\svchost.exe [1056:7304] 000007fef09e6ed4
Thread C:\Windows\system32\svchost.exe [1056:6300] 000007fef09e6b8c
Thread C:\Windows\system32\svchost.exe [1304:1340] 000007fefb2c341c
Thread C:\Windows\system32\svchost.exe [1304:1348] 000007fefb2c3a2c
Thread C:\Windows\system32\svchost.exe [1304:1352] 000007fefb2c3768
Thread C:\Windows\system32\svchost.exe [1304:1360] 000007fefb2c5c20
Thread C:\Windows\system32\svchost.exe [1304:1484] 000007fefb2c3900
Thread C:\Windows\system32\svchost.exe [1304:1124] 000007fef86abd88
Thread C:\Windows\system32\svchost.exe [1304:3732] 000007fef6835170
Thread C:\Windows\system32\svchost.exe [1304:3068] 000007fef8645124
Thread C:\Windows\System32\spoolsv.exe [1620:2548] 000007fef77810c8
Thread C:\Windows\System32\spoolsv.exe [1620:2560] 000007fef7746144
Thread C:\Windows\System32\spoolsv.exe [1620:2564] 000007fef8e75fd0
Thread C:\Windows\System32\spoolsv.exe [1620:2568] 000007fef8343438
Thread C:\Windows\System32\spoolsv.exe [1620:2572] 000007fef8e763ec
Thread C:\Windows\System32\spoolsv.exe [1620:2588] 000007fef7f35e5c
Thread C:\Windows\System32\spoolsv.exe [1620:2596] 000007fef7885074
Thread C:\Windows\System32\spoolsv.exe [1620:2788] 000007fef78f2288
Thread C:\Windows\system32\svchost.exe [660:1400] 000007fef8e75fd0
Thread C:\Windows\system32\svchost.exe [660:1700] 000007fef8e763ec
Thread C:\Windows\system32\svchost.exe [660:3064] 000007fef8558470
Thread C:\Windows\system32\svchost.exe [660:2196] 000007fef8562418
Thread C:\Windows\system32\svchost.exe [660:1260] 000007fef482f130
Thread C:\Windows\system32\svchost.exe [660:3924] 000007fef4824734
Thread C:\Windows\system32\svchost.exe [660:1320] 000007fef4824734
Thread C:\Windows\system32\svchost.exe [660:3548] 000007fef8645124
Thread C:\Windows\System32\svchost.exe [3668:3364] 000007fef4789688
Thread C:\Windows\system32\Dwm.exe [2828:3836] 000007fefac8f0d8
Thread C:\Windows\system32\Dwm.exe [2828:2840] 000007fef62fabf0
Thread C:\Windows\System32\rundll32.exe [3144:4132] 000007fef6d67840
Thread C:\Windows\System32\rundll32.exe [3144:4136] 000007fef6d67840
Thread C:\Program Files\Windows Sidebar\sidebar.exe [3128:1276] 000007fefb842a7c
Thread C:\Program Files\Windows Sidebar\sidebar.exe [3128:1556] 000007fef2027ad0
Thread C:\Program Files\Windows Sidebar\sidebar.exe [3128:724] 000007fef1ca3500
Thread C:\Program Files\Windows Sidebar\sidebar.exe [3128:2288] 000007fef1ca3500
Thread C:\Program Files\Windows Sidebar\sidebar.exe [3128:3680] 000007fef1ca3500
Thread C:\Windows\system32\taskhost.exe [7944:7456] 000007fef768ef24

---- EOF - GMER 2.1 ----

Snan RSITu přiložím, pokud bude potřeba.

markyzamek · #2 Příspěvek od **markyzamek** » 14 dub 2016 07:39

Scan RSITu:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Mirča at 2016-04-14 07:33:29
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 8 GB (17%) free of 45 GB
Total RAM: 7935 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:34:12, on 14.4.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16843)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
D:\Programs\Virtual CloneDrive\VCDDaemon.exe
D:\Programs\OpenOffice 3\program\soffice.exe
D:\Programs\OpenOffice 3\program\soffice.bin
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
D:\Programs\Spybot - Search & Destroy 2\SDTray.exe
D:\Programs\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Users\MIRA~1\AppData\Local\Temp\Rar$EX00.550\gmer.exe
D:\Programs\Spybot - Search & Destroy 2\SDFiles.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Mirča.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={53F1F84B- ... 2014-02-05 18:21:54&v=19.3.0.491&pid=safeguard&sg=0&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Mirča\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Mirča\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - D:\Programy\IObit Malware Fighter\adsremoval\IE\Adblock.dll (file missing)
O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Programs\Virtual CloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [SDTray] "D:\Programs\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3.lnk = D:\Programs\OpenOffice 3\program\quickstart.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.3.0\ViProtocol.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Programs\NOD32\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Programs\NOD32\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe
O23 - Service: Privoxy (PrivoxyService) (PrivoxyService) - The Privoxy team - www.privoxy.org - C:\Program Files (x86)\Megasoft Security\privoxy.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - D:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - D:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - D:\Programs\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Programs\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12624 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe"
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
D:\Programs\NOD32\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files (x86)\PasswordBox\pbbtnService.exe"
"C:\Program Files (x86)\Megasoft Security\privoxy.exe" --service
C:\Windows\system32\viakaraokesrv.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2248
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
taskeng.exe {4A488447-064F-481C-BD3E-E2558228FBE1}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe" /Task
"D:\Programs\NOD32\egui.exe" /hide /waitservice
"C:\Windows\System32\rundll32.exe" xrWCbgnd.dll,LaunchBgTask 1
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
"C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe"
"D:\Programs\Virtual CloneDrive\VCDDaemon.exe" /s
"D:\Programs\OpenOffice 3\program\soffice.exe" -quickstart
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"D:\Programs\OpenOffice 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2D:\\Programs\\OpenOffice 3\\program"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /systemstart /autostart
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe" /starttips
C:\Windows\SysWOW64\DllHost.exe /Processid:{B366DEBE-645B-43A5-B865-DDD82C345492}
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"D:\Programs\Spybot - Search & Destroy 2\SDTray.exe"
"D:\Programs\Spybot - Search & Destroy 2\SDWSCSvc.exe"
"D:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe"
"D:\Programs\Spybot - Search & Destroy 2\SDWelcome.exe"
"D:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe"
"taskhost.exe"

"C:\Users\MIRA~1\AppData\Local\Temp\Rar$EX00.550\gmer.exe"
"D:\Programs\Spybot - Search & Destroy 2\SDFiles.exe" /scan
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=49.0.2623.112 --handshake-handle=0xd8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="7964.0.842919124\838690832" --supports-dual-gpus=false --gpu-driver-bug-workarounds=3,11,25,54 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x9616 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.881.0.0 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A2_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledDisableDiskCache/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_33/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="7964.2.1375165305\877771662" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A2_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledDisableDiskCache/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_33/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="7964.3.1519953478\944946445" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A2_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledDisableDiskCache/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_33/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="7964.5.1559328033\2114582745" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="7964.7.1427843018\1667190643" --ppapi-flash-args --lang=cs --device-scale-factor=1 --ignored=" --type=renderer " /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A2_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledDisableDiskCache/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_33/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="7964.8.1081092619\1253315052" /prefetch:1
"D:\Downloads\Stažené soubory\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\1015tbUpdateInfo.job - C:\ProgramData\Avg_Update_1015tb\1015tb_{7A6FBF00-4481-425C-9489-451A3CBAB321}.exe /SETINFO /CMPID=1015tb /INFORETRY=3 /RUNBY=UP
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3000822321-160099729-2533544899-1001Core.job - C:\Users\Mirča\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3000822321-160099729-2533544899-1001UA.job - C:\Users\Mirča\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.3.0\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=D:\Programs\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

D:\Programs\Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\extensions\
adremoveext@adremoveext.net
{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
{32a1fd71-835e-4b11-8e54-886fda0b4c89}

C:\Users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\searchplugins\
avg-secure-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2016-04-11 2471744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-12 902624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-02-16 79240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5DB69B97-934B-451D-94DB-32EF802A01CD}]
PasswordBox Helper - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2015-05-04 141832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-12 679680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Mirča\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-12-23 141184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}]
Ads Removal - D:\Programy\IObit Malware Fighter\adsremoval\IE\Adblock.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Surfing Protection - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL [2015-07-09 682784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=D:\Programs\NOD32\egui.exe [2010-08-12 2916584]
"XeroxEndeavorBackgroundTask"=xrWCbgnd.dll,LaunchBgTask 1 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-03-11 8686296]
"Advanced SystemCare 8"=C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2015-04-08 2429728]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
D:\Adobe Reader\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files (x86)\Ask.com\Updater\Updater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
C:\Users\Mirča\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21 134512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2015-09-15 170256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\Mirča\AppData\Roaming\QipGuard\QipGuard.exe /p []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mirča^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\MIRA~1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2016-03-12 25577864]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"=D:\Programs\Virtual CloneDrive\VCDDaemon.exe [2011-03-07 89456]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-28 336384]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2011-06-24 5199984]
""= []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-04-13 7390608]
"IObit Malware Fighter"=C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [2016-03-18 5370144]
"SDTray"=D:\Programs\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AVer HID Receiver.lnk - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

