Queryrouter, OZIP, Rambler etc.

[Kiara]

Dobrý den, pěkně prosím o radu. Při otevření internetového okna (používám Google Chrome) se mi automaticky z chromu hned mění okno na okno Query router a vyhledávač skáče na OZIP, Rambler a jiné nesmysly, přičemž mi otevírá i okna s pornotématikou, což je pro matku 10-letého synka fakt nežádoucí (. Navíc jdou zmíněná okna opravdu těžce zavřít! Zkoušela jsem odstranit problém pomocí AVG, Ad-Aware, Avast, kontrolou nastavení Chromu atd., ale bez úspěchu. Takže rovnou log.txt zde prosím:

Logfile of random's system information tool 1.10 (written by random/random)
Run by pavel a iva at 2017-04-03 19:53:58
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 319 GB (68%) free of 468 GB
Total RAM: 4095 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:54:07, on 3.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\pavel a iva.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=95044903_hao_pg
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://no-stops.net/wpad.dat?0648c42b9d ... 8121890855
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2254503229-660155158-3332669493-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2254503229-660155158-3332669493-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~4\Office12\GRA32A~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9849 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe"
AvastUI.exe /nogui
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
WLIDSvcM.exe 2808
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-befe4af1-3b96-49be-86ca-5a5611ab2ceb -SystemEventPortName:HostProcess-7dc271da-d923-4255-990d-b38fb32c376f -IoCancelEventPortName:HostProcess-382fe81f-f375-49e8-9923-a6ab0a9ab2b6 -NonStateChangingEventPortName:HostProcess-9df20109-b93b-460c-8edb-d5f6e1c20a5e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e6cbfcbf-5347-4340-b4cc-11385b71f09c -DeviceGroupId:WpdFsGroup
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=56.0.2924.87 --initial-client-data=0xd0,0xd4,0xd8,0xcc,0xdc,0x7fef04e1160,0x7fef04e1140,0x7fef04e1118
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2696 --on-initialized-event-handle=412 --parent-handle=416 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/ControlForTcpLowat/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled4/InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/SaveAsMenuText/default/SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled2/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingLaunched/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_07/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,18,19,20,23,40,71 --gpu-vendor-id=0x10de --gpu-device-id=0x0400 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.1090 --gpu-driver-date=12-29-2012 --gpu-secondary-vendor-ids=0x0000 --gpu-secondary-device-ids=0x0000 --service-request-channel-token=BD73F825CA147EDC00F6221D82A3980C --mojo-platform-channel-handle=1048 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --lang=cs --service-request-channel-token=59D52C132F7064B6B5D37B54A07522DD --mojo-platform-channel-handle=2788 --ignored=" --type=renderer " /prefetch:8
"C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/ControlForTcpLowat/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled4/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/*PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SaveAsMenuText/default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled2/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingLaunched/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_07/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsInterventionV2/Default/ --primordial-pipe-token=22E13DC442217ED4B0C97002527DBD82 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --service-request-channel-token=22E13DC442217ED4B0C97002527DBD82 --renderer-client-id=48 --mojo-platform-channel-handle=6040 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/ControlForTcpLowat/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled4/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/*PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SaveAsMenuText/default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled2/*SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingLaunched/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_07/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsInterventionV2/Default/ --primordial-pipe-token=A234B5557C05B5C089A31F692BC53DCE --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --service-request-channel-token=A234B5557C05B5C089A31F692BC53DCE --renderer-client-id=54 --mojo-platform-channel-handle=5588 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520

