Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

problem pc

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
boldy70
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 07 úno 2017 15:22

problem pc

#1 Příspěvek od boldy70 »

Logfile of random's system information tool 1.14 (written by random/random)
Run by Ondrej at 2017-02-07 16:03:51
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 35 GB (35%) free of 100 GB
Total RAM: 4095 MB (58% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:03:53, on 7. 2. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\RAMRush\RAMRush.exe
C:\Users\Ondrej\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Bigold\Application\chrome.exe
C:\Program Files (x86)\Bigold\Application\chrome.exe
C:\Program Files (x86)\Bigold\Application\chrome.exe
C:\Program Files (x86)\Bigold\Application\chrome.exe
C:\Program Files (x86)\Bigold\Application\chrome.exe
C:\Program Files (x86)\Bigold\Application\chrome.exe
C:\Program Files (x86)\Bigold\Application\chrome.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\trend micro\Ondrej_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amisites.com/?type=hp&ts=148 ... XXZ2ABG15W
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amisites.com/?type=hp&ts=148 ... XXZ2ABG15W
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amisites.com/?type=hp&ts=148 ... XXZ2ABG15W
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.amisites.com/search/?type=ds ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.amisites.com/search/?type=ds ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amisites.com/?type=hp&ts=148 ... XXZ2ABG15W
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [5KPlayer.exe] "C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe" -auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ftweak_RAMRush] C:\Program Files (x86)\RAMRush\RAMRush.exe
O4 - HKCU\..\Run: [Google Update] C:\Users\Ondrej\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [Google Photos Backup] "C:\Users\Ondrej\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Update Service(FirefoxU) (FirefoxU) - Unknown owner - C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10631 bytes

======Enumerating Processes======

C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\SysWOW64\ASGT.exe
C:\Windows\system32\taskhost.exe
"C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\svchost.exe -k WinSAPSvc
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss a57b23ec-6994-4a58-b957-0a7f060e8f40 1
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Windows\SysWOW64\rundll32.exe" C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\RAMRush\RAMRush.exe"
"C:\Users\Ondrej\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe"
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\DllHost.exe /Processid:{B366DEBE-645B-43A5-B865-DDD82C345492}
"C:\Windows\system32\wuauclt.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\taskmgr.exe" /1
"C:\Program Files (x86)\Bigold\Application\chrome.exe" http://www.amisites.com/?type=sc&ts=148 ... XXZ2ABG15W
"C:\Program Files (x86)\Bigold\Application\chrome.exe" --type=watcher --main-thread-id=4776 --on-initialized-event-handle=316 --parent-handle=320 /prefetch:6
"C:\Program Files (x86)\Bigold\Application\chrome.exe" --type=gpu-process --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=6,16,17,18,21,37,65 --gpu-vendor-id=0x10de --gpu-device-id=0x1380 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4052 --gpu-driver-date=7-2-2014 --service-request-channel-token=CD0367D3D760D5E0D4FAADF3E7594F22 --mojo-platform-channel-handle=1040 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Bigold\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=FB2201A5409ABA05ADB6DDEF7F7D3A53 --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=FB2201A5409ABA05ADB6DDEF7F7D3A53 --mojo-platform-channel-handle=2584 /prefetch:1
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe"
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
"C:\Program Files (x86)\Bigold\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=04B1D8AB2EC472659851CFDAB280B1AF --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=04B1D8AB2EC472659851CFDAB280B1AF --mojo-platform-channel-handle=6844 /prefetch:1
"C:\Program Files (x86)\Bigold\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=B39EB9D73C96E610501E0B3E74B6AC79 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=B39EB9D73C96E610501E0B3E74B6AC79 --mojo-platform-channel-handle=3520 /prefetch:1
"C:\Program Files (x86)\Bigold\Application\chrome.exe" --type=renderer --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=C745B101456CF87E7F5C6B63D178CB8B --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=C745B101456CF87E7F5C6B63D178CB8B --mojo-platform-channel-handle=7504 /prefetch:1
C:\Windows\SysWOW64\ctfmon.exe
"C:\totalcmd\TOTALCMD.EXE"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"D:\stahovanie\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-335875147-4048281283-2714459802-1000Core - C:\Users\Ondrej\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-335875147-4048281283-2714459802-1000UA - C:\Users\Ondrej\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Milimili - "C:\Program Files (x86)\MIO\MIO.exe" -bindurl http://api.mhttxtv.com/st500dm002-1bc14 ... abg15w.exe cmd=
C:\Windows\system32\tasks\Phualeweary Community - "C:\Program Files (x86)\Chiterdomghhotion\vejaght.exe" 5f27ab6e-ba35-44d1-b914-0a1cd4468adf
C:\Windows\system32\tasks\WinTOOL - C:\ProgramData\wintools\WintoolUprI.exe /update
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-335875147-4048281283-2714459802-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
C:\Windows\system32\tasks\ASUS\ASUS Product Register Service - C:\Program Files (x86)\ASUS\APRP\aprp.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\qbrqosei.default-1486284158560