C:\Users\Mirča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.3.lnk - D:\Programs\OpenOffice 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Programs\Spybot - Search & Destroy 2\SDTray.exe"="D:\Programs\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"D:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe"="D:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"D:\Programs\Spybot - Search & Destroy 2\SDUpdate.exe"="D:\Programs\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"D:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe"="D:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2016-04-14 07:33:30 ----D---- C:\Program Files\trend micro
2016-04-14 07:33:29 ----D---- C:\rsit
2016-04-14 02:12:36 ----D---- C:\Users\Mirča\AppData\Roaming\dlg
2016-04-14 02:03:41 ----D---- C:\Program Files (x86)\Ninight
2016-04-14 02:03:41 ----D---- C:\Program Files (x86)\Fedaryqeule
2016-04-14 01:24:58 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-04-14 01:17:48 ----A---- C:\Windows\system32\sdnclean64.exe
2016-04-14 01:17:45 ----D---- C:\ProgramData\Spybot - Search & Destroy
2016-04-13 16:11:24 ----D---- C:\KVRT_Data
2016-04-12 23:50:24 ----D---- C:\Program Files\VIA
2016-04-12 23:50:22 ----D---- C:\Windows\system32\SRSLabs
2016-04-12 23:48:43 ----A---- C:\Windows\SYSWOW64\VMTHX32.DLL
2016-04-12 23:48:43 ----A---- C:\Windows\SYSWOW64\VMAPO32.DLL
2016-04-12 23:48:43 ----A---- C:\Windows\system32\WavesGUILib64.dll
2016-04-12 23:48:43 ----A---- C:\Windows\system32\VtSrdAPO.dll
2016-04-12 23:48:43 ----A---- C:\Windows\system32\VMWRP64.DLL
2016-04-12 23:48:43 ----A---- C:\Windows\system32\VMTHX64.DLL
2016-04-12 23:48:43 ----A---- C:\Windows\system32\VMPPLD64.DLL
2016-04-12 23:48:43 ----A---- C:\Windows\system32\VMPPCN64.DLL
2016-04-12 23:48:43 ----A---- C:\Windows\system32\VMAPO64.DLL
2016-04-12 23:48:43 ----A---- C:\Windows\system32\VMAPO264.DLL
2016-04-12 23:48:43 ----A---- C:\Windows\system32\drivers\VMfilt64.sys
2016-04-12 23:48:42 ----A---- C:\Windows\SYSWOW64\VMAPO232.DLL
2016-04-12 23:48:42 ----A---- C:\Windows\system32\VIASysFx.dll
2016-04-12 23:48:42 ----A---- C:\Windows\system32\VIAPropPageExt.dll
2016-04-12 23:48:42 ----A---- C:\Windows\system32\ViaMicArrayPropPageExt.dll
2016-04-12 23:48:42 ----A---- C:\Windows\system32\ViaMicArrayAPO.dll
2016-04-12 23:48:42 ----A---- C:\Windows\system32\ViakaraokeSrv.exe
2016-04-12 23:48:42 ----A---- C:\Windows\system32\ViaKaraokePropPageExt.dll
2016-04-12 23:48:42 ----A---- C:\Windows\system32\ViaKaraokeApo.dll
2016-04-12 23:48:42 ----A---- C:\Windows\system32\drivers\viahduaa.sys
2016-04-12 23:48:40 ----A---- C:\Windows\system32\PropPageExt.dll
2016-04-12 23:48:39 ----A---- C:\Windows\system32\nQPropPageExt.dll
2016-04-12 23:48:39 ----A---- C:\Windows\system32\EEP64H.dll
2016-04-12 23:48:39 ----A---- C:\Windows\system32\EEP64A.dll
2016-04-12 23:48:39 ----A---- C:\Windows\system32\EEL64H.dll
2016-04-12 23:48:39 ----A---- C:\Windows\system32\EEL64A.dll
2016-04-12 23:48:39 ----A---- C:\Windows\system32\EEG64H.dll
2016-04-12 23:48:39 ----A---- C:\Windows\system32\EEG64A.dll
2016-04-12 23:48:39 ----A---- C:\Windows\system32\EED64H.dll
2016-04-12 23:48:39 ----A---- C:\Windows\system32\EED64A.dll
2016-04-12 23:48:39 ----A---- C:\Windows\system32\EEA64H.dll
2016-04-12 23:48:39 ----A---- C:\Windows\system32\EEA64A.dll
2016-04-12 23:48:37 ----A---- C:\Windows\system32\MaxxAudioVnA64.dll
2016-04-12 23:48:37 ----A---- C:\Windows\system32\MaxxAudioAPOShell64.dll
2016-04-12 23:48:37 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2016-04-12 23:48:36 ----A---- C:\Windows\system32\Dts2PropPageExt.dll
2016-04-12 23:48:34 ----A---- C:\Windows\system32\Dts2APO.dll
2016-04-12 23:46:33 ----A---- C:\Windows\system32\drivers\L1C62x64.sys
2016-04-12 23:43:14 ----A---- C:\Windows\system32\drivers\amdide64.sys
2016-04-12 23:29:41 ----A---- C:\Windows\SYSWOW64\drivers\HWiNFO64A.SYS
2016-04-12 23:26:26 ----D---- C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-04-12 23:22:11 ----A---- C:\Windows\system32\aswBoot.exe
2016-04-12 23:19:25 ----A---- C:\Windows\system32\drivers\aswKbd.sys
2016-04-12 23:07:15 ----D---- C:\Users\Mirča\AppData\Roaming\AVAST Software
2016-04-12 23:06:15 ----D---- C:\Program Files\Common Files\AV
2016-04-12 23:05:42 ----A---- C:\Windows\system32\drivers\aswvmm.sys
2016-04-12 23:05:42 ----A---- C:\Windows\system32\drivers\aswStm.sys
2016-04-12 23:05:41 ----A---- C:\Windows\system32\drivers\aswSP.sys
2016-04-12 23:05:41 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2016-04-12 23:05:40 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2016-04-12 23:05:40 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2016-04-12 23:05:39 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2016-04-12 23:05:37 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2016-04-12 23:04:31 ----A---- C:\Windows\avastSS.scr
2016-04-12 22:48:04 ----D---- C:\Windows\Minidump
2016-04-12 22:46:12 ----D---- C:\Program Files\AVAST Software
2016-04-12 22:45:56 ----D---- C:\ProgramData\AVAST Software
2016-04-11 13:29:01 ----D---- C:\Users\Mirča\AppData\Roaming\ProductData
2016-04-11 13:27:45 ----D---- C:\ProgramData\ProductData
2016-04-11 13:27:44 ----D---- C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2016-04-11 13:27:11 ----D---- C:\Users\Mirča\AppData\Roaming\IObit
2016-04-11 13:26:57 ----D---- C:\ProgramData\IObit
2016-04-11 13:26:57 ----D---- C:\Program Files (x86)\IObit
2016-04-11 13:12:13 ----D---- C:\Users\Mirča\AppData\Roaming\uTorrent
2016-04-11 13:08:15 ----D---- C:\Program Files (x86)\Megasoft Security
2016-04-11 12:58:12 ----D---- C:\Windows\pss
2016-04-10 23:15:33 ----D---- C:\Users\Mirča\AppData\Roaming\LolClient
2016-04-10 21:51:37 ----D---- C:\Program Files\Defraggler
2016-04-10 20:41:29 ----D---- C:\ProgramData\Riot Games
2016-04-10 20:40:45 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2016-04-10 20:40:45 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2016-04-10 20:40:44 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2016-04-10 20:40:04 ----D---- C:\Program Files\CCleaner
2016-04-10 20:29:38 ----D---- C:\Users\Mirča\AppData\Roaming\Riot Games
2016-02-25 13:45:54 ----HD---- C:\ProgramData\CanonIJEGV
2016-02-25 13:45:42 ----D---- C:\Program Files (x86)\Canon
2016-02-25 13:45:01 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2016-02-25 13:44:55 ----A---- C:\Windows\SYSWOW64\CNC280L.dll
2016-02-25 13:44:54 ----A---- C:\Windows\SYSWOW64\CNHMCA.dll
2016-02-25 13:44:54 ----A---- C:\Windows\SYSWOW64\CNC280U.dll
2016-02-25 13:44:54 ----A---- C:\Windows\system32\CNHMCA6.dll
2016-02-25 13:44:54 ----A---- C:\Windows\system32\CNC280L.dll
2016-02-25 13:44:54 ----A---- C:\Windows\system32\CNC280I.dll
2016-02-25 13:44:54 ----A---- C:\Windows\system32\CNC280C.dll
2016-02-25 13:44:26 ----A---- C:\Windows\system32\CNC280O.dll
2016-02-25 13:44:22 ----HD---- C:\Program Files\CanonBJ