"C:\Users\pavel a iva\Downloads\RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-21 893936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-22 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-21 771816]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-22 186944]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-07-17 8418584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
C:\Program Files (x86)\BlueStacks\HD-Agent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2015-07-17 8418584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Users\pavel a iva\DAEMON Tools Pro\DTAgent.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2011-03-29 408432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2011-03-29 202608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_85843E0F71DE959CB0CB6413D03AF1E4]
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2017-02-01 1116504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotkey Utility]
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup]
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-02 1155928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray]
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-04-02 340848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22 587288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^pavel a iva^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
G:\OpenOffice.org 3\program\quickstart.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-03-21 205512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\QQPCRTP]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-04-03 19:53:58 ----D---- C:\rsit
2017-04-03 19:53:58 ----D---- C:\Program Files\trend micro
2017-04-03 19:53:48 ----D---- C:\ProgramData\SWCUTemp
2017-03-26 18:37:52 ----SHD---- C:\Config.Msi
2017-03-21 19:30:06 ----A---- C:\Windows\system32\aswBoot.exe
2017-03-21 12:54:56 ----D---- C:\ProgramData\BitDefender
2017-03-21 12:23:33 ----A---- C:\Windows\system32\winresume.exe
2017-03-21 12:23:28 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2017-03-21 12:23:27 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2017-03-21 12:23:26 ----A---- C:\Windows\system32\spwmp.dll
2017-03-21 12:23:25 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2017-03-21 12:23:25 ----A---- C:\Windows\system32\qdvd.dll
2017-03-21 12:23:25 ----A---- C:\Windows\system32\msnetobj.dll
2017-03-21 12:23:25 ----A---- C:\Windows\system32\evr.dll
2017-03-21 12:23:25 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2017-03-21 12:23:25 ----A---- C:\Windows\system32\cryptnet.dll
2017-03-21 12:23:24 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2017-03-21 12:23:24 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-03-21 12:23:24 ----A---- C:\Windows\system32\pcadm.dll
2017-03-21 12:23:24 ----A---- C:\Windows\system32\apisetschema.dll
2017-03-21 12:23:23 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-03-21 12:23:23 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2017-03-21 12:23:23 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2017-03-21 12:23:23 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-03-21 12:23:23 ----A---- C:\Windows\SYSWOW64\evr.dll
2017-03-21 12:23:23 ----A---- C:\Windows\system32\msaudite.dll
2017-03-21 12:23:23 ----A---- C:\Windows\system32\EncDump.dll
2017-03-21 12:23:23 ----A---- C:\Windows\system32\cryptsp.dll
2017-03-21 12:23:22 ----A---- C:\Windows\system32\pcasvc.dll
2017-03-21 12:23:22 ----A---- C:\Windows\system32\pcaevts.dll
2017-03-21 12:23:22 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-03-21 12:23:21 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-03-21 12:23:21 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-03-21 12:23:21 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-03-21 12:23:21 ----A---- C:\Windows\system32\sspisrv.dll
2017-03-21 12:23:21 ----A---- C:\Windows\system32\srclient.dll
2017-03-21 12:23:21 ----A---- C:\Windows\system32\quartz.dll
2017-03-21 12:23:20 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2017-03-21 12:23:20 ----A---- C:\Windows\system32\msobjs.dll
2017-03-21 12:23:20 ----A---- C:\Windows\system32\audiodg.exe
2017-03-21 12:23:19 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-03-21 12:23:19 ----A---- C:\Windows\system32\winload.exe
2017-03-21 12:23:19 ----A---- C:\Windows\system32\rstrui.exe
2017-03-21 12:23:19 ----A---- C:\Windows\system32\pcawrk.exe
2017-03-21 12:23:19 ----A---- C:\Windows\system32\pcalua.exe
2017-03-21 12:23:19 ----A---- C:\Windows\system32\auditpol.exe
2017-03-21 12:23:18 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-03-21 12:23:18 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-03-21 12:23:18 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2017-03-21 12:23:18 ----A---- C:\Windows\system32\wdigest.dll
2017-03-21 12:23:18 ----A---- C:\Windows\system32\TSpkg.dll
2017-03-21 12:23:18 ----A---- C:\Windows\system32\sspicli.dll
2017-03-21 12:23:18 ----A---- C:\Windows\system32\schannel.dll
2017-03-21 12:23:18 ----A---- C:\Windows\system32\secur32.dll
2017-03-21 12:23:18 ----A---- C:\Windows\system32\lsass.exe