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon My Image Garden
"Path"=C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\qbrqosei.default-1486284158560\addons.json

C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\qbrqosei.default-1486284158560\extensions.json
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\qbrqosei.default-1486284158560\pluginreg.dat
Plugin - Adobe Acrobat - 15.23.20053.15062 - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
Plugin - Google Update - 1.3.32.7 - C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - NVIDIA 3D VISION - 7.17.13.4052 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Plugin - NVIDIA 3D Vision - 7.17.13.4052 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
Plugin - CANON iMAGE GATEWAY Album Plugin Utility for IJ - 5.0.0.0 - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
Plugin - Shockwave Flash - 24.0.0.194 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll
Plugin - Google Update - 1.3.32.7 - C:\Users\Ondrej\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll

=========Google Chrome=========

C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentácie Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Web Store 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Google Search 0.0.0.60
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension efaidnbmnnnibpcajpcglclefindmkaj 0 Adobe Acrobat 15.1.0.4
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension eofcbnmajmjmplflapaojjnihcjkigck 0 Avast SafePrice 12.0.155
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabuľky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google v režime offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.163
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage:
default_search_provider.search_url:
C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"=http://www.amisites.com/search/?type=ds ... earchTerms}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"URL"=http://www.google.com/search?q={searchT ... urceid=ie7


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"=http://www.amisites.com/search/?type=ds ... earchTerms}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"URL"=http://www.google.com/search?q={searchT ... urceid=ie7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23 209504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28 255088]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23 176736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28 193136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13 1307928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23 6141528]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2010-03-25 1548096]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28 255088]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23 4445272]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28 193136]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13 1307928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]
"CmPCIaudio"=C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-06 11057768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"ftweak_RAMRush"=C:\Program Files (x86)\RAMRush\RAMRush.exe [2009-09-17 670720]
"Google Update"=C:\Users\Ondrej\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [2016-12-17 601752]
"Google Photos Backup"=C:\Users\Ondrej\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [2016-04-08 3790936]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-03-30 113296]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2013-04-02 1282632]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"5KPlayer.exe"=C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe -auto []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8E5A1428-DC67-11E6-B9B2-64006A5CFC23}"=C:\Users\Ondrej\AppData\Roaming\Sterketvofash\Grerdetherplufige.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-02-07 15:16:32 ----D---- C:\rsit
2017-02-07 15:16:32 ----D---- C:\Program Files\trend micro
2017-02-07 15:00:38 ----A---- C:\Windows\system32\drivers\IOMap64.sys
2017-02-05 14:00:03 ----D---- C:\Program Files (x86)\R.G. Freedom
2017-02-05 09:50:23 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-02-04 16:00:20 ----D---- C:\Program Files (x86)\Microsoft
2017-02-04 11:42:41 ----D---- C:\Users\Ondrej\AppData\Roaming\ESET
2017-02-04 08:38:04 ----D---- C:\ProgramData\ESET
2017-02-04 08:37:59 ----D---- C:\Program Files\ESET
2017-02-03 19:10:20 ----D---- C:\Program Files\f09er35s
2017-02-03 10:43:01 ----D---- C:\Program Files (x86)\reports
2017-02-03 10:43:01 ----A---- C:\Program Files (x86)\settings.dat
2017-02-03 10:41:26 ----A---- C:\Windows\system32\drivers\staport.sys
2017-01-25 15:00:01 ----D---- C:\Windows\system32\log
2017-01-25 14:59:35 ----D---- C:\Users\Ondrej\AppData\Roaming\Firefox
2017-01-25 14:58:58 ----AD---- C:\Program Files (x86)\Firefox
2017-01-25 14:58:55 ----D---- C:\Program Files (x86)\Bigold
2017-01-24 08:18:34 ----D---- C:\Users\Ondrej\AppData\Roaming\WinSnare
2017-01-24 08:18:34 ----D---- C:\Program Files (x86)\WinSnare(4.0.8)
2017-01-23 15:01:21 ----D---- C:\Program Files (x86)\0s2g9hpl
2017-01-23 14:58:06 ----D---- C:\ProgramData\wintools
2017-01-23 14:57:54 ----D---- C:\Program Files (x86)\WinArcher
2017-01-23 14:57:50 ----D---- C:\Program Files (x86)\Gubed
2017-01-23 14:57:43 ----D---- C:\ProgramData\WinSAPSvc
2017-01-23 14:57:42 ----D---- C:\Program Files (x86)\MIO
2017-01-23 14:53:19 ----D---- C:\Program Files\0s2g9hpl
2017-01-22 18:35:27 ----D---- C:\ProgramData\Steam
2017-01-22 18:28:56 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2017-01-22 18:28:56 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2017-01-22 18:28:56 ----A---- C:\Windows\system32\d3dx10_40.dll
2017-01-22 18:28:56 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2017-01-22 18:28:55 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2017-01-22 18:28:55 ----A---- C:\Windows\system32\D3DX9_40.dll
2017-01-21 14:05:45 ----D---- C:\Program Files (x86)\Phualeweary Community
2017-01-21 14:05:43 ----D---- C:\ProgramData\Avira
2017-01-21 14:05:43 ----D---- C:\ProgramData\Avg
2017-01-21 14:03:42 ----D---- C:\Users\Ondrej\AppData\Roaming\Sterketvofash
2017-01-21 14:03:41 ----D---- C:\Users\Ondrej\AppData\Roaming\Profiles
2017-01-21 14:03:40 ----D---- C:\Program Files (x86)\Chiterdomghhotion