======List of files/folders modified in the last 3 months======

2016-04-14 07:34:13 ----D---- C:\Windows\Temp
2016-04-14 07:33:30 ----RD---- C:\Program Files
2016-04-14 07:31:34 ----D---- C:\Windows\system32\config
2016-04-14 07:20:54 ----D---- C:\Windows\system32\Tasks
2016-04-14 07:20:30 ----RD---- C:\Program Files (x86)
2016-04-14 01:56:54 ----D---- C:\Windows\system32\drivers\etc
2016-04-14 01:18:03 ----SD---- C:\ProgramData\Microsoft
2016-04-14 01:17:49 ----D---- C:\Windows\System32
2016-04-14 01:17:45 ----HD---- C:\ProgramData
2016-04-13 22:22:45 ----D---- C:\Program Files (x86)\TNod User & Password Finder
2016-04-13 21:52:27 ----D---- C:\Windows\system32\drivers
2016-04-13 19:41:07 ----D---- C:\Windows\system32\catroot2
2016-04-13 19:16:11 ----D---- C:\Windows\SoftwareDistribution
2016-04-13 19:12:10 ----D---- C:\Windows
2016-04-13 19:12:03 ----D---- C:\Windows\debug
2016-04-13 19:08:12 ----D---- C:\Windows\inf
2016-04-13 16:11:39 ----SHD---- C:\System Volume Information
2016-04-13 16:11:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-13 09:56:12 ----D---- C:\Windows\system32\catroot
2016-04-13 01:16:27 ----D---- C:\Windows\SysWOW64
2016-04-12 23:52:00 ----D---- C:\Windows\system32\DriverStore
2016-04-12 23:29:41 ----D---- C:\Windows\SYSWOW64\drivers
2016-04-12 23:19:10 ----SHD---- C:\Windows\Installer
2016-04-12 23:06:15 ----D---- C:\Program Files\Common Files
2016-04-12 23:06:15 ----D---- C:\Program Files (x86)\Common Files
2016-04-12 23:05:04 ----D---- C:\Windows\winsxs
2016-04-11 13:41:30 ----D---- C:\Windows\Panther
2016-04-11 13:36:24 ----D---- C:\Users\Mirča\AppData\Roaming\BitLord
2016-04-11 13:27:59 ----D---- C:\Users\Mirča\AppData\Roaming\Apple Computer
2016-04-11 13:27:46 ----D---- C:\Windows\Tasks
2016-04-11 13:13:47 ----D---- C:\Program Files (x86)\BitLord 2
2016-04-11 13:08:55 ----A---- C:\Users\Mirča\AppData\Roaming\bitlord_log.txt
2016-04-11 11:49:57 ----D---- C:\Users\Mirča\AppData\Roaming\Dropbox
2016-04-10 21:05:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-04-10 20:59:35 ----D---- C:\Windows\Logs
2016-04-10 20:30:47 ----D---- C:\Windows\Prefetch
2016-03-05 17:04:29 ----D---- C:\Windows\system32\NDF
2016-02-25 13:45:07 ----RSD---- C:\Windows\Media
2016-02-25 13:45:05 ----D---- C:\Windows\twain_32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide64;amdide64; C:\Windows\system32\DRIVERS\amdide64.sys [2016-04-12 11944]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-04-12 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-04-13 287528]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys [2010-06-16 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-04-12 37144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-04-12 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-04-12 1070904]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-04-12 465792]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2016-04-12 27552]
R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-04-12 37656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-04-12 107792]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-04-12 166432]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-28 9980416]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-28 309248]
R3 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2016-01-11 22208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2016-04-12 129224]
R3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2016-01-11 34848]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2016-04-12 688648]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-28 9980416]
S3 AVerFx2hbtv64;AVerMedia USB SW Hybrid Tuner; C:\Windows\system32\drivers\AVerFx2hbtv64.sys [2009-06-10 292224]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\D:\Downloads\Ovladače\NTIOLib_X64.sys [2011-06-29 11888]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-08-15 54784]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService8;Advanced SystemCare Service 8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [2015-08-05 821024]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-28 204288]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-09-02 77104]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-04-12 243296]
R2 AVerRemote;AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2008-06-06 352256]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-07-14 409600]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 ekrn;ESET Service; D:\Programs\NOD32\x86\ekrn.exe [2010-08-12 810144]
R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2016-03-10 1576736]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
R2 PasswordBox;PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-05-14 67584]
R2 PrivoxyService;Privoxy (PrivoxyService); C:\Program Files (x86)\Megasoft Security\privoxy.exe [2016-04-11 371200]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; D:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; D:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; D:\Programs\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2016-04-12 27768]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23 144200]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2016-03-07 2945312]
S2 SkypeUpdate;Skype Updater; D:\Programs\Skype\Updater\Updater.exe [2013-04-19 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-10 269504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 EhttpSrv;ESET HTTP Server; D:\Programs\NOD32\EHttpSrv.exe [2010-08-12 42360]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23 144200]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2015-09-15 644880]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-05-26 148080]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-16 1255736]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

#3 Příspěvek od **Márty84** » 14 dub 2016 08:45

Zdravim

Odinstalujte Spybota, program je zastaraly.

Odinstalujte vse od IObit, umi to nadelat peknou paseku.

Odinstalujte Eset.

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

markyzamek · #4 Příspěvek od **markyzamek** » 14 dub 2016 09:30

Vše provedeno, ale teď mi nefunguje připojení k internetu:
"Připojení k internetu není k dispozici
Došlo k chybě proxy serveru nebo jste zadali nesprávnou adresu.
ERR_PROXY_CONNECTION_FAILED"

Zkusil jsem i restart pc, odpojit - připojit kabel ze sítě, žádná změna.
Log z AdwCleaneru je v přiložených fotografiích. Foceno mobilem, doufám, že bude k přečtení.
1.

: image.jpg (124.08 KiB) Zobrazeno 2411 x

markyzamek · #5 Příspěvek od **markyzamek** » 14 dub 2016 09:31

2.

: image.jpg (197.55 KiB) Zobrazeno 2412 x

markyzamek · #6 Příspěvek od **markyzamek** » 14 dub 2016 09:33

3./3.

: image.jpg (195.44 KiB) Zobrazeno 2413 x

#7 Příspěvek od **Márty84** » 14 dub 2016 10:26

markyzamek píše:ale teď mi nefunguje připojení k internetu

Zkontrolujte nastaveni pripojeni.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

markyzamek · #8 Příspěvek od **markyzamek** » 14 dub 2016 13:01

Připojení zkontrolováno, nenašel jsem nic (bohužel tomu tolik nerozumím, ale jako zdatnému uživateli se mi tam nezdálo nic špatně nastaveného). Odstranění potíží připojení také na nic nepřišlo.
Jinak mbam našel pár škůdců viz foto ( omlouvám se, ale usb port mi momentálně nechce načíst usb flash disk.)

: image.jpg (107.81 KiB) Zobrazeno 2395 x

#9 Příspěvek od **Márty84** » 14 dub 2016 18:17

Vsechny nalezy MBAM nechte odstranit.

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

markyzamek · #10 Příspěvek od **markyzamek** » 14 dub 2016 20:07

Vše smazáno.

Další postup jsem dělal dle instrukcí.
Po restartu pc se obnovilo připojení k internetu.
Zmizely reklamy, při klikání na stránky mě to nikam neodkazuje, takže se zdá, že je dílo dokonáno

ComboFix log:

ComboFix 16-04-13.01 - Mirča 14.04.2016 20:45:09.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.7935.4716 [GMT 2:00]
Spuštěný z: c:\users\MirŔa\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
c:\users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\PFRO.log
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-03-14 do 2016-04-14 )))))))))))))))))))))))))))))))
.
.
2016-04-14 18:51 . 2016-04-14 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-14 10:01 . 2016-04-14 10:02 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-14 10:01 . 2016-04-14 10:01 -------- d-----w- c:\programdata\Malwarebytes
2016-04-14 10:01 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-14 10:01 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-14 10:01 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-14 07:56 . 2016-04-14 07:58 -------- d-----w- C:\AdwCleaner
2016-04-14 05:33 . 2016-04-14 05:34 -------- d-----w- c:\program files\trend micro
2016-04-14 05:33 . 2016-04-14 05:34 -------- d-----w- C:\rsit
2016-04-14 00:12 . 2016-04-14 00:12 -------- d-----w- c:\users\Mirča\AppData\Roaming\dlg
2016-04-14 00:03 . 2016-04-14 00:03 -------- d-----w- c:\program files (x86)\Ninight
2016-04-14 00:03 . 2016-04-14 00:03 -------- d-----w- c:\program files (x86)\Fedaryqeule
2016-04-13 23:24 . 2016-04-13 23:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2016-04-13 23:17 . 2016-04-14 07:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2016-04-13 14:11 . 2016-04-13 15:28 -------- d-----w- C:\KVRT_Data
2016-04-12 21:50 . 2016-04-12 21:50 -------- d-----w- c:\program files\VIA
2016-04-12 21:50 . 2016-04-12 21:50 -------- d-----w- c:\windows\system32\SRSLabs
2016-04-12 21:46 . 2016-04-12 21:46 129224 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2016-04-12 21:43 . 2016-04-12 21:43 11944 ----a-w- c:\windows\system32\drivers\amdide64.sys
2016-04-12 21:29 . 2016-04-12 21:29 27552 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2016-04-12 21:26 . 2016-04-12 21:26 -------- d-----w- c:\programdata\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-04-12 21:22 . 2016-04-12 21:04 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-04-12 21:19 . 2016-04-12 21:18 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-04-12 21:07 . 2016-04-12 21:07 -------- d-----w- c:\users\Mirča\AppData\Roaming\AVAST Software
2016-04-12 21:06 . 2016-04-13 23:26 -------- d-----w- c:\program files\Common Files\AV
2016-04-12 21:06 . 2016-04-12 21:06 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-04-12 21:05 . 2016-04-13 14:13 287528 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-04-12 21:05 . 2016-04-12 21:04 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-04-12 21:05 . 2016-04-12 21:04 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-04-12 21:05 . 2016-04-12 21:04 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-04-12 21:05 . 2016-04-12 21:04 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-04-12 21:05 . 2016-04-12 21:04 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-04-12 21:05 . 2016-04-12 21:04 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-04-12 21:05 . 2016-04-12 21:03 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-04-12 21:04 . 2016-04-12 21:04 52184 ----a-w- c:\windows\avastSS.scr
2016-04-12 20:46 . 2016-04-12 21:18 -------- d-----w- c:\program files\AVAST Software
2016-04-12 20:45 . 2016-04-12 21:18 -------- d-----w- c:\programdata\AVAST Software
2016-04-11 11:29 . 2016-04-11 11:29 -------- d-----w- c:\users\Mirča\AppData\Roaming\ProductData
2016-04-11 11:27 . 2016-04-14 05:20 -------- d-----w- c:\programdata\ProductData
2016-04-11 11:27 . 2016-04-11 11:27 -------- d-----w- c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2016-04-11 11:27 . 2016-04-12 21:28 -------- d-----w- c:\program files (x86)\Common Files\IObit
2016-04-11 11:27 . 2016-04-12 21:29 -------- d-----w- c:\users\Mirča\AppData\Roaming\IObit
2016-04-11 11:26 . 2016-04-14 05:20 -------- d-----w- c:\programdata\IObit
2016-04-11 11:26 . 2016-04-12 21:29 -------- d-----w- c:\program files (x86)\IObit
2016-04-11 11:12 . 2016-04-11 11:59 -------- d-----w- c:\users\Mirča\AppData\Roaming\uTorrent
2016-04-10 21:15 . 2016-04-10 21:15 -------- d-----w- c:\users\Mirča\AppData\Roaming\LolClient
2016-04-10 19:51 . 2016-04-10 19:51 -------- d-----w- c:\program files\Defraggler
2016-04-10 18:41 . 2016-04-10 18:41 -------- d-----w- c:\programdata\Riot Games
2016-04-10 18:40 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2016-04-10 18:40 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2016-04-10 18:40 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2016-04-10 18:40 . 2016-04-10 18:40 -------- d-----w- c:\program files\CCleaner
2016-04-10 18:29 . 2016-04-10 18:40 -------- d-----w- c:\users\Mirča\AppData\Roaming\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-10 19:05 . 2013-03-19 08:09 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-10 19:05 . 2012-02-16 13:22 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-03-11 8686296]
"Advanced SystemCare 8"="c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-04-08 2429728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-06-24 5199984]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-04-13 7390608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2012-12-17 159744]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2012-12-17 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;d:\programs\Skype\Updater\Updater.exe;d:\programs\Skype\Updater\Updater.exe [x]
R3 AVerFx2hbtv64;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys;c:\windows\SYSNATIVE\drivers\AVerFx2hbtv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\downloads\Ovladače\NTIOLib_X64.sys;d:\downloads\Ovladače\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-10 18:30 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 19:05]
.
2016-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31 13:35]
.
2016-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31 13:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-04-12 21:04 920784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XeroxEndeavorBackgroundTask"="xrWCbgnd.dll" [2009-07-14 58368]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://mysearch.avg.com?cid={53F1F84B- ... 2014-02-05 18:21&v=19.3.0.491&pid=safeguard&sg=0&sap=hp
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
TCP: DhcpNameServer = 217.30.64.53 217.30.64.54
FF - ProfilePath - c:\users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - ExtSQL: 2016-04-11 15:27; ascsurfingprotection@iobit.com; c:\users\MirÄŤa\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2016-04-13 00:43; adsremoval@adsremoval.net; c:\users\MirÄŤa\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\extensions\adsremoval@adsremoval.net
17
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Celkový čas: 2016-04-14 21:00:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-04-14 19:00
.
Před spuštěním: 7 944 458 240
Po spuštění: 7 652 012 032
.
- - End Of File - - EDD12FD40A505D22985FFE418F9FE8DD
A36C5E4F47E84449FF07ED3517B43A31