2017-03-21 12:23:18 ----A---- C:\Windows\system32\drivers\appid.sys
2017-03-21 12:23:18 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-03-21 12:23:17 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2017-03-21 12:23:17 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-03-21 12:23:17 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2017-03-21 12:23:17 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-03-21 12:23:17 ----A---- C:\Windows\system32\cryptsvc.dll
2017-03-21 12:23:17 ----A---- C:\Windows\system32\ci.dll
2017-03-21 12:23:17 ----A---- C:\Windows\system32\AudioEng.dll
2017-03-21 12:23:17 ----A---- C:\Windows\system32\adtschema.dll
2017-03-21 12:23:16 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-03-21 12:23:16 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-03-21 12:23:16 ----A---- C:\Windows\system32\srcore.dll
2017-03-21 12:23:16 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-03-21 12:23:16 ----A---- C:\Windows\system32\msv1_0.dll
2017-03-21 12:23:16 ----A---- C:\Windows\system32\drmmgrtn.dll
2017-03-21 12:23:16 ----A---- C:\Windows\system32\credssp.dll
2017-03-21 12:23:16 ----A---- C:\Windows\system32\appidsvc.dll
2017-03-21 12:23:16 ----A---- C:\Windows\system32\appidapi.dll
2017-03-21 12:23:15 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-03-21 12:23:15 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-03-21 12:23:15 ----A---- C:\Windows\SYSWOW64\mferror.dll
2017-03-21 12:23:15 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2017-03-21 12:23:15 ----A---- C:\Windows\system32\rrinstaller.exe
2017-03-21 12:23:15 ----A---- C:\Windows\system32\msscp.dll
2017-03-21 12:23:15 ----A---- C:\Windows\system32\mfpmp.exe
2017-03-21 12:23:15 ----A---- C:\Windows\system32\mferror.dll
2017-03-21 12:23:15 ----A---- C:\Windows\system32\cryptui.dll
2017-03-21 12:23:15 ----A---- C:\Windows\system32\AUDIOKSE.dll
2017-03-21 12:23:14 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2017-03-21 12:23:14 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-03-21 12:23:14 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-03-21 12:23:14 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2017-03-21 12:23:14 ----A---- C:\Windows\system32\wintrust.dll
2017-03-21 12:23:14 ----A---- C:\Windows\system32\kerberos.dll
2017-03-21 12:23:14 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-03-21 12:23:14 ----A---- C:\Windows\system32\crypt32.dll
2017-03-21 12:23:13 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2017-03-21 12:23:13 ----A---- C:\Windows\SYSWOW64\msscp.dll
2017-03-21 12:23:13 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2017-03-21 12:23:13 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2017-03-21 12:23:13 ----A---- C:\Windows\SYSWOW64\mf.dll
2017-03-21 12:23:13 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2017-03-21 12:23:13 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2017-03-21 12:23:13 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2017-03-21 12:23:13 ----A---- C:\Windows\system32\mfplat.dll
2017-03-21 12:23:13 ----A---- C:\Windows\system32\lsasrv.dll
2017-03-21 12:23:13 ----A---- C:\Windows\system32\dxmasf.dll
2017-03-21 12:23:13 ----A---- C:\Windows\system32\csrsrv.dll
2017-03-21 12:23:12 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2017-03-21 12:23:12 ----A---- C:\Windows\system32\wmdrmsdk.dll
2017-03-21 12:23:12 ----A---- C:\Windows\system32\smss.exe
2017-03-21 12:23:12 ----A---- C:\Windows\system32\ncrypt.dll
2017-03-21 12:23:12 ----A---- C:\Windows\system32\drmv2clt.dll
2017-03-21 12:23:12 ----A---- C:\Windows\system32\drivers\cng.sys
2017-03-21 12:23:12 ----A---- C:\Windows\system32\blackbox.dll
2017-03-21 12:23:11 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2017-03-21 12:23:11 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-03-21 12:23:11 ----A---- C:\Windows\SYSWOW64\mfps.dll
2017-03-21 12:23:11 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2017-03-21 12:23:11 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2017-03-21 12:23:11 ----A---- C:\Windows\system32\mf.dll
2017-03-21 12:23:11 ----A---- C:\Windows\system32\audiosrv.dll
2017-03-21 12:23:11 ----A---- C:\Windows\system32\AudioSes.dll
2017-03-21 12:23:10 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2017-03-21 12:23:10 ----A---- C:\Windows\system32\wmploc.DLL
2017-03-21 12:23:10 ----A---- C:\Windows\system32\mfps.dll
2017-03-21 12:23:09 ----A---- C:\Windows\SYSWOW64\wmp.dll
2017-03-21 12:23:08 ----A---- C:\Windows\system32\wmp.dll
2017-03-21 12:23:07 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-03-21 12:23:07 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-03-21 12:23:07 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-03-21 12:23:07 ----A---- C:\Windows\system32\msmmsp.dll
2017-03-21 12:21:50 ----D---- C:\Program Files\Common Files\adaware
2017-03-20 22:24:49 ----D---- C:\Program Files (x86)\AVG
2017-03-09 17:58:17 ----D---- C:\Users\pavel a iva\AppData\Roaming\Opera Software
2017-03-09 17:57:54 ----D---- C:\Program Files\Opera
2017-03-07 21:50:40 ----D---- C:\Program Files (x86)\EA Games