======List of files/folders modified in the last 1 month======

2017-02-07 16:03:52 ----D---- C:\Windows\Temp
2017-02-07 15:59:20 ----D---- C:\Windows\Prefetch
2017-02-07 15:20:56 ----D---- C:\Windows\system32\config
2017-02-07 15:16:32 ----RD---- C:\Program Files
2017-02-07 15:00:38 ----D---- C:\Windows\system32\drivers
2017-02-07 14:59:49 ----D---- C:\ProgramData\NVIDIA
2017-02-06 22:56:35 ----SHD---- C:\Windows\Installer
2017-02-06 22:55:06 ----D---- C:\Windows\SYSWOW64\directx
2017-02-06 22:17:55 ----D---- C:\Users\Ondrej\AppData\Roaming\TS3Client
2017-02-06 17:36:35 ----SHD---- C:\System Volume Information
2017-02-06 12:25:16 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-05 18:25:02 ----D---- C:\Users\Ondrej\AppData\Roaming\vlc
2017-02-05 17:21:05 ----RD---- C:\Program Files (x86)
2017-02-05 11:20:34 ----SD---- C:\ProgramData\Microsoft
2017-02-05 11:13:32 ----D---- C:\Windows\registration
2017-02-04 14:06:23 ----D---- C:\Windows\Logs
2017-02-04 14:05:22 ----D---- C:\Windows\SysWOW64
2017-02-04 11:37:58 ----D---- C:\Windows\System32
2017-02-04 11:35:54 ----SD---- C:\Users\Ondrej\AppData\Roaming\Microsoft
2017-02-04 09:01:06 ----D---- C:\Program Files (x86)\DAEMON Tools Toolbar
2017-02-04 08:49:04 ----D---- C:\Windows\system32\wdi
2017-02-04 08:41:32 ----D---- C:\Windows\inf
2017-02-04 08:38:48 ----D---- C:\Windows\system32\DriverStore
2017-02-04 08:38:48 ----D---- C:\Windows\system32\catroot
2017-02-04 08:38:04 ----HD---- C:\ProgramData
2017-02-04 07:29:32 ----D---- C:\Windows
2017-02-03 22:58:21 ----D---- C:\Windows\system32\Tasks
2017-02-03 22:42:38 ----D---- C:\Users\Ondrej\AppData\Roaming\uTorrent
2017-02-03 10:51:35 ----D---- C:\ProgramData\CanonIJPLM
2017-02-02 14:56:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-02 10:46:12 ----D---- C:\Windows\system32\catroot2
2017-01-27 16:56:02 ----D---- C:\Program Files (x86)\Google
2017-01-27 15:16:18 ----D---- C:\Users\Ondrej\AppData\Roaming\DAEMON Tools Lite
2017-01-26 20:12:28 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2017-01-23 20:58:18 ----D---- C:\ProgramData\AVAST Software
2017-01-22 18:31:57 ----D---- C:\ProgramData\Package Cache
2017-01-22 18:28:34 ----RSD---- C:\Windows\assembly
2017-01-21 14:05:43 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2017-01-21 14:05:43 ----D---- C:\Program Files (x86)\DearMob
2017-01-21 14:05:43 ----D---- C:\Program Files (x86)\Canon
2017-01-10 15:24:18 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-01-10 15:24:15 ----D---- C:\Windows\system32\Macromed
2017-01-10 15:24:13 ----D---- C:\Windows\SYSWOW64\Macromed
2017-01-09 18:44:00 ----D---- C:\Windows\SoftwareDistribution