#11 Příspěvek od **Márty84** » 15 dub 2016 01:43

To jsem rad, ale je potreba to docistit

V logu je stale videt Advanced SystemCare od IObit. Vyhodte to pryc.

Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )!

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Folder::
c:\program files (x86)\Spybot - Search & Destroy 2
c:\programdata\Spybot - Search & Destroy
c:\users\Mirča\AppData\Roaming\ProductData
c:\programdata\ProductData
c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
c:\program files (x86)\Common Files\IObit
c:\users\Mirča\AppData\Roaming\IObit
c:\programdata\IObit
c:\program files (x86)\IObit

RegLock::
[HKEY_USERS\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

DDS::
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://mysearch.avg.com?cid={53F1F84B-21CA-4460-9818-5CF417290BD9}&mid=833a23da3a1047d3ad8d5dc0e399b57e-e19c2fa0a72e3fc4f189470bbb72d900d72d2739&lang=en&ds=co011&coid=avgtbdisco&cmpid=0615tb&pr=sa&d=2014-02-05 18:21&v=19.3.0.491&pid=safeguard&sg=0&sap=hp
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie

Firefox::
FF - ProfilePath - c:\users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - ExtSQL: 2016-04-11 15:27; ascsurfingprotection@iobit.com; c:\users\MirÄŤa\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2016-04-13 00:43; adsremoval@adsremoval.net; c:\users\MirÄŤa\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\extensions\adsremoval@adsremoval.net
FF - user.js: browser.chrome.favicons - false

Driver::
LiveUpdateSvc
SkypeUpdate
AdvancedSystemCareService8
NAUpdate

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

markyzamek · #12 Příspěvek od **markyzamek** » 17 dub 2016 20:12

Omlouvám se za prodlevu, ale víkend jsem byl mimo domov.
Tady je log:

ComboFix 16-04-13.01 - Mirča 17.04.2016 20:51:06.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.7935.6110 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\IObit
c:\program files (x86)\IObit
c:\program files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.tmp
c:\program files (x86)\IObit\Advanced SystemCare 8\unins000.exe
c:\program files (x86)\IObit\Driver Booster\AUpdate.exe
c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe
c:\program files (x86)\IObit\Driver Booster\Backup.exe
c:\program files (x86)\IObit\Driver Booster\Bugreport.exe
c:\program files (x86)\IObit\Driver Booster\Cmpnt.dll
c:\program files (x86)\IObit\Driver Booster\CommStat.dll
c:\program files (x86)\IObit\Driver Booster\Database\Games\GamecoreList.ini
c:\program files (x86)\IObit\Driver Booster\Database\Games\GameStore.db
c:\program files (x86)\IObit\Driver Booster\Database\Games\UserGame.ini
c:\program files (x86)\IObit\Driver Booster\Database\Scan\WhiteList.db
c:\program files (x86)\IObit\Driver Booster\Database\Scan\WhiteList.tmp.cfg
c:\program files (x86)\IObit\Driver Booster\DataState.dll
c:\program files (x86)\IObit\Driver Booster\DBDownloader.exe
c:\program files (x86)\IObit\Driver Booster\DpInst\x64\dpinst.exe
c:\program files (x86)\IObit\Driver Booster\DpInst\x86\dpinst.exe
c:\program files (x86)\IObit\Driver Booster\Driver Booster 3.lnk
c:\program files (x86)\IObit\Driver Booster\DriverBooster.exe
c:\program files (x86)\IObit\Driver Booster\DrvInstall\DbzInst.dll
c:\program files (x86)\IObit\Driver Booster\DrvInstall\DIFxAPI32.dll
c:\program files (x86)\IObit\Driver Booster\DrvInstall\DIFxAPI64.dll
c:\program files (x86)\IObit\Driver Booster\DrvInstall\DpInstX32.exe
c:\program files (x86)\IObit\Driver Booster\DrvInstall\DpInstX64.exe
c:\program files (x86)\IObit\Driver Booster\DrvInstall\SetVolume32.dll
c:\program files (x86)\IObit\Driver Booster\DrvInstall\SetVolume64.dll
c:\program files (x86)\IObit\Driver Booster\EULA.rtf
c:\program files (x86)\IObit\Driver Booster\FaultFixes.exe
c:\program files (x86)\IObit\Driver Booster\GameCheck.dll
c:\program files (x86)\IObit\Driver Booster\History.txt
c:\program files (x86)\IObit\Driver Booster\HTMLayout.dll
c:\program files (x86)\IObit\Driver Booster\HTMLayout\compares.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\compares1.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\compares2.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\data\compares-data.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\data\compares-lang.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\data\compares1-data.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\data\compares2-data.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\data\embed-data.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\data\embed-lang.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\data\features-data.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\data\features-lang.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\data\mask-data.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\embed.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\features.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\boxshot.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\btn_close.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_cart.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_1.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_2.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_3.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_4.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_inter_1.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_inter_2.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_inter_3.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_inter_4.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_white_1.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_white_2.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_white_3.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_white_4.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_1.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_2.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_3.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_4.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_5.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_6.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_7.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_moneyback.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_support_1.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_support_2.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_support_3.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\icon_support_4.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\splitline-u.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\splitline-w.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\images\splitline.png
c:\program files (x86)\IObit\Driver Booster\HTMLayout\mask.html
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\compares-black.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\compares-extend-black.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\compares-extend-inter.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\compares-extend-white.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\compares-inter.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\compares-white.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\embed-black.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\embed-inter.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\embed-white.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\features-black.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\features-inter.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\features-white.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\mask-black.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\mask-inter.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\style\mask-white.css
c:\program files (x86)\IObit\Driver Booster\HTMLayout\Update.ini
c:\program files (x86)\IObit\Driver Booster\HTMLayout\Version.ini
c:\program files (x86)\IObit\Driver Booster\HWiNFO\HWiNFO.exe
c:\program files (x86)\IObit\Driver Booster\HWiNFO\HWiNFO32.dll
c:\program files (x86)\IObit\Driver Booster\ChangeIcon.exe
c:\program files (x86)\IObit\Driver Booster\Icons\GameApp\air.png
c:\program files (x86)\IObit\Driver Booster\Icons\GameApp\directx.png
c:\program files (x86)\IObit\Driver Booster\Icons\GameApp\flash.png
c:\program files (x86)\IObit\Driver Booster\Icons\GameApp\jre.png
c:\program files (x86)\IObit\Driver Booster\Icons\GameApp\null.png
c:\program files (x86)\IObit\Driver Booster\Icons\GameApp\openal.png
c:\program files (x86)\IObit\Driver Booster\Icons\GameApp\physx.png
c:\program files (x86)\IObit\Driver Booster\Icons\GameApp\shockwave.png
c:\program files (x86)\IObit\Driver Booster\Icons\GameApp\unity3d.png
c:\program files (x86)\IObit\Driver Booster\Icons\GameApp\vcrt2008.png
c:\program files (x86)\IObit\Driver Booster\Icons\GameApp\vcrt2010.png
c:\program files (x86)\IObit\Driver Booster\Icons\GameApp\vcrt2012.png
c:\program files (x86)\IObit\Driver Booster\Icons\Main\0.ico
c:\program files (x86)\IObit\Driver Booster\Icons\Main\1.ico
c:\program files (x86)\IObit\Driver Booster\Icons\Main\10.ico
c:\program files (x86)\IObit\Driver Booster\Icons\Main\2.ico
c:\program files (x86)\IObit\Driver Booster\Icons\Main\3.ico
c:\program files (x86)\IObit\Driver Booster\Icons\Main\4.ico
c:\program files (x86)\IObit\Driver Booster\Icons\Main\5.ico
c:\program files (x86)\IObit\Driver Booster\Icons\Main\6.ico
c:\program files (x86)\IObit\Driver Booster\Icons\Main\7.ico
c:\program files (x86)\IObit\Driver Booster\Icons\Main\8.ico
c:\program files (x86)\IObit\Driver Booster\Icons\Main\9.ico
c:\program files (x86)\IObit\Driver Booster\InnoSetup.log
c:\program files (x86)\IObit\Driver Booster\InstStat.exe
c:\program files (x86)\IObit\Driver Booster\IObitDownloader.exe
c:\program files (x86)\IObit\Driver Booster\Language\Albanian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Arabic.lng
c:\program files (x86)\IObit\Driver Booster\Language\Belarusian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Bosnian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Bulgarian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Catalan.lng
c:\program files (x86)\IObit\Driver Booster\Language\Czech.lng
c:\program files (x86)\IObit\Driver Booster\Language\Danish.lng
c:\program files (x86)\IObit\Driver Booster\Language\Dutch.lng
c:\program files (x86)\IObit\Driver Booster\Language\English.lng
c:\program files (x86)\IObit\Driver Booster\Language\Finnish.lng
c:\program files (x86)\IObit\Driver Booster\Language\French.lng
c:\program files (x86)\IObit\Driver Booster\Language\Georgian.lng
c:\program files (x86)\IObit\Driver Booster\Language\German.lng
c:\program files (x86)\IObit\Driver Booster\Language\Greek.lng
c:\program files (x86)\IObit\Driver Booster\Language\Hebrew.lng
c:\program files (x86)\IObit\Driver Booster\Language\Hungarian.lng
c:\program files (x86)\IObit\Driver Booster\Language\ChineseSimp.lng
c:\program files (x86)\IObit\Driver Booster\Language\ChineseTrad.lng
c:\program files (x86)\IObit\Driver Booster\Language\Indonesian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Italian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Japanese.lng
c:\program files (x86)\IObit\Driver Booster\Language\Korean.lng
c:\program files (x86)\IObit\Driver Booster\Language\Latvian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Malayalam.lng
c:\program files (x86)\IObit\Driver Booster\Language\Maltese.lng
c:\program files (x86)\IObit\Driver Booster\Language\Mongolian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Norwegian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Persian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Polish.lng
c:\program files (x86)\IObit\Driver Booster\Language\Portuguese (PT-BR).lng
c:\program files (x86)\IObit\Driver Booster\Language\Portuguese (PT-PT).lng
c:\program files (x86)\IObit\Driver Booster\Language\Romanian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Russian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Serbian (Cyrillic).lng
c:\program files (x86)\IObit\Driver Booster\Language\Serbian (Latin).lng
c:\program files (x86)\IObit\Driver Booster\Language\Slovak.lng
c:\program files (x86)\IObit\Driver Booster\Language\Slovenian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Spanish.lng
c:\program files (x86)\IObit\Driver Booster\Language\Swedish.lng
c:\program files (x86)\IObit\Driver Booster\Language\Thai.lng
c:\program files (x86)\IObit\Driver Booster\Language\Turkish.lng
c:\program files (x86)\IObit\Driver Booster\Language\Ukrainian.lng
c:\program files (x86)\IObit\Driver Booster\Language\Vietnamese.lng
c:\program files (x86)\IObit\Driver Booster\LatestNews\imagenews.png
c:\program files (x86)\IObit\Driver Booster\LatestNews\imagenews_B.png
c:\program files (x86)\IObit\Driver Booster\LatestNews\LatestNews.ini
c:\program files (x86)\IObit\Driver Booster\local.dat
c:\program files (x86)\IObit\Driver Booster\LocalData\Apps.ini
c:\program files (x86)\IObit\Driver Booster\LocalData\Config.ini
c:\program files (x86)\IObit\Driver Booster\LocalData\IconState.ini
c:\program files (x86)\IObit\Driver Booster\LocalData\InstConf.ini
c:\program files (x86)\IObit\Driver Booster\LocalData\RqstFilter.ini
c:\program files (x86)\IObit\Driver Booster\LocalData\Scheduler.ini
c:\program files (x86)\IObit\Driver Booster\LocalData\Vendor.ini
c:\program files (x86)\IObit\Driver Booster\LocalData\WhiteList.ini
c:\program files (x86)\IObit\Driver Booster\madBasic_.bpl
c:\program files (x86)\IObit\Driver Booster\madDisAsm_.bpl
c:\program files (x86)\IObit\Driver Booster\madExcept_.bpl
c:\program files (x86)\IObit\Driver Booster\MsgBoxEx.dll
c:\program files (x86)\IObit\Driver Booster\NoteIcon.exe
c:\program files (x86)\IObit\Driver Booster\Promote.exe
c:\program files (x86)\IObit\Driver Booster\Register.dll
c:\program files (x86)\IObit\Driver Booster\rtl120.bpl
c:\program files (x86)\IObit\Driver Booster\ScanData\cache.dat
c:\program files (x86)\IObit\Driver Booster\ScanData\config.ini
c:\program files (x86)\IObit\Driver Booster\ScanData\dev.dat
c:\program files (x86)\IObit\Driver Booster\ScanData\DxPatch.ini
c:\program files (x86)\IObit\Driver Booster\ScanData\FaultFixes.ini
c:\program files (x86)\IObit\Driver Booster\ScanDisp.exe
c:\program files (x86)\IObit\Driver Booster\Scanner.dll
c:\program files (x86)\IObit\Driver Booster\SetupHlp.exe
c:\program files (x86)\IObit\Driver Booster\Scheduler.exe
c:\program files (x86)\IObit\Driver Booster\Skin\black.rcc
c:\program files (x86)\IObit\Driver Booster\Skin\inter.rcc
c:\program files (x86)\IObit\Driver Booster\Skin\public.rcc
c:\program files (x86)\IObit\Driver Booster\Skin\white.rcc
c:\program files (x86)\IObit\Driver Booster\SQLite3.dll
c:\program files (x86)\IObit\Driver Booster\SysRest.dll
c:\program files (x86)\IObit\Driver Booster\TaskbarPin\ICONPIN32.dll
c:\program files (x86)\IObit\Driver Booster\TaskbarPin\ICONPIN32.exe
c:\program files (x86)\IObit\Driver Booster\TaskbarPin\ICONPIN64.dll
c:\program files (x86)\IObit\Driver Booster\TaskbarPin\ICONPIN64.exe
c:\program files (x86)\IObit\Driver Booster\TaskMgr.dll
c:\program files (x86)\IObit\Driver Booster\unins000.dat
c:\program files (x86)\IObit\Driver Booster\unins000.exe
c:\program files (x86)\IObit\Driver Booster\unins000.msg
c:\program files (x86)\IObit\Driver Booster\Update\Freeware.ini
c:\program files (x86)\IObit\Driver Booster\Update\LastCheck.Ini
c:\program files (x86)\IObit\Driver Booster\Update\Update.ini
c:\program files (x86)\IObit\Driver Booster\vcl120.bpl
c:\program files (x86)\IObit\Driver Booster\vclx120.bpl
c:\program files (x86)\IObit\Driver Booster\WebRes.dll
c:\program files (x86)\IObit\Driver Booster\Zip.dll
c:\program files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll
c:\program files (x86)\IObit\IObit Uninstaller\BigUpgrade_IUASC.exe
c:\program files (x86)\IObit\IObit Uninstaller\IObitDownloader.exe
c:\program files (x86)\IObit\LiveUpdate\Downloader.log
c:\program files (x86)\IObit\LiveUpdate\Language\Arabic.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Belarusian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Czech.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Danish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Dinka.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Dutch.lng
c:\program files (x86)\IObit\LiveUpdate\Language\English.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Finnish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Flemish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\French.lng
c:\program files (x86)\IObit\LiveUpdate\Language\German.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Greek.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Hebrew.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Hungarian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\ChineseSimp.lng
c:\program files (x86)\IObit\LiveUpdate\Language\ChineseTrad.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Indonesia.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Italian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Japanese.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Korean.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Latvian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Malayalam.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Polish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Portuguese(PT-BR).lng
c:\program files (x86)\IObit\LiveUpdate\Language\Portuguese(PT-PT).lng
c:\program files (x86)\IObit\LiveUpdate\Language\Romanian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Russian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Serbian (cyrillic).lng
c:\program files (x86)\IObit\LiveUpdate\Language\Serbian (latin).lng
c:\program files (x86)\IObit\LiveUpdate\Language\Slovak.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Slovenian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Spanish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Swedish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Turkish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Ukrainian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Vietnamese.lng