======List of files/folders modified in the last 1 month======

2017-04-03 19:53:58 ----RD---- C:\Program Files
2017-04-03 19:53:48 ----AHD---- C:\ProgramData
2017-04-03 19:49:13 ----D---- C:\Windows\Temp
2017-04-03 19:29:07 ----D---- C:\Windows\system32\config
2017-04-03 19:22:54 ----D---- C:\Windows\System32
2017-04-03 19:22:54 ----D---- C:\Windows\inf
2017-04-03 19:22:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-03 19:18:33 ----D---- C:\Windows
2017-04-03 19:18:32 ----D---- C:\ProgramData\NVIDIA
2017-04-03 12:16:56 ----D---- C:\Windows\SoftwareDistribution
2017-03-29 20:22:35 ----D---- C:\Windows\system32\catroot2
2017-03-26 18:37:54 ----SHD---- C:\Windows\Installer
2017-03-26 18:36:42 ----D---- C:\Windows\system32\DriverStore
2017-03-26 18:36:42 ----D---- C:\Windows\system32\drivers
2017-03-26 18:35:09 ----SHD---- C:\System Volume Information
2017-03-21 12:32:59 ----D---- C:\ProgramData\Avg
2017-03-21 12:32:29 ----D---- C:\Windows\system32\Tasks
2017-03-21 12:30:12 ----D---- C:\Windows\Prefetch
2017-03-21 12:29:40 ----D---- C:\Windows\winsxs
2017-03-21 12:27:13 ----D---- C:\Windows\SYSWOW64\Dism
2017-03-21 12:27:13 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-03-21 12:27:13 ----D---- C:\Windows\SysWOW64
2017-03-21 12:27:13 ----D---- C:\Windows\system32\Dism
2017-03-21 12:27:13 ----D---- C:\Windows\system32\cs-CZ
2017-03-21 12:27:13 ----D---- C:\Program Files\Windows Media Player
2017-03-21 12:27:13 ----D---- C:\Program Files (x86)\Windows Media Player
2017-03-21 12:27:12 ----D---- C:\Windows\system32\en-US
2017-03-21 12:27:12 ----D---- C:\Windows\system32\CodeIntegrity
2017-03-21 12:27:12 ----D---- C:\Windows\system32\Boot
2017-03-21 12:25:18 ----D---- C:\Windows\system32\catroot
2017-03-21 12:21:50 ----D---- C:\Program Files\Common Files
2017-03-20 22:24:49 ----D---- C:\Program Files (x86)
2017-03-14 19:11:16 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-03-14 19:11:08 ----D---- C:\Windows\system32\Macromed
2017-03-14 19:11:05 ----D---- C:\Windows\SYSWOW64\Macromed
2017-03-09 09:36:07 ----D---- C:\Program Files (x86)\Acer
2017-03-09 09:17:31 ----A---- C:\Windows\win.ini
2017-03-07 21:54:18 ----D---- C:\Users\pavel a iva\AppData\Roaming\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-03-21 189768]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-02-25 334600]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-02-25 48528]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-02-25 74680]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-02-25 337080]
R0 nvstor64;nvstor64; C:\Windows\system32\drivers\nvstor64.sys [2009-08-04 241696]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-03-21 309272]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-02-25 32088]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-02-25 100640]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-02-25 991496]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-02-25 547904]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-13 22648]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-13 20520]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-13 62776]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-02-25 126088]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-02-25 162528]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2015-06-18 4496600]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2009-07-30 339744]
R3 RDPDISPM;RDPDISPM; C:\Windows\system32\DRIVERS\rdpdispm.sys [2010-08-31 10752]
S1 QMUdisk;tencent QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16443.223\QMUdisk64.sys []
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 aswHdsKe;aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [2017-01-31 82936]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-02-25 38296]
S3 avchv;avchv Function Driver; C:\Windows\system32\DRIVERS\avchv.sys []
S3 DxVGrb;DxVGrb; C:\Windows\system32\drivers\DxVGrb.sys []
S3 HidNt;FT33C2 Driver for Input Devices; C:\Windows\system32\DRIVERS\HIDNt.sys []
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys []
S3 Mac606;FT33C2 FILTER; C:\Windows\system32\DRIVERS\Mac606.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2009-09-21 127488]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 TSSKX64;TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [2015-09-24 38200]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-19 17920]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-19 27136]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-19 33792]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2016-07-15 151184]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-03-21 262736]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2009-08-11 626208]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-07-26 24888]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-03-04 584488]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-02 2804568]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-08-11 206880]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-12-29 884152]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-12-29 1260472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
R2 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-03-21 7147320]
R3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-19 154440]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14 271960]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-19 154440]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-09 1255736]
S4 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Márty84]

Zdravim

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.