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-08-24 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2016-10-14 834544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-12-13 132272]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-12-13 180544]
R1 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2016-12-13 70960]
R3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmudax3.sys [2009-05-22 1155072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-06 2419176]
R3 IOMap;IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [2013-07-02 24824]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 78336]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 181248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-07-02 197408]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2016-02-09 44640]
S3 at201c0v;at201c0v; C:\Windows\system32\drivers\at201c0v.sys []
S3 ATICDSDr;ATICDSDr; \??\C:\Users\Ondrej\AppData\Local\Temp\ATICDSDr.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-02-13 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-02-13 47672]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 ASGT;ASGT; C:\Windows\SysWOW64\ASGT.exe [2012-01-17 55296]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2016-12-14 2836296]
R2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09 154440]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 18956064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-07-02 935368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 411936]
R2 WinSAPSvc;WinSAPSvc; C:\Windows\SysWOW64\svchost.exe [2009-07-14 20992]
R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-13 240408]
S2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-13 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 FirefoxU;Update Service(FirefoxU); C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [2017-01-23 160432]
S2 Juhisprezory;Juhisprezory; %SystemRoot%\system32\svchost.exe -k Juhisprezory;"ServiceDll"=C:\Program Files (x86)\Chiterdomghhotion\lflylitisyeng.dll
S2 MSCFG_SVR;Microsoft Report Service; %SystemRoot%\System32\svchost.exe -k ms_svs;"ServiceDll"=C:\ProgramData\Microsoft\Office\office_update.dll
S2 WinSnare;WinSnare; C:\Windows\System32\svchost.exe -k WinSnare;"ServiceDll"=C:\Users\Ondrej\AppData\Roaming\WinSnare\WinSnare.dll
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10 270936]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09 154440]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-02-12 194032]
S3 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2013-05-14 140936]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-02-05 172488]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: problem pc

#2 Příspěvek od Roli »

Zdravím, co přesně je s PC za problém ?


V mezičase použij Avast cleaner aby po sobě uklidil, protože tam nechal nějaké zbytky.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
boldy70
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 07 úno 2017 15:22

Re: problem pc

#3 Příspěvek od boldy70 »

cau.cleaner uz nepomaha.PROBLEM MAM :Sluzba Motivy nie je spustena, a potom spravca okien na prac. ploche je vypnuty. ( SPODNAbiela lista)
Mozilla sa sama preinstalovala na amisites a ani neviem co to je.problem sa stale vracia. dakujem
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: problem pc

#4 Příspěvek od Roli »

boldy70 píše:cau.cleaner uz nepomaha
Já píšu abys použil Avast cleaner který vyčistí zbytky jen po Avastu který jsi tam zřejmě někdy měl.


Stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.


P.S. to modré písmo je proklik na stažení požadovaného programu.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
boldy70
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 07 úno 2017 15:22

Re: problem pc

#5 Příspěvek od boldy70 »

# AdwCleaner v6.043 - *Logfile created 09/02/2017 *at 22:16:52
# *Updated on 27/01/2017 by Malwarebytes
# *Database : 2017-02-09.1 [*Server]
# *Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# *Username : Ondrej - ONDREJ-PC
# *Running from : D:\stahovanie\AdwCleaner.exe
# *Mode: Clean
# *Support : https://www.malwarebytes.com/support



***** [ *Services ] *****

[-] *Service deleted: FirefoxU
[-] *Service deleted: WinSAPSvc
[-] *Service deleted: WinSnare


***** [ *Folders ] *****

[-] *Folder deleted: C:\Program Files (x86)\WinSnare(4.0.8)
[-] *Folder deleted: C:\Users\Ondrej\AppData\Roaming\RPEng
[-] *Folder deleted: C:\Users\Ondrej\AppData\Roaming\WinSnare
[-] *Folder deleted: C:\ProgramData\WinSAPSvc
[#] *Folder deleted on reboot: C:\ProgramData\winsapsvc
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\WinSAPSvc
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\winsapsvc
[-] *Folder deleted: C:\Program Files (x86)\DAEMON Tools Toolbar
[-] *Folder deleted: C:\Program Files (x86)\WinArcher
[#] *Folder deleted on reboot: C:\Program Files (x86)\winarcher
[-] *Folder deleted: C:\Program Files (x86)\Gubed
[-] *Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
[-] *Folder deleted: C:\Program Files (x86)\Firefox
[-] *Folder deleted: C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
[-] *Folder deleted: C:\ProgramData\WinTools
[#] *Folder deleted on reboot: C:\Users\Ondrej\AppData\Roaming\WinSnare
[-] *Folder deleted: C:\Program Files (x86)\MIO
[-] *Folder deleted: C:\Program Files (x86)\reports