c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe
c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.log
c:\program files (x86)\IObit\LiveUpdate\LiveUpdateSrvUpt.log
c:\program files (x86)\IObit\LiveUpdate\ProductStatistics.dll
c:\program files (x86)\IObit\LiveUpdate\system.ini
c:\program files (x86)\IObit\LiveUpdate\update\Surfing Protection\Database\ASCSpecialUrl.db.dat
c:\program files (x86)\IObit\LiveUpdate\update\Surfing Protection\FFPluginCleaner.exe.dat
c:\program files (x86)\IObit\LiveUpdate\update\UninstallerFree\BigUpgrade_IUASC.exe.dat
c:\program files (x86)\IObit\LiveUpdate\update\update.spt
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome.manifest
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\ascsurfingprotection.js
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\ascsurfingprotection.xul
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\imagemgr.js
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\languagemgr.js
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\popbox.css
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\protectpage.js
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\searchresultmgr.js
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\urlbaricon.js
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\icon.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\install.rdf
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\ASCUrlScanner.dll
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\manifest.json
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\background.html
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\background.js
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Ex.js
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\asc.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\popbox_btn_close.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\popbox_btn_ok.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\risk.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\risk_logo.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\safe.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\safe_logo.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\tip_details.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\window_risk.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\window_safe.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\wraningBg.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\popup.html
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\popup.js
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\SPNativeMessage.exe
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\tips.js
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\warning.bak
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\warning.html
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\warning.js
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\errorpage.html
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\asc.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\icon_gray.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\ie_risk.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\ie_safe.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\ie_tip_details.gif
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\ie_wraningBg.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\popbox_btn_close.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\popbox_btn_ok.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\risk.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\risk_logo.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\safe.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\safe_logo.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\tip_details.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\window_risk.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\window_safe.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\images\wraningBg.png
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\script.js
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\SPAD_script.js
c:\program files (x86)\IObit\Surfing Protection\BrowerProtect\V8_manifest.json
c:\program files (x86)\IObit\Surfing Protection\Database\ASCSpecialUrl.db
c:\program files (x86)\IObit\Surfing Protection\Database\base_safe_browse_0313
c:\program files (x86)\IObit\Surfing Protection\Database\base_safe_browse_0814
c:\program files (x86)\IObit\Surfing Protection\Database\base_safe_browse_1014
c:\program files (x86)\IObit\Surfing Protection\Database\base_upt_add
c:\program files (x86)\IObit\Surfing Protection\Database\spupdate.utp
c:\program files (x86)\IObit\Surfing Protection\Extensions.plist
c:\program files (x86)\IObit\Surfing Protection\FFPluginCleaner.exe
c:\program files (x86)\IObit\Surfing Protection\Language\Arabic.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Belarusian.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Czech.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Dutch.lng
c:\program files (x86)\IObit\Surfing Protection\Language\English.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Finnish.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Hungarian.lng
c:\program files (x86)\IObit\Surfing Protection\Language\ChineseSimp.lng
c:\program files (x86)\IObit\Surfing Protection\Language\ChineseTrad.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Japanese.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Korean.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Polish.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Portuguese(PT-BR).lng
c:\program files (x86)\IObit\Surfing Protection\Language\Romanian.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Russian.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Serbian (cyrillic).lng
c:\program files (x86)\IObit\Surfing Protection\Language\Serbian (latin).lng
c:\program files (x86)\IObit\Surfing Protection\Language\Slovenian.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Spanish.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Swedish.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Turkish.lng
c:\program files (x86)\IObit\Surfing Protection\Language\Vietnamese.lng
c:\program files (x86)\IObit\Surfing Protection\NativeMsg.json
c:\program files (x86)\IObit\Surfing Protection\PluginInstall.exe
c:\program files (x86)\IObit\Surfing Protection\Preferences
c:\program files (x86)\IObit\Surfing Protection\SPInit.log
c:\program files (x86)\IObit\Surfing Protection\SPUpdate.exe
c:\program files (x86)\IObit\Surfing Protection\sqlite3.dll
c:\program files (x86)\IObit\Surfing Protection\unins000.dat
c:\program files (x86)\IObit\Surfing Protection\unins000.exe
c:\program files (x86)\IObit\Surfing Protection\unins000.msg
c:\program files (x86)\Spybot - Search & Destroy 2
c:\program files (x86)\Spybot - Search & Destroy 2\av\bdcore.dll
c:\program files (x86)\Spybot - Search & Destroy 2\SDAV.dll
c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
c:\programdata\IObit
c:\programdata\IObit\Advanced SystemCare V8\AntivirusConfig.ini
c:\programdata\IObit\Advanced SystemCare V8\AscService.ini
c:\programdata\IObit\Advanced SystemCare V8\HealthLevel.ini
c:\programdata\IObit\Advanced SystemCare V8\Homepage Protection\ASCService.log
c:\programdata\IObit\Advanced SystemCare V8\Homepage Protection\homepage.log
c:\programdata\IObit\Advanced SystemCare V8\Homepage Protection\IMFsrv.log
c:\programdata\IObit\Advanced SystemCare V8\ReinforceData.ini
c:\programdata\IObit\Advanced SystemCare V8\Startup Manager\boottime.dat
c:\programdata\IObit\Advanced SystemCare V8\Startup Manager\mainData.dat
c:\programdata\IObit\Advanced SystemCare V8\Startup.ini
c:\programdata\IObit\Advanced SystemCare V8\User_UndeleteReg.dat
c:\programdata\IObit\Advanced SystemCare\AscService.ini
c:\programdata\IObit\ASCDownloader\ASC8_UserConfig.ini
c:\programdata\IObit\ASCDownloader\ASCInstaller_Downloader.log
c:\programdata\IObit\ASCDownloader\Downloader.log
c:\programdata\IObit\ASCDownloader\Freeware.dat
c:\programdata\IObit\ASCDownloader\IMF4\Driver Booster.exe
c:\programdata\IObit\ASCDownloader\IMF4\Driver Booster.exe.dat
c:\programdata\IObit\ASCDownloader\IMF4Downloader.log
c:\programdata\IObit\dnsprotect.ini
c:\programdata\IObit\Driver Booster\Download\Installed.ini
c:\programdata\IObit\Install.ini
c:\programdata\IObit\IObit Malware Fighter\config.ini
c:\programdata\IObit\IObit Malware Fighter\ignore.ini
c:\programdata\IObit\IObit Malware Fighter\init.log
c:\programdata\IObit\IObit Malware Fighter\License.log
c:\programdata\IObit\IObit Malware Fighter\main.ini
c:\programdata\IObit\IObit Malware Fighter\protectreport.ini
c:\programdata\IObit\IObit Malware Fighter\remember.ini
c:\programdata\IObit\IObit Malware Fighter\silent.ini
c:\programdata\IObit\Public.ini
c:\programdata\ProductData
c:\programdata\ProductData\asc8Stat.ini
c:\programdata\ProductData\db3Stat.ini
c:\programdata\ProductData\imf4Stat.ini
c:\programdata\ProductData\StatCache.db
c:\programdata\ProductData\un4Stat.ini
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Cleaning\160414-014127.xml
c:\programdata\Spybot - Search & Destroy\Cleaning\160414-084954.xml
c:\programdata\Spybot - Search & Destroy\ClientCount.bin
c:\programdata\Spybot - Search & Destroy\Ignore\Filesets.sbe
c:\programdata\Spybot - Search & Destroy\Ignore\Products.sbe
c:\programdata\Spybot - Search & Destroy\Ignore\Results.sbe
c:\programdata\Spybot - Search & Destroy\Immunization.ini
c:\programdata\Spybot - Search & Destroy\Logs\160414-014127.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\160414-084954.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\Firewall.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.160414-0246.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.160414-0850.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.160414-0853.txt
c:\programdata\Spybot - Search & Destroy\Logs\Immunization-Browsers.log
c:\programdata\Spybot - Search & Destroy\Logs\RootkitQuickScan.log
c:\programdata\Spybot - Search & Destroy\Logs\Scanner.log
c:\programdata\Spybot - Search & Destroy\Logs\Updates.log
c:\users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
c:\users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
c:\users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_LiveUpdateSvc
-------\Service_NAUpdate
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-03-17 do 2016-04-17 )))))))))))))))))))))))))))))))
.
.
2016-04-14 10:01 . 2016-04-14 10:02 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-14 10:01 . 2016-04-14 10:01 -------- d-----w- c:\programdata\Malwarebytes
2016-04-14 10:01 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-14 10:01 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-14 10:01 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-14 07:56 . 2016-04-14 07:58 -------- d-----w- C:\AdwCleaner
2016-04-14 05:33 . 2016-04-14 05:34 -------- d-----w- c:\program files\trend micro
2016-04-14 05:33 . 2016-04-14 05:34 -------- d-----w- C:\rsit
2016-04-14 00:12 . 2016-04-14 00:12 -------- d-----w- c:\users\Mirča\AppData\Roaming\dlg
2016-04-14 00:03 . 2016-04-14 00:03 -------- d-----w- c:\program files (x86)\Ninight
2016-04-14 00:03 . 2016-04-14 00:03 -------- d-----w- c:\program files (x86)\Fedaryqeule
2016-04-13 14:11 . 2016-04-13 15:28 -------- d-----w- C:\KVRT_Data
2016-04-12 21:50 . 2016-04-12 21:50 -------- d-----w- c:\program files\VIA
2016-04-12 21:50 . 2016-04-12 21:50 -------- d-----w- c:\windows\system32\SRSLabs
2016-04-12 21:46 . 2016-04-12 21:46 129224 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2016-04-12 21:43 . 2016-04-12 21:43 11944 ----a-w- c:\windows\system32\drivers\amdide64.sys
2016-04-12 21:29 . 2016-04-12 21:29 27552 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2016-04-12 21:26 . 2016-04-12 21:26 -------- d-----w- c:\programdata\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-04-12 21:22 . 2016-04-12 21:04 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-04-12 21:19 . 2016-04-12 21:18 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-04-12 21:07 . 2016-04-12 21:07 -------- d-----w- c:\users\Mirča\AppData\Roaming\AVAST Software
2016-04-12 21:06 . 2016-04-13 23:26 -------- d-----w- c:\program files\Common Files\AV
2016-04-12 21:06 . 2016-04-12 21:06 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-04-12 21:05 . 2016-04-13 14:13 287528 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-04-12 21:05 . 2016-04-12 21:04 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-04-12 21:05 . 2016-04-12 21:04 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-04-12 21:05 . 2016-04-12 21:04 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-04-12 21:05 . 2016-04-12 21:04 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-04-12 21:05 . 2016-04-12 21:04 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-04-12 21:05 . 2016-04-12 21:04 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-04-12 21:05 . 2016-04-12 21:03 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-04-12 21:04 . 2016-04-12 21:04 52184 ----a-w- c:\windows\avastSS.scr
2016-04-12 20:46 . 2016-04-12 21:18 -------- d-----w- c:\program files\AVAST Software
2016-04-12 20:45 . 2016-04-12 21:18 -------- d-----w- c:\programdata\AVAST Software
2016-04-11 11:29 . 2016-04-11 11:29 -------- d-----w- c:\users\Mirča\AppData\Roaming\ProductData
2016-04-11 11:27 . 2016-04-12 21:29 -------- d-----w- c:\users\Mirča\AppData\Roaming\IObit
2016-04-11 11:12 . 2016-04-11 11:59 -------- d-----w- c:\users\Mirča\AppData\Roaming\uTorrent
2016-04-10 21:15 . 2016-04-10 21:15 -------- d-----w- c:\users\Mirča\AppData\Roaming\LolClient
2016-04-10 19:51 . 2016-04-10 19:51 -------- d-----w- c:\program files\Defraggler
2016-04-10 18:41 . 2016-04-10 18:41 -------- d-----w- c:\programdata\Riot Games
2016-04-10 18:40 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2016-04-10 18:40 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2016-04-10 18:40 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2016-04-10 18:40 . 2016-04-10 18:40 -------- d-----w- c:\program files\CCleaner
2016-04-10 18:29 . 2016-04-10 18:40 -------- d-----w- c:\users\Mirča\AppData\Roaming\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-10 19:05 . 2013-03-19 08:09 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-10 19:05 . 2012-02-16 13:22 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-03-11 8686296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-06-24 5199984]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-04-17 7390608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2012-12-17 159744]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2012-12-17 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AVerFx2hbtv64;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys;c:\windows\SYSNATIVE\drivers\AVerFx2hbtv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\downloads\Ovladače\NTIOLib_X64.sys;d:\downloads\Ovladače\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-10 18:30 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 19:05]
.
2016-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31 13:35]
.
2016-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31 13:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-04-12 21:04 920784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XeroxEndeavorBackgroundTask"="xrWCbgnd.dll" [2009-07-14 58368]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
TCP: DhcpNameServer = 217.30.64.53 217.30.64.54
FF - ProfilePath - c:\users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - ExtSQL: 2016-04-11 15:27; ascsurfingprotection@iobit.com; c:\users\MirÄŤa\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2016-04-13 00:43; adsremoval@adsremoval.net; c:\users\MirÄŤa\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\extensions\adsremoval@adsremoval.net
17
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - (no file)
AddRemove-Driver Booster_is1 - c:\program files (x86)\IObit\Driver Booster\unins000.exe
AddRemove-IObit Surfing Protection_is1 - c:\program files (x86)\IObit\Surfing Protection\unins000.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Celkový čas: 2016-04-17 21:03:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-04-17 19:03
ComboFix2.txt 2016-04-14 19:00
.
Před spuštěním: 7 298 342 912
Po spuštění: 7 260 930 048
.
- - End Of File - - 4992FA409F225E106336E754C1B17884
A36C5E4F47E84449FF07ED3517B43A31