Postupujte podle navodu kolegy

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Postupujte podle navodu kolegy

Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

• Kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[Kiara]

Provedla jsem. Vyplivlo to na mě toto:
# AdwCleaner v6.045 - Log vytvořen 04/04/2017 v 20:07:57
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-04-04.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : pavel a iva - DÁŠENKA
# Spuštěno z : C:\Users\pavel a iva\Downloads\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: QMUdisk
[-] Služba smazána: TSSKX64


***** [ Složky ] *****

[-] Složka smazána: C:\Users\pavel a iva\AppData\Roaming\Tencent
[-] Složka smazána: C:\Users\pavel a iva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Složka smazána: C:\Program Files\Common Files\Tencent
[-] Složka smazána: C:\Users\pavel a iva\AppData\Local\VirtualStore\Program Files (x86)\Tencent
[-] Složka smazána: C:\ProgramData\TweakBit
[-] Složka smazána: C:\ProgramData\TXQMPC
[-] Složka smazána: C:\ProgramData\Tencent
[-] Složka smazána: C:\ProgramData\BSD\DriverHive
[-] Složka smazána: C:\ProgramData\BSD
[#] Složka smazána po restartu: C:\ProgramData\BSD\DriverHiveEngine
[#] Složka smazána po restartu: C:\ProgramData\Application Data\TweakBit
[#] Složka smazána po restartu: C:\ProgramData\Application Data\TXQMPC
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Tencent
[#] Složka smazána po restartu: C:\ProgramData\Application Data\BSD\DriverHive
[#] Složka smazána po restartu: C:\ProgramData\Application Data\BSD
[#] Složka smazána po restartu: C:\ProgramData\Application Data\BSD\DriverHiveEngine
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Složka smazána: C:\Program Files (x86)\Tencent
[-] Složka smazána: C:\Program Files (x86)\Common Files\Tencent
[-] Složka smazána: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent


***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\pavel a iva\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
[-] Soubor smazán: C:\Windows\SysNative\drivers\TSSKX64.sys
[-] Soubor smazán: C:\Windows\SysNative\drivers\TFsFltX64.sys


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\tsskx64
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\qmudisk
[-] Klíč smazán: HKLM\SOFTWARE\Classes\metnsd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\qmgcfiles
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\metnsd
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\qmgcfiles
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{754DF2CE-51E8-4895-B53C-6381418B84AE}]
[-] Klíč smazán: HKU\.DEFAULT\Software\AskToolbar
[-] Klíč smazán: HKU\S-1-5-21-2254503229-660155158-3332669493-1000\Software\PRODUCTSETUP
[-] Klíč smazán: HKU\S-1-5-21-2254503229-660155158-3332669493-1000\Software\csastats
[-] Klíč smazán: HKU\S-1-5-21-2254503229-660155158-3332669493-1000\Software\BSD
[-] Klíč smazán: HKU\S-1-5-21-2254503229-660155158-3332669493-1000\Software\WiperSoft
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2254503229-660155158-3332669493-1000\Software\AskToolbar
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\AskToolbar
[#] Klíč smazán po restartu: HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: HKCU\Software\csastats
[#] Klíč smazán po restartu: HKCU\Software\BSD
[#] Klíč smazán po restartu: HKCU\Software\WiperSoft
[-] Klíč smazán: HKLM\SOFTWARE\TWEAKBIT
[-] Klíč smazán: HKLM\SOFTWARE\Auslogics
[-] Klíč smazán: HKLM\SOFTWARE\BSD
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2254503229-660155158-3332669493-1000\Software\AskToolbar
[#] Klíč smazán po restartu: [x64] HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: [x64] HKCU\Software\csastats
[#] Klíč smazán po restartu: [x64] HKCU\Software\BSD
[#] Klíč smazán po restartu: [x64] HKCU\Software\WiperSoft
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tab]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tab]
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Klíč smazán: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npandroidassistant
[-] Klíč smazán: HKEY_CLASSES_ROOT\.qmgc


***** [ Prohlížeče ] *****

[-] [C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: ooebklgpfnbcnpokahmdidgbmlcdepkm


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6287 Bajty] - [04/04/2017 20:07:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [6185 Bajty] - [04/04/2017 20:07:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6433 Bajty] ##########

[Kiara]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by pavel a iva (Administrator) on st 05.04.2017 at 7:38:14,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 27

Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UKOS9UF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\333NNWU5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MQ35RB3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNFEBOAG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J01OSD5G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MYPRVSNS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TX3GMUZI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9DEK9EL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UKOS9UF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\333NNWU5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MQ35RB3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNFEBOAG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J01OSD5G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MYPRVSNS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TX3GMUZI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9DEK9EL (Temporary Internet Files Folder)



Registry: 5

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 05.04.2017 at 7:43:00,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Márty84]

Vyborne, jen tak dal

[Kiara]

Zoek na mě vyplivl toto:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by pavel a iva (Administrator) on st 05.04.2017 at 7:38:14,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 27

Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UKOS9UF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\333NNWU5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MQ35RB3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNFEBOAG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J01OSD5G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MYPRVSNS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TX3GMUZI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pavel a iva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9DEK9EL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UKOS9UF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\333NNWU5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MQ35RB3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNFEBOAG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J01OSD5G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MYPRVSNS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TX3GMUZI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9DEK9EL (Temporary Internet Files Folder)