***** [ *Files ] *****

[-] *File deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] *File deleted: C:\Windows\Reimage.ini
[-] *File deleted: C:\Program Files (x86)\settings.dat
[-] *File deleted: C:\Users\Public\Documents\temp.dat
[-] *File deleted: C:\Users\Public\Documents\report.dat


***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****

[-] *Shortcut disinfected: C:\Users\Public\Desktop\Google Chrome.lnk
[-] *Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] *Shortcut disinfected: C:\Users\Ondrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[-] *Shortcut disinfected: C:\Users\Ondrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] *Shortcut disinfected: C:\Users\Ondrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] *Shortcut disinfected: C:\Users\Ondrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] *Shortcut disinfected: C:\Users\Ondrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] *Shortcut disinfected: C:\Users\Ondrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] *Shortcut disinfected: C:\Users\Ondrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
[-] *Shortcut disinfected: C:\Users\Ondrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
[-] *Shortcut disinfected: C:\Users\Ondrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk
[-] *Shortcut disinfected: C:\Users\Ondrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\57c1b4227860d00a\user0 - Chrome.lnk
[-] *Shortcut disinfected: C:\Users\Ondrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk


***** [ *Scheduled Tasks ] *****

[-] *Task deleted: WinTOOL
[-] *Task deleted: Milimili


***** [ *Registry ] *****

[-] *Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] *Key deleted: HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
[-] *Key deleted: HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] *Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] *Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] *Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] *Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] *Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] *Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
[-] *Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] *Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] *Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] *Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] *Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] *Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
[-] *Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
[-] *Key deleted: HKU\.DEFAULT\Software\jhdbca
[-] *Key deleted: HKU\S-1-5-21-335875147-4048281283-2714459802-1000\Software\dt soft\daemon tools toolbar
[-] *Key deleted: HKU\S-1-5-21-335875147-4048281283-2714459802-1000\Software\PRODUCTSETUP
[-] *Key deleted: HKU\S-1-5-21-335875147-4048281283-2714459802-1000\Software\Reimage
[-] *Key deleted: HKU\S-1-5-21-335875147-4048281283-2714459802-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] *Key deleted: HKU\S-1-5-21-335875147-4048281283-2714459802-1000\Software\csastats
[-] *Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-335875147-4048281283-2714459802-1000\Software\dt soft\daemon tools toolbar
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\jhdbca
[#] *Key deleted on reboot: HKCU\Software\dt soft\daemon tools toolbar
[#] *Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] *Key deleted on reboot: HKCU\Software\Reimage
[#] *Key deleted on reboot: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] *Key deleted on reboot: HKCU\Software\csastats
[-] *Key deleted: HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] *Key deleted: HKLM\SOFTWARE\ScreenShot
[-] *Key deleted: HKLM\SOFTWARE\jhdbca
[-] *Key deleted: HKLM\SOFTWARE\WinArcher
[-] *Key deleted: HKLM\SOFTWARE\amisitesSoftware
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-335875147-4048281283-2714459802-1000\Software\dt soft\daemon tools toolbar
[#] *Key deleted on reboot: [x64] HKCU\Software\dt soft\daemon tools toolbar
[#] *Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] *Key deleted on reboot: [x64] HKCU\Software\Reimage
[#] *Key deleted on reboot: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] *Key deleted on reboot: [x64] HKCU\Software\csastats
[-] *Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] *Key deleted: [x64] HKLM\SOFTWARE\jhdbca
[-] *Key deleted: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] *Data restored: HKU\S-1-5-21-335875147-4048281283-2714459802-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] *Data restored: HKU\S-1-5-21-335875147-4048281283-2714459802-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] *Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] *Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] *Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] *Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] *Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] *Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] *Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] *Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] *Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] *Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] *Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] *Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] *Key deleted: HKU\S-1-5-21-335875147-4048281283-2714459802-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] *Key deleted: HKU\S-1-5-21-335875147-4048281283-2714459802-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] *Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
[-] *Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] *Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] *Data restored: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[-] *Key deleted: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] *Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] *Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] *Value deleted: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
[-] *Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
[-] *Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] *Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] *Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]