markyzamek · #13 Příspěvek od **markyzamek** » 17 dub 2016 20:15

Ještě mám tedy otázku.
Když nic od IObitu nedoporučujete, tak co používat na čištění a údržbu pc? CCleaner a Defraggler by stačily?

#14 Příspěvek od **Márty84** » 17 dub 2016 20:22

markyzamek píše:CCleaner a Defraggler by stačily?

Mi bohate staci. IObit dokaze poradne naborit system.

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

markyzamek · #15 Příspěvek od **markyzamek** » 17 dub 2016 21:44

Tak Chrome mi to nepustil ani po vypnutí antiviru. Mozilla po ignorování upozornění bez problémů stáhla.
V příloze je Addition, Log zde:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016 01
Ran by Mirča (administrator) on MIRČA-PC (17-04-2016 22:38:36)
Running from C:\Users\Mirča\Desktop
Loaded Profiles: Mirča (Available Profiles: Mirča)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: "D:\Programs\Firefox\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(forum.viry.cz) C:\Users\Mirča\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XeroxEndeavorBackgroundTask] => rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5199984 2011-06-24] (VIA)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-17] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-12] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2016-04-14]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2016-04-14]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 217.30.64.53 217.30.64.54
Tcpip\..\Interfaces\{F61A94E8-D767-4466-AEC0-3D7B25CFC2EB}: [DhcpNameServer] 217.30.64.53 217.30.64.54