Registry: 5

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 05.04.2017 at 7:43:00,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Kiara]

Oprava, zoek to nebyl, ten vyhodil, že se jeden soubor chová podezřele, tak jsem dala Vyčistit OK a ten vyplivnul toto:

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by pavel a iva on Łt 04.04.2017 at 20:14:02,58.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\pavel a iva\Downloads\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== System Restore Info ======================

4.4.2017 20:15:31 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\Users\pavel a iva\AppData\Roaming\Opera Software deleted successfully
C:\Users\pavel a iva\AppData\Roaming\spidla deleted successfully
C:\Users\pavel a iva\AppData\Roaming\TP deleted successfully
C:\Users\pavel a iva\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\pavel a iva\AppData\Roaming\WinRAR deleted successfully
C:\Users\pavel a iva\AppData\Local\Opera Software deleted successfully
C:\Users\pavel a iva\AppData\Local\Windows Live Writer deleted successfully
a toto
oek.exe v5.0.0.1 Updated 27-09-2015
Tool run by pavel a iva on st 05.04.2017 at 11:22:34,08.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\pavel a iva\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-04-04-182426.log 1118 bytes
C:\zoek-results2017-04-04-191504.log 394 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2254503229-660155158-3332669493-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B5D5DBD-C857-4377-A755-06E50B4AC2B0} deleted successfully
HKEY_USERS\S-1-5-21-2254503229-660155158-3332669493-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{639B74F1-0594-432C-97C8-68C8C17A1E1D} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Špidla Data Processing, s.r.o not found
C:\Users\pavel a iva\AppData\Roaming\Seznam Browser deleted
C:\Users\pavel a iva\AppData\Roaming\Seznam Browser-d7b7e5c8-8f07-4988-927e-d5810481058f deleted
C:\found.000 deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\pavel a iva\AppData\Local\Software deleted
C:\Users\pavel a iva\AppData\Local\CrashRpt deleted
"C:\Users\pavel a iva\AppData\Local\AVAST Software\APM\pavel a iva\WEVUnO2Saz5N2ByU\kv_pam.db" not deleted
"C:\Users\pavel a iva\AppData\Local\AVAST Software\APM\pavel a iva\WEVUnO2Saz5N2ByU\kv_pamcore.db" not deleted
"C:\Users\pavel a iva\AppData\Local\AVAST Software\APM\pavel a iva\WEVUnO2Saz5N2ByU\kv_pampub.db" not deleted
"C:\Users\pavel a iva\AppData\Local\AVAST Software\APM\pavel a iva\WEVUnO2Saz5N2ByU\pam.db" not deleted
"C:\Users\pavel a iva\AppData\Local\AVAST Software" not deleted
"C:\Users\pavel a iva\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\pavel a iva\AppData\Local\AVAST Software\APM\pavel a iva" not deleted
"C:\Users\pavel a iva\AppData\Local\AVAST Software\APM\pavel a iva\WEVUnO2Saz5N2ByU" not deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]
lhmiofmipcpmhgihiecmpiekcacigpgb - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