***** [ *Browsers ] *****

[-] [C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] *Deleted: hxxp://www.amisites.com/?type=hp&ts=1486114929 ... XXZ2ABG15W
[-] [C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] *Deleted: hxxp://www.amisites.com/searchfavicon.ico
[-] [C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [homepage] *Deleted: hxxp://www.amisites.com/?type=hp&ts=1486114929 ... XXZ2ABG15W


*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [13789 *Bytes] - [09/02/2017 22:16:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [15840 *Bytes] - [09/02/2017 22:15:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [13939 *Bytes] ##########
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: problem pc

#6 Příspěvek od Roli »

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
boldy70
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 07 úno 2017 15:22

Re: problem pc

#7 Příspěvek od boldy70 »

2010
Nahoru
boldy70
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 07 úno 2017 15:22

Re: problem pc

#8 Příspěvek od boldy70 »

mboFix 17-01-29.01 - Ondrej . 02. 2017 11:36:37.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.4095.2957 [GMT 1:00]
Running from: d:\stahovanie\ComboFix.exe
AV: ESET NOD32 Antivirus 10.0.386.1 *Enabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
SP: ESET NOD32 Antivirus 10.0.386.1 *Enabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2017-01-12 to 2017-02-12 )))))))))))))))))))))))))))))))
.
.
2017-02-12 10:52 . 2017-02-12 10:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-12 09:16 . 2017-02-12 09:16 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2017-02-09 21:13 . 2017-02-09 21:16 -------- d-----w- C:\AdwCleaner
2017-02-07 14:16 . 2017-02-07 15:03 -------- d-----w- c:\program files\trend micro
2017-02-07 14:16 . 2017-02-07 14:16 -------- d-----w- C:\rsit
2017-02-05 13:00 . 2017-02-05 13:00 -------- d-----w- c:\program files (x86)\R.G. Freedom
2017-02-04 15:00 . 2017-02-04 15:00 -------- d-----w- c:\program files (x86)\Microsoft
2017-02-04 07:49 . 2017-02-04 07:49 -------- d-----w- c:\users\Ondrej\AppData\Local\ESET
2017-02-04 07:37 . 2017-02-04 07:37 -------- d-----w- c:\program files\ESET
2017-02-03 18:10 . 2017-02-03 18:10 -------- d-----w- c:\program files\f09er35s
2017-02-03 09:41 . 2017-02-03 09:41 44952 ----a-w- c:\windows\system32\drivers\staport.sys
2017-01-25 14:02 . 2017-01-25 14:02 -------- d-----w- c:\users\Ondrej\AppData\Local\Firefox
2017-01-25 14:00 . 2017-02-09 21:16 -------- d-----w- c:\windows\system32\log
2017-01-25 13:59 . 2017-01-25 13:59 -------- d-----w- c:\users\Ondrej\AppData\Local\Bigold
2017-01-25 13:59 . 2017-01-25 13:59 -------- d-----w- c:\users\Ondrej\AppData\Roaming\Firefox
2017-01-25 13:58 . 2017-01-25 13:58 -------- d-----w- c:\program files (x86)\Bigold
2017-01-23 14:01 . 2017-01-23 14:01 -------- d-----w- c:\program files (x86)\0s2g9hpl
2017-01-23 13:53 . 2017-02-03 14:09 -------- d-----w- c:\program files\0s2g9hpl
2017-01-22 17:35 . 2017-01-22 17:35 -------- d-----w- c:\programdata\Steam
2017-01-22 17:28 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2017-01-22 17:28 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2017-01-22 17:28 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2017-01-22 17:28 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2017-01-22 17:28 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2017-01-22 17:28 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2017-01-21 14:44 . 2017-01-21 14:44 -------- d-----w- c:\users\Ondrej\AppData\Local\CrashRpt