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-3000822321-160099729-2533544899-1001 -> Default = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
SearchScopes: HKLM-x32 -> DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3000822321-160099729-2533544899-1001 -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3000822321-160099729-2533544899-1001 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-02-16] (Oracle Corporation)
BHO-x32: Podpora odkazu pro Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2015-05-04] (PasswordBox, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-12] (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default
FF Homepage: hxxp://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-10] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-02-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Programs\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-05] (Google Inc.)
FF user.js: detected! => C:\Users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\user.js [2016-04-17]
FF Extension: Widevine Media Optimizer - C:\Users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2015-01-18] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-12]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\Programs\NOD32\Mozilla Thunderbird => not found
StartMenuInternet: FIREFOX.EXE - D:\Programs\Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-14]
CHR Extension: (Dokumenty Google) - C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Disk Google) - C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-14]
CHR Extension: (YouTube) - C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-14]
CHR Extension: (Tabulky Google) - C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (AdBlock) - C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-17]
CHR Extension: (Avast Online Security) - C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR Extension: (Gmail) - C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-12] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [352256 2008-06-06] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [409600 2008-07-14] () [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2016-04-12] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2016-04-12] (Advanced Micro Devices Inc.)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-12] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-13] (AVAST Software)
S3 AVerFx2hbtv64; C:\Windows\System32\drivers\AVerFx2hbtv64.sys [292224 2009-06-10] (AVerMedia TECHNOLOGIES, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-12] (REALiX(tm))
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2016-04-12] (Qualcomm Atheros Co., Ltd.)
S3 NTIOLib_1_0_C; D:\Downloads\Ovladače\NTIOLib_X64.sys [11888 2011-06-29] (MSI) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-17 22:38 - 2016-04-17 22:38 - 00016947 _____ C:\Users\Mirča\Desktop\FRST.txt
2016-04-17 22:38 - 2016-04-17 22:38 - 00000000 ____D C:\FRST
2016-04-17 22:31 - 2016-04-17 22:31 - 00112640 _____ (forum.viry.cz) C:\Users\Mirča\Desktop\FRSTLauncher.exe
2016-04-17 22:23 - 2016-04-17 22:23 - 02375680 _____ (Farbar) C:\Users\Mirča\Desktop\FRST64.exe
2016-04-17 22:20 - 2016-04-17 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2016-04-17 22:20 - 2016-04-17 22:20 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-04-17 22:20 - 2016-04-17 22:20 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2016-04-17 22:20 - 2016-04-17 22:20 - 00000000 ____D C:\Program Files (x86)\AMD APP
2016-04-17 22:18 - 2016-04-17 22:18 - 00000000 ____D C:\Windows\LastGood
2016-04-17 21:50 - 2016-04-17 21:50 - 00002930 _____ C:\Windows\System32\Tasks\{E22D848F-0756-4E42-982C-2CB6843DE7D8}
2016-04-17 21:50 - 2016-04-17 21:50 - 00000000 ____D C:\Windows\SysWOW64\.launcher_log
2016-04-17 21:50 - 2016-04-17 21:50 - 00000000 ____D C:\Users\Mirča\AppData\Local\ElevatedDiagnostics
2016-04-17 21:18 - 2016-04-17 21:18 - 00000710 _____ C:\Users\Public\Desktop\WarThunder.lnk
2016-04-17 21:18 - 2016-04-17 21:18 - 00000000 ____D C:\Users\Mirča\Documents\My Games
2016-04-17 21:18 - 2016-04-17 21:18 - 00000000 ____D C:\Users\Mirča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2016-04-17 21:03 - 2016-04-17 21:03 - 00047770 _____ C:\ComboFix.txt
2016-04-14 20:43 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-04-14 20:43 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-04-14 20:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-04-14 20:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-04-14 20:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-04-14 20:43 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-04-14 20:43 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-04-14 20:43 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-04-14 20:42 - 2016-04-17 21:04 - 00000000 ____D C:\Qoobox
2016-04-14 20:42 - 2016-04-17 20:57 - 00000000 ____D C:\Windows\erdnt
2016-04-14 20:40 - 2016-04-14 20:29 - 05660069 ____R (Swearware) C:\ComboFix.exe
2016-04-14 12:01 - 2016-04-14 12:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-14 12:01 - 2016-04-14 12:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-14 12:01 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-14 12:01 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-14 12:01 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-14 09:56 - 2016-04-14 09:58 - 00000000 ____D C:\AdwCleaner
2016-04-14 08:47 - 2016-04-14 08:47 - 00000000 ____D C:\Users\Mirča\Documents\ProcAlyzer Dumps
2016-04-14 07:33 - 2016-04-14 07:34 - 00000000 ____D C:\rsit
2016-04-14 07:33 - 2016-04-14 07:34 - 00000000 ____D C:\Program Files\trend micro
2016-04-14 02:12 - 2016-04-14 02:12 - 00000000 ____D C:\Users\Mirča\AppData\Roaming\dlg
2016-04-14 02:03 - 2016-04-14 02:03 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-14 02:03 - 2016-04-14 02:03 - 00000000 ____D C:\Program Files (x86)\Ninight
2016-04-14 02:03 - 2016-04-14 02:03 - 00000000 ____D C:\Program Files (x86)\Fedaryqeule
2016-04-14 01:56 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160414-015654.backup
2016-04-14 01:18 - 2016-04-14 01:18 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-04-13 16:11 - 2016-04-13 17:28 - 00000000 ____D C:\KVRT_Data
2016-04-12 23:50 - 2016-04-12 23:50 - 00000000 ____D C:\Windows\system32\SRSLabs
2016-04-12 23:50 - 2016-04-12 23:50 - 00000000 ____D C:\Program Files\VIA
2016-04-12 23:48 - 2016-04-12 23:48 - 27646720 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\EEP64H.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\EEP64A.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 03300528 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 01999640 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO264.DLL
2016-04-12 23:48 - 2016-04-12 23:48 - 01986048 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 01728280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO232.DLL
2016-04-12 23:48 - 2016-04-12 23:48 - 01161336 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 01013504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00879616 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO64.DLL
2016-04-12 23:48 - 2016-04-12 23:48 - 00876544 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00739328 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO32.DLL
2016-04-12 23:48 - 2016-04-12 23:48 - 00688648 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2016-04-12 23:48 - 2016-04-12 23:48 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00619520 _____ (Creative Technology Ltd.) C:\Windows\system32\VMTHX64.DLL
2016-04-12 23:48 - 2016-04-12 23:48 - 00554496 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMTHX32.DLL
2016-04-12 23:48 - 2016-04-12 23:48 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\EED64H.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\EED64A.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00388096 _____ (Creative Technology Ltd.) C:\Windows\system32\VMWRP64.DLL
2016-04-12 23:48 - 2016-04-12 23:48 - 00248952 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Dts2APO.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00137056 _____ (Dolby Laboratories) C:\Windows\system32\EEL64H.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00137056 _____ (Dolby Laboratories) C:\Windows\system32\EEL64A.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00123512 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00120160 _____ (Dolby Laboratories) C:\Windows\system32\EEA64H.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00120160 _____ (Dolby Laboratories) C:\Windows\system32\EEA64A.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00095352 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00092280 _____ (VIA Technologies, Inc.) C:\Windows\system32\Dts2PropPageExt.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00086016 _____ (QSound Labs, Inc.) C:\Windows\system32\nQPropPageExt.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00075104 _____ (Dolby Laboratories) C:\Windows\system32\EEG64H.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00075104 _____ (Dolby Laboratories) C:\Windows\system32\EEG64A.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00070776 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\VtSrdAPO.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPLD64.DLL
2016-04-12 23:48 - 2016-04-12 23:48 - 00055416 _____ (TODO: <Company name>) C:\Windows\system32\PropPageExt.dll
2016-04-12 23:48 - 2016-04-12 23:48 - 00053760 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPCN64.DLL
2016-04-12 23:48 - 2016-04-12 23:48 - 00030728 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\VMfilt64.sys
2016-04-12 23:48 - 2016-04-12 23:48 - 00027768 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe
2016-04-12 23:46 - 2016-04-12 23:46 - 00129224 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C62x64.sys
2016-04-12 23:43 - 2016-04-12 23:43 - 00011944 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\amdide64.sys
2016-04-12 23:29 - 2016-04-14 20:59 - 00003242 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2016-04-12 23:29 - 2016-04-14 20:59 - 00002874 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Mirča)
2016-04-12 23:29 - 2016-04-12 23:29 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2016-04-12 23:29 - 2016-04-12 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-04-12 23:26 - 2016-04-12 23:26 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-04-12 23:22 - 2016-04-12 23:04 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-12 23:19 - 2016-04-14 20:39 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-12 23:19 - 2016-04-12 23:23 - 00003038 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1460495993
2016-04-12 23:19 - 2016-04-12 23:18 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-12 23:07 - 2016-04-12 23:07 - 00000000 ____D C:\Users\Mirča\AppData\Roaming\AVAST Software
2016-04-12 23:06 - 2016-04-14 20:39 - 00001960 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-04-12 23:06 - 2016-04-14 01:26 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-12 23:06 - 2016-04-13 16:08 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-12 23:06 - 2016-04-12 23:06 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-04-12 23:06 - 2016-04-12 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-04-12 23:05 - 2016-04-13 16:13 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-04-12 23:05 - 2016-04-12 23:04 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-12 23:05 - 2016-04-12 23:04 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-12 23:05 - 2016-04-12 23:04 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-12 23:05 - 2016-04-12 23:04 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-12 23:05 - 2016-04-12 23:04 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-12 23:05 - 2016-04-12 23:04 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-12 23:05 - 2016-04-12 23:03 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-12 23:04 - 2016-04-12 23:04 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-12 22:48 - 2016-04-17 21:15 - 00000000 ____D C:\Windows\Minidump
2016-04-12 22:46 - 2016-04-12 23:18 - 00000000 ____D C:\Program Files\AVAST Software
2016-04-12 22:45 - 2016-04-12 23:18 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-12 22:43 - 2016-04-12 22:45 - 00000000 ____D C:\Users\Mirča\AppData\LocalLow\ADSRemoval
2016-04-12 19:59 - 2016-04-14 20:32 - 00000000 ____D C:\Users\Mirča\Desktop\Nepoužívané odkazy plochy
2016-04-11 13:37 - 2016-04-11 13:37 - 59064320 _____ C:\Windows\system32\config\SOFTWARE.iobit
2016-04-11 13:37 - 2016-04-11 13:37 - 00311296 _____ C:\Windows\system32\config\DEFAULT.iobit
2016-04-11 13:37 - 2016-04-11 13:37 - 00065536 _____ C:\Windows\system32\config\SAM.iobit
2016-04-11 13:37 - 2016-04-11 13:37 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit
2016-04-11 13:36 - 2016-04-11 13:36 - 00000218 _____ C:\Users\Mirča\AppData\Local\recently-used.xbel
2016-04-11 13:35 - 2016-04-11 13:35 - 00000882 _____ C:\Users\Mirča\Documents\hosts.txt
2016-04-11 13:29 - 2016-04-11 13:29 - 00000000 ____D C:\Users\Mirča\AppData\Roaming\ProductData
2016-04-11 13:27 - 2016-04-12 23:29 - 00000000 ____D C:\Users\Mirča\AppData\Roaming\IObit
2016-04-11 13:27 - 2016-04-12 23:29 - 00000000 ____D C:\Users\Mirča\AppData\LocalLow\IObit
2016-04-11 13:27 - 2016-04-11 13:27 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2016-04-11 13:12 - 2016-04-17 21:15 - 00000000 ____D C:\Users\Mirča\AppData\Roaming\uTorrent
2016-04-11 13:08 - 2016-04-11 13:08 - 00003300 _____ C:\Windows\System32\Tasks\Better Updater
2016-04-11 12:58 - 2016-04-14 10:07 - 00000000 ____D C:\Windows\pss
2016-04-10 23:30 - 2016-04-10 23:30 - 00000000 ____D C:\Users\Mirča\Documents\League of Legends
2016-04-10 23:15 - 2016-04-10 23:15 - 00000000 ____D C:\Users\Mirča\AppData\Roaming\LolClient
2016-04-10 21:51 - 2016-04-14 20:39 - 00001762 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-04-10 21:51 - 2016-04-10 21:51 - 00000000 ____D C:\Program Files\Defraggler
2016-04-10 20:41 - 2016-04-10 20:41 - 00000000 ____D C:\ProgramData\Riot Games
2016-04-10 20:40 - 2016-04-14 20:39 - 00000860 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-10 20:40 - 2016-04-10 20:40 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-10 20:40 - 2016-04-10 20:40 - 00000000 ____D C:\Program Files\CCleaner
2016-04-10 20:40 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-04-10 20:40 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-04-10 20:40 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-04-10 20:37 - 2016-04-10 20:38 - 00000000 ____D C:\Users\Mirča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-10 20:29 - 2016-04-10 20:40 - 00000000 ____D C:\Users\Mirča\AppData\Roaming\Riot Games
2016-04-10 20:26 - 2016-04-10 20:26 - 00000017 _____ C:\Users\Mirča\AppData\Local\resmon.resmoncfg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-17 22:20 - 2012-02-16 15:32 - 00000000 ____D C:\ProgramData\AMD
2016-04-17 22:20 - 2012-02-16 15:31 - 00000000 ____D C:\Program Files\ATI Technologies
2016-04-17 22:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-17 22:13 - 2009-07-14 06:45 - 00022032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-17 22:13 - 2009-07-14 06:45 - 00022032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-17 22:04 - 2013-03-19 10:09 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-17 21:48 - 2015-01-31 22:13 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-17 21:12 - 2015-04-30 18:44 - 00000000 ____D C:\Users\Mirča\Desktop\Mára
2016-04-17 21:00 - 2009-07-14 04:34 - 00000242 _____ C:\Windows\system.ini
2016-04-17 20:59 - 2015-01-31 22:13 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 20:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-17 20:42 - 2015-01-31 22:13 - 00000000 ____D C:\Users\Mirča\AppData\Local\Google
2016-04-14 20:41 - 2011-04-12 10:34 - 00666194 _____ C:\Windows\system32\perfh005.dat
2016-04-14 20:41 - 2011-04-12 10:34 - 00139890 _____ C:\Windows\system32\perfc005.dat
2016-04-14 20:41 - 2009-07-14 07:13 - 01576554 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-14 20:39 - 2015-09-24 20:40 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-14 20:39 - 2015-02-11 00:58 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-14 20:39 - 2015-01-31 22:14 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-14 20:39 - 2012-12-17 19:52 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
2016-04-14 20:39 - 2012-07-31 00:41 - 00001446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-04-14 20:39 - 2012-05-31 12:55 - 00000764 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
2016-04-14 20:39 - 2012-02-16 15:34 - 00001202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
2016-04-14 20:39 - 2012-02-16 15:12 - 00000719 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-14 20:39 - 2012-02-16 15:05 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-14 20:39 - 2012-02-16 15:04 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-14 20:39 - 2009-07-14 06:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-14 20:39 - 2009-07-14 06:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-04-14 20:39 - 2009-07-14 06:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-04-14 20:39 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-04-14 20:39 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-04-14 20:38 - 2014-02-03 21:48 - 00001224 _____ C:\Users\Mirča\Desktop\TSM.lnk
2016-04-14 20:38 - 2012-02-16 17:47 - 00000359 _____ C:\Users\Mirča\Desktop\Počítač.lnk
2016-04-14 20:38 - 2012-02-16 15:16 - 00000666 _____ C:\Users\Mirča\AppData\Roaming\Microsoft\Windows\Start Menu\BS.Player FREE.lnk
2016-04-14 20:38 - 2012-02-16 15:10 - 00001393 _____ C:\Users\Mirča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-14 20:38 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-04-14 20:38 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-04-14 20:34 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-04-14 20:32 - 2012-02-16 16:07 - 00000000 ____D C:\Program Files (x86)\TNod User & Password Finder
2016-04-14 20:32 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-14 10:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-11 13:41 - 2012-02-16 15:01 - 00000000 ____D C:\Windows\Panther
2016-04-11 13:27 - 2015-02-11 01:00 - 00000000 ____D C:\Users\Mirča\AppData\Roaming\Apple Computer
2016-04-11 13:13 - 2013-08-13 14:11 - 00000000 ____D C:\Program Files (x86)\BitLord 2
2016-04-11 13:12 - 2012-02-16 15:10 - 00000000 ____D C:\Users\Mirča\AppData\Local\VirtualStore
2016-04-11 13:08 - 2013-08-13 14:12 - 00000000 _____ C:\Users\Mirča\AppData\Roaming\bitlord_log.txt
2016-04-11 11:49 - 2013-11-27 12:41 - 00000000 ____D C:\Users\Mirča\AppData\Roaming\Dropbox
2016-04-10 21:05 - 2013-03-19 10:09 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-10 21:05 - 2013-03-19 10:09 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-10 21:05 - 2012-02-16 15:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-08-13 14:12 - 2016-04-11 13:08 - 0000000 _____ () C:\Users\Mirča\AppData\Roaming\bitlord_log.txt
2016-04-11 13:36 - 2016-04-11 13:36 - 0000218 _____ () C:\Users\Mirča\AppData\Local\recently-used.xbel
2016-04-10 20:26 - 2016-04-10 20:26 - 0000017 _____ () C:\Users\Mirča\AppData\Local\resmon.resmoncfg
2012-04-13 23:51 - 2014-01-29 10:02 - 0000085 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\Mirča\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Mir�a\Desktop" je 237 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"D:\Adobe Reader\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update
"C:\Users\Mir�a\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian
C:\Users\Mir�a\AppData\Roaming\QipGuard\QipGuard.exe /p [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall
"C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive
"D:\Programs\Virtual CloneDrive\VCDDaemon.exe" /s [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mir�a^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\MIRA~1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mir�a^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk
D:\Programs\OPENOF~2\program\QUICKS~1.EXE

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log =============================

VIRY.CZ

Malware

Malware

Re: Malware

Re: Malware

Re: Malware

Re: Malware

Re: Malware

Re: Malware

Re: Malware

Re: Malware

Re: Malware

Re: Malware

Re: Malware

Re: Malware

Re: Malware

Re: Malware