Google Slides - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Adobe Acrobat - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
Block site - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh
passwords - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik
Whitelisted domains - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Avast Online Security - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Pinterest Save Button - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
Doručené – Seznam Email - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddenopjeegfphcihhhlingcmdlbfkdb
Chrome Web Store Payments - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddenopjeegfphcihhhlingcmdlbfkdb deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eiimnmioipafcokbfikbljfdeojpcgbh_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_emhginjpijfggbofeediiojmdlmlkoik_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_1.im.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_1.im.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_connexity.net_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_connexity.net_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cz.pinterest.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cz.pinterest.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_delivery.performax.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_delivery.performax.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_email.seznam.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_email.seznam.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_feedback.aliexpress.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_feedback.aliexpress.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_forum.viry.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_forum.viry.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_go.eu.bbelements.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_go.eu.bbelements.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_helppage.aliexpress.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_helppage.aliexpress.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_login.aliexpress.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_login.aliexpress.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_login.szn.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_login.szn.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_message.aliexpress.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_message.aliexpress.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_na.ads.yahoo.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_na.ads.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_online.mbank.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_online.mbank.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_passport.aliexpress.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_passport.aliexpress.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pletiva-site.heureka.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pletiva-site.heureka.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_s.salecycle.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_s.salecycle.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_trade.aliexpress.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_trade.aliexpress.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ut.performax.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ut.performax.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.aliexpress.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.aliexpress.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.build.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.build.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.novinky.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.novinky.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.seznam.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.seznam.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.super.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.super.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.viry.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.viry.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.vodafone.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.vodafone.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.youtube.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.youtube.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_yottlyscript.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_yottlyscript.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_diskuse.dama.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_diskuse.dama.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dogsbreeds.biz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dogsbreeds.biz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_foto.dama.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_foto.dama.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gethotel.biz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gethotel.biz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hrajemesijinak.blogspot.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hrajemesijinak.blogspot.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nemoci.vitalion.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nemoci.vitalion.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_tpc.googlesyndication.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_tpc.googlesyndication.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ut.performax.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ut.performax.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_uxrates.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_uxrates.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bydlet.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bydlet.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.dama.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.dama.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.knittingparadise.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.knittingparadise.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mimibazar.sk_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mimibazar.sk_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.produkce.idnes.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.produkce.idnes.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.skolaci.com_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.skolaci.com_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.theidearoom.net_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.theidearoom.net_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.tyden.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.tyden.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.vykupto.cz_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.vykupto.cz_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Seznam.cz\User Data\Default\Local Storage\chrome-extension_ckjpageadhfekbilpnlbcjgbflimllbk_0.localstorage deleted successfully
C:\Users\pavel a iva\AppData\Local\Seznam.cz\User Data\Default\Local Storage\chrome-extension_ckjpageadhfekbilpnlbcjgbflimllbk_0.localstorage-journal deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\databases\https_go.eu.bbelements.com_0 deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\databases\http_diskuse.dama.cz_0 deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\databases\http_foto.dama.cz_0 deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\databases\http_nemoci.vitalion.cz_0 deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.dama.cz_0 deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.skolaci.com_0 deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.tyden.cz_0 deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gighmmpiobklfepjocnamgkkbiglidom deleted successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpdjojdkbbmdfjfahjcgigfpmkopogic deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\pavel a iva\AppData\Local\Seznam.cz\User Data\Default\Preferences was reset successfully
C:\Users\pavel a iva\AppData\Local\Seznam.cz\User Data\Default\Secure Preferences was reset successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\pavel a iva\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\pavel a iva\AppData\Local\Seznam.cz\User Data\Default\Web Data was reset successfully
C:\Users\pavel a iva\AppData\Local\Seznam.cz\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lhmiofmipcpmhgihiecmpiekcacigpgb deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotkey Utility deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent deleted successfully

==== Empty IE Cache ======================

Ale hambatý stránky mi skáčou pořád

[Márty84]

Vsak jeste nekoncime. MBAM jeste bezi?

[Kiara]

Mbam doběhl, vyhodil toto:

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 05.04.17
Čas skenování: 20:32
Logovací soubor: mbam.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.96
Aktualizovat verzi balíku komponent: 1.0.1667
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: D\u00c3\u0081\u00c5\u00a0ENKA\pavel a iva

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 403320
Uplynulý čas: 7 min, 47 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 2
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Žádná uživatelská akce, [133], [-1],0.0.0
Adware.Norassie, HKU\S-1-5-21-2254503229-660155158-3332669493-1000\SOFTWARE\Norassie, Žádná uživatelská akce, [3467], [361347],1.0.1667

Hodnota v registru: 6
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES|, Žádná uživatelská akce, [133], [353049],1.0.1667
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2254503229-660155158-3332669493-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Žádná uživatelská akce, [133], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Žádná uživatelská akce, [133], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2254503229-660155158-3332669493-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Žádná uživatelská akce, [133], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Žádná uživatelská akce, [133], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2254503229-660155158-3332669493-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Žádná uživatelská akce, [133], [353051],1.0.1667

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 5
PUP.Optional.AshampooRegistryCleaner, C:\PROGRAMDATA\ASHAMPOO\ICO_ASHAMPOO_MARKETPLACE.ICO, Žádná uživatelská akce, [2977], [355157],1.0.1667
PUP.Optional.WiperSoft, C:\USERS\PAVEL A IVA\DOWNLOADS\WIPERSOFT-INSTALLER (1).EXE, Žádná uživatelská akce, [2227], [340923],1.0.1667
PUP.Optional.BundleInstaller, C:\USERS\PAVEL A IVA\DOWNLOADS\ANDY_46.14_28.EXE, Žádná uživatelská akce, [38], [349902],1.0.1667
PUP.Optional.WiperSoft, C:\USERS\PAVEL A IVA\DOWNLOADS\WIPERSOFT-INSTALLER (2).EXE, Žádná uživatelská akce, [2227], [340923],1.0.1667
PUP.Optional.WiperSoft, C:\USERS\PAVEL A IVA\DOWNLOADS\WIPERSOFT-INSTALLER.EXE, Žádná uživatelská akce, [2227], [340923],1.0.1667

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Márty84]

Vsechny nalezy MBAM nechte odstranit. Po odstraneni a restartu pc test s MBAM zopakujte (ale tentokrat opravdu se spravnym nastavenim - tohle byl jen Sken hrozeb, ten nekontroluje cely pocitac, ja chtel Vlastni sken), at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

[Kiara]

Okamžitě se běžím polepšit. Už to frčí a skenuje i rootkity.