2017-01-21 13:05 . 2017-02-04 07:45 -------- d-----w- c:\program files (x86)\Phualeweary Community
2017-01-21 13:05 . 2017-01-21 13:05 -------- d-----w- c:\programdata\Avira
2017-01-21 13:05 . 2017-01-21 13:05 -------- d-----w- c:\programdata\Avg
2017-01-21 13:03 . 2017-01-21 16:11 -------- d-----w- c:\users\Ondrej\AppData\Roaming\Sterketvofash
2017-01-21 13:03 . 2017-01-21 13:06 -------- d-----w- c:\users\Ondrej\AppData\Local\Repetainclekotain
2017-01-21 13:03 . 2017-01-21 13:05 -------- d-----w- c:\users\Ondrej\AppData\Roaming\Profiles
2017-01-21 13:03 . 2017-02-04 07:45 -------- d-----w- c:\program files (x86)\Chiterdomghhotion
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-10 14:24 . 2016-02-14 10:01 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-10 14:24 . 2016-02-14 10:01 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-02 19:39 . 2017-01-02 19:40 921280 ----a-w- c:\windows\SysWow64\ucrtbase.dll
2017-01-02 19:39 . 2017-01-02 19:40 992960 ----a-w- c:\windows\system32\ucrtbase.dll
2016-12-13 16:11 . 2016-12-13 16:11 70960 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2016-12-13 16:11 . 2016-12-13 16:11 180544 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-12-13 16:11 . 2016-12-13 16:11 132272 ----a-w- c:\windows\system32\drivers\eamonm.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ftweak_RAMRush"="c:\program files (x86)\RAMRush\RAMRush.exe" [2009-09-17 670720]
"Google Photos Backup"="c:\users\Ondrej\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" [2016-04-08 3790936]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2013-04-02 1282632]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:2b43a99da /wow /dir:C:\Program
.
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Juhisprezory;Juhisprezory;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 MSCFG_SVR;Microsoft Report Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 ATICDSDr;ATICDSDr;c:\users\Ondrej\AppData\Local\Temp\ATICDSDr.sys;c:\users\Ondrej\AppData\Local\Temp\ATICDSDr.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Juhisprezory REG_MULTI_SZ Juhisprezory
ms_svs REG_MULTI_SZ MSCFG_SVR
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-14 14:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-09-07 8151040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mDefault_Search_URL =
mDefault_Page_URL =
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page =
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 88.212.8.8 88.212.8.88
FF - ProfilePath - c:\users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\qbrqosei.default-1486284158560\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-5KPlayer.exe - c:\program files (x86)\DearMob\5KPlayer\5KPlayer.exe
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellExecuteHooks-{8E5A1428-DC67-11E6-B9B2-64006A5CFC23} - c:\users\Ondrej\AppData\Roaming\Sterketvofash\Grerdetherplufige.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-02-12 12:23:34
ComboFix-quarantined-files.txt 2017-02-12 11:23
.
Pre-Run: 36 161 404 928 bytes free
Post-Run: 36 104 396 800 bytes free
.
- - End Of File - - B51950CB30111FAEF66549E7CEB239A5
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: problem pc

#9 Příspěvek od Roli »

Není dobré tam cpát obden jiný antivir, jsou tam ještě nějaké zbytky po AVG a Avira, tímto si PC akorát zeneřádíš.


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::
c:\programdata\Avira
c:\programdata\Avg

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš.

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
boldy70
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 07 úno 2017 15:22

Re: problem pc

#10 Příspěvek od boldy70 »

Folder::
c:\programdata\Avira
c:\programdata\Avg

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]ComboFix 17-01-29.01 - Ondrej . 02. 2017 11:36:37.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.4095.2957 [GMT 1:00]
Running from: d:\stahovanie\ComboFix.exe
AV: ESET NOD32 Antivirus 10.0.386.1 *Enabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
SP: ESET NOD32 Antivirus 10.0.386.1 *Enabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2017-01-12 to 2017-02-12 )))))))))))))))))))))))))))))))
.
.
2017-02-12 10:52 . 2017-02-12 10:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-12 09:16 . 2017-02-12 09:16 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2017-02-09 21:13 . 2017-02-09 21:16 -------- d-----w- C:\AdwCleaner
2017-02-07 14:16 . 2017-02-07 15:03 -------- d-----w- c:\program files\trend micro
2017-02-07 14:16 . 2017-02-07 14:16 -------- d-----w- C:\rsit
2017-02-05 13:00 . 2017-02-05 13:00 -------- d-----w- c:\program files (x86)\R.G. Freedom
2017-02-04 15:00 . 2017-02-04 15:00 -------- d-----w- c:\program files (x86)\Microsoft
2017-02-04 07:49 . 2017-02-04 07:49 -------- d-----w- c:\users\Ondrej\AppData\Local\ESET
2017-02-04 07:37 . 2017-02-04 07:37 -------- d-----w- c:\program files\ESET
2017-02-03 18:10 . 2017-02-03 18:10 -------- d-----w- c:\program files\f09er35s
2017-02-03 09:41 . 2017-02-03 09:41 44952 ----a-w- c:\windows\system32\drivers\staport.sys
2017-01-25 14:02 . 2017-01-25 14:02 -------- d-----w- c:\users\Ondrej\AppData\Local\Firefox
2017-01-25 14:00 . 2017-02-09 21:16 -------- d-----w- c:\windows\system32\log
2017-01-25 13:59 . 2017-01-25 13:59 -------- d-----w- c:\users\Ondrej\AppData\Local\Bigold
2017-01-25 13:59 . 2017-01-25 13:59 -------- d-----w- c:\users\Ondrej\AppData\Roaming\Firefox
2017-01-25 13:58 . 2017-01-25 13:58 -------- d-----w- c:\program files (x86)\Bigold
2017-01-23 14:01 . 2017-01-23 14:01 -------- d-----w- c:\program files (x86)\0s2g9hpl
2017-01-23 13:53 . 2017-02-03 14:09 -------- d-----w- c:\program files\0s2g9hpl
2017-01-22 17:35 . 2017-01-22 17:35 -------- d-----w- c:\programdata\Steam
2017-01-22 17:28 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2017-01-22 17:28 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2017-01-22 17:28 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2017-01-22 17:28 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2017-01-22 17:28 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2017-01-22 17:28 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2017-01-21 14:44 . 2017-01-21 14:44 -------- d-----w- c:\users\Ondrej\AppData\Local\CrashRpt
2017-01-21 13:05 . 2017-02-04 07:45 -------- d-----w- c:\program files (x86)\Phualeweary Community
2017-01-21 13:05 . 2017-01-21 13:05 -------- d-----w- c:\programdata\Avira
2017-01-21 13:05 . 2017-01-21 13:05 -------- d-----w- c:\programdata\Avg
2017-01-21 13:03 . 2017-01-21 16:11 -------- d-----w- c:\users\Ondrej\AppData\Roaming\Sterketvofash
2017-01-21 13:03 . 2017-01-21 13:06 -------- d-----w- c:\users\Ondrej\AppData\Local\Repetainclekotain
2017-01-21 13:03 . 2017-01-21 13:05 -------- d-----w- c:\users\Ondrej\AppData\Roaming\Profiles
2017-01-21 13:03 . 2017-02-04 07:45 -------- d-----w- c:\program files (x86)\Chiterdomghhotion
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-10 14:24 . 2016-02-14 10:01 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-10 14:24 . 2016-02-14 10:01 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-02 19:39 . 2017-01-02 19:40 921280 ----a-w- c:\windows\SysWow64\ucrtbase.dll
2017-01-02 19:39 . 2017-01-02 19:40 992960 ----a-w- c:\windows\system32\ucrtbase.dll
2016-12-13 16:11 . 2016-12-13 16:11 70960 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2016-12-13 16:11 . 2016-12-13 16:11 180544 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-12-13 16:11 . 2016-12-13 16:11 132272 ----a-w- c:\windows\system32\drivers\eamonm.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ftweak_RAMRush"="c:\program files (x86)\RAMRush\RAMRush.exe" [2009-09-17 670720]
"Google Photos Backup"="c:\users\Ondrej\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" [2016-04-08 3790936]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2013-04-02 1282632]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:2b43a99da /wow /dir:C:\Program
.
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Juhisprezory;Juhisprezory;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 MSCFG_SVR;Microsoft Report Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 ATICDSDr;ATICDSDr;c:\users\Ondrej\AppData\Local\Temp\ATICDSDr.sys;c:\users\Ondrej\AppData\Local\Temp\ATICDSDr.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Juhisprezory REG_MULTI_SZ Juhisprezory
ms_svs REG_MULTI_SZ MSCFG_SVR
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-14 14:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-09-07 8151040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mDefault_Search_URL =
mDefault_Page_URL =
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page =
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 88.212.8.8 88.212.8.88
FF - ProfilePath - c:\users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\qbrqosei.default-1486284158560\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-5KPlayer.exe - c:\program files (x86)\DearMob\5KPlayer\5KPlayer.exe
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellExecuteHooks-{8E5A1428-DC67-11E6-B9B2-64006A5CFC23} - c:\users\Ondrej\AppData\Roaming\Sterketvofash\Grerdetherplufige.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-02-12 12:23:34
ComboFix-quarantined-files.txt 2017-02-12 11:23
.
Pre-Run: 36 161 404 928 bytes free
Post-Run: 36 104 396 800 bytes free
.
- - End Of File - - B51950CB30111FAEF66549E7CEB239A5
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: problem pc

#11 Příspěvek od Roli »

Proč neděláš přesně to co píšu ?

Tak že znovu.
Roli píše:Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::
c:\programdata\Avira
c:\programdata\Avg

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš.

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“