[Kiara]

Mbam po skenu i s rootkity vyhodil čtyři hlášky:

PRVNÍ
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum události ochrany: 06.04.17
Čas události ochrany: 8:44
Logovací soubor:
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.96
Aktualizovat verzi balíku komponent: 1.0.1668
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: System

-Podrobnosti o zablokovaném malware-
Soubor: 1
PUP.Optional.WiperSoft, C:\USERS\PAVEL A IVA\DOWNLOADS\WIPERSOFT-INSTALLER.EXE, V karanténě, [2196], [340923],1.0.1668


(end)

DRUHÁ
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum události ochrany: 06.04.17
Čas události ochrany: 8:44
Logovací soubor:
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.96
Aktualizovat verzi balíku komponent: 1.0.1668
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: System

-Podrobnosti o zablokovaném malware-
Soubor: 1
PUP.Optional.WiperSoft, C:\USERS\PAVEL A IVA\DOWNLOADS\WIPERSOFT-INSTALLER.EXE, V karanténě, [2196], [340923],1.0.1668


(end)

TŘETÍ
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum události ochrany: 06.04.17
Čas události ochrany: 8:44
Logovací soubor:
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.96
Aktualizovat verzi balíku komponent: 1.0.1668
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: System

-Podrobnosti o zablokovaném malware-
Soubor: 1
PUP.Optional.WiperSoft, C:\USERS\PAVEL A IVA\DOWNLOADS\WIPERSOFT-INSTALLER (1).EXE, V karanténě, [2196], [340923],1.0.1668


(end)

ČTVRTÁ
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum události ochrany: 06.04.17
Čas události ochrany: 8:44
Logovací soubor:
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.96
Aktualizovat verzi balíku komponent: 1.0.1668
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: System

-Podrobnosti o zablokovaném malware-
Soubor: 1
PUP.Optional.WiperSoft, C:\USERS\PAVEL A IVA\DOWNLOADS\WIPERSOFT-INSTALLER (2).EXE, V karanténě, [2196], [340923],1.0.1668


(end)

[Kiara]

Zpráva po dalším skenu:
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 06.04.17
Čas skenování: 10:02
Logovací soubor:
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.96
Aktualizovat verzi balíku komponent: 1.0.1671
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: D\u00c3\u0081\u00c5\u00a0ENKA\pavel a iva

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 87847
Uplynulý čas: 0 min, 42 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Zakázáno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 2
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, V karanténě, [116], [-1],0.0.0
Adware.Norassie, HKU\S-1-5-21-2254503229-660155158-3332669493-1000\SOFTWARE\Norassie, V karanténě, [3208], [361347],1.0.1671

Hodnota v registru: 6
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2254503229-660155158-3332669493-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, V karanténě, [116], [353051],1.0.1671
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2254503229-660155158-3332669493-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, V karanténě, [116], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Odstranění se nezdařilo, [116], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2254503229-660155158-3332669493-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, V karanténě, [116], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Odstranění se nezdařilo, [116], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES|, V karanténě, [116], [353049],1.0.1671

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Márty84]

Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 87847
Uplynulý čas: 0 min, 42 sek

To fakt trvalo jen necelou minutu?

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach
(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

[Kiara]

MBAM potřetí A hambatý holky taky

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 06.04.17
Čas skenování: 11:44
Logovací soubor:
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.96
Aktualizovat verzi balíku komponent: 1.0.1671
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: D\u00c3\u0081\u00c5\u00a0ENKA\pavel a iva

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 244476
Uplynulý čas: 1 hod, 10 min, 56 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 3
PUP.Optional.DriveTheLife, C:\ADWCLEANER\QUARANTINE\FILES\RBLUWGJYAEUKEMTXYNYNFAXKSXXTOUYP\QQPCMGR\PLUGINS\PLUGINSSETUPBAK\QMDTLSDKSETUP20141114.EXE, Žádná uživatelská akce, [2710], [382891],1.0.1671
PUP.Optional.ASK, C:\OEM\PRELOAD\AUTORUN\APP\NERO 10 ESSENTIALS ACER EDITION\ISSETUPPREREQUISITES\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\TOOLBAR.EXE, Žádná uživatelská akce, [540], [383618],1.0.1671
PUP.Optional.AshampooRegistryCleaner, C:\PROGRAMDATA\ASHAMPOO\ICO_ASHAMPOO_MARKETPLACE.ICO, Žádná uživatelská akce, [2704], [355157],1.0.1671

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)