VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Odstranění nežadoucího programu plus stranky v prohlížeči

https://forum.viry.cz:443/viewtopic.php?t=152957

Stránka 1 z 2

Odstranění nežadoucího programu plus stranky v prohlížeči

Napsal: 02 říj 2017 10:11
od Jenda939
Zdravím, chtěl bych poprosit o pomoc s odstraněním programu Launch System Healer, který se samovolně naistaloval a nedaří se mi ho odstranit, podle internetu jde o vir. Dále pak se při zapnutí prohlížeče firefox stále otevírá infikovaná stránka traffic-media.co. Děkuji za pomoc.

přidávám log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-10-2017
Ran by DOMA (administrator) on DOMA-PC (02-10-2017 10:40:46)
Running from C:\Users\DOMA\Desktop
Loaded Profiles: DOMA (Available Profiles: DOMA)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(arimaohpi) C:\Program Files (x86)\HPPanda\HPPandaSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\SystemHealer\HealerConsole.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(BCCSoft Corporation) C:\ProgramData\WinSxC.exe
(riytaywyep) C:\Program Files (x86)\HPPanda\PandaStarter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DTAgent.exe
(Microsoft ShellHost) C:\ProgramData\System32\Logs\ShellExperienceHost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
() C:\Users\DOMA\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\DOMA\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe
(Microsoft Windows Search Filter Host) C:\ProgramData\WindowsTask\MicrosoftShellHost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
() C:\Users\DOMA\AppData\Roaming\fak.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\DOMA\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [170496 2009-02-06] (ArcSoft Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [PandaStarter] => C:\Program Files (x86)\HPPanda\PandaStarter.exe [4593448 2017-09-26] (riytaywyep)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [5021888 2016-12-12] (Disc Soft Ltd)
HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\DOMA\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\DOMA\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\...\Run: [SteamUp] => "C:\Program Files (x86)\Activision\Modern Warfare 2\Cracked Steam\steam.exe" -clientapp steamup.dll -silent
HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [2772992 2008-07-22] (Electronic Arts)
HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\...\Run: [ShellExperienceHost] => C:\ProgramData\System32\Logs\ShellExperienceHost.exe [1495552 2016-08-29] (Microsoft ShellHost)
HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\...\Run: [THIS IS WIIIGET!] => C:\Program Files (x86)\Miped\QWiget\THIS IS WIIIGET!.exe [818552 2017-07-20] (Ashampoo)
HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\...\MountPoints2: {18f4bec2-3df5-11e7-b907-001e8c336939} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\...\MountPoints2: {453878ca-5565-11e7-9037-001e8c336939} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\...\MountPoints2: {c072aea0-a0f8-11e7-83ae-001e8c336939} - H:\Autorun.exe
HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\...\MountPoints2: {dffb7ba1-87c6-11e7-9812-001e8c336939} - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2017-05-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2017-06-04]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk [2017-05-15]
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oneisc.vbs [2017-09-27] ()
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{078BCCF2-37CE-44B8-B668-4F2490B241FC}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: e2i0b8xa.default
FF ProfilePath: C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default [2017-10-02]
FF user.js: detected! => C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default\user.js [2017-06-29]
FF Extension: (Tables) - C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default\Extensions\378507@extcorp.net.xpi [2017-09-12]
FF Extension: (Cookie Importer) - C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default\Extensions\cookieimporter@krk.xpi [2017-06-07]
FF Extension: (Quick Searcher) - C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2017-09-26]
FF Extension: (Seznam lištička) - C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-09-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-24] (Adobe Systems Inc.)

Chrome:
=======
CHR NewTab: Default -> Not-active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
CHR Profile: C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default [2017-10-02]
CHR Extension: (Prezentace Google) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-13]
CHR Extension: (Dokumenty Google) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-13]
CHR Extension: (Disk Google) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-13]
CHR Extension: (Seznam Lištička - Email) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-09-14]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-09-14]
CHR Extension: (YouTube) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-13]
CHR Extension: (Tabulky Google) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-13]
CHR Extension: (EditThisCookie) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-06-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-09-14]
CHR Extension: (Quick Searcher) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-09-26]
CHR Extension: (Gmail) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-13]
CHR Extension: (Chrome Media Router) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-30]
CHR HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmojkbhnkkphngknkmgccmlenfaelkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [4854464 2016-12-12] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
R2 HPPanda Service; C:\Program Files (x86)\HPPanda\HPPandaSrv.exe [7782288 2017-09-26] (arimaohpi) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-09-25] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinSxC; C:\ProgramData\WinSxC.exe [1555456 2017-09-26] (BCCSoft Corporation) [File not signed] <==== ATTENTION
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-25] (Atheros Communications, Inc.)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2017-08-23] (Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2017-08-23] (Disc Soft Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
R3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [117152 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-02 10:40 - 2017-10-02 10:41 - 000018465 _____ C:\Users\DOMA\Desktop\FRST.txt
2017-10-02 10:39 - 2017-10-02 10:40 - 000000000 ____D C:\FRST
2017-10-02 10:38 - 2017-10-02 10:39 - 000112640 _____ (forum.viry.cz) C:\Users\DOMA\Desktop\FRSTLauncher.exe
2017-10-02 10:36 - 2017-10-02 10:38 - 000112640 _____ (forum.viry.cz) C:\Users\DOMA\Downloads\FRSTLauncher.exe
2017-10-02 10:34 - 2017-10-02 10:35 - 002399744 _____ (Farbar) C:\Users\DOMA\Desktop\FRST64.exe
2017-09-29 10:05 - 2017-09-29 10:05 - 000432640 _____ C:\Users\DOMA\AppData\Roaming\fak.exe
2017-09-28 00:00 - 2017-09-28 00:00 - 000000270 __RSH C:\Users\DOMA\ntuser.pol
2017-09-27 20:31 - 2017-10-02 08:28 - 000000270 _____ C:\Windows\Tasks\System HealerStartUp.job
2017-09-27 20:31 - 2017-09-28 09:04 - 000000270 _____ C:\Windows\Tasks\System HealerPeriod.job
2017-09-27 20:31 - 2017-09-27 20:31 - 000002844 _____ C:\Windows\System32\Tasks\System HealerPeriod
2017-09-27 20:31 - 2017-09-27 20:31 - 000002542 _____ C:\Windows\System32\Tasks\System HealerStartUp
2017-09-27 20:28 - 2017-09-27 23:59 - 000002698 __RSH C:\ProgramData\ntuser.pol
2017-09-27 20:27 - 2017-09-27 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-09-27 20:26 - 2017-09-27 20:31 - 000000000 ____D C:\Users\DOMA\AppData\Roaming\System Healer
2017-09-27 20:26 - 2017-09-27 20:31 - 000000000 ____D C:\Program Files (x86)\SystemHealer
2017-09-27 20:26 - 2017-09-27 20:26 - 000024094 _____ C:\Windows\System32\Tasks\{0D7A7D47-7D0B-0F7F-0F11-08087F7E117E}
2017-09-27 20:26 - 2017-09-27 20:26 - 000003592 _____ C:\Windows\System32\Tasks\SystemHealer Task
2017-09-27 20:26 - 2017-09-27 20:26 - 000003310 _____ C:\Windows\System32\Tasks\SystemHealer Monitor
2017-09-27 20:26 - 2017-09-27 20:26 - 000003300 _____ C:\Windows\System32\Tasks\SystemHealer Run Delay
2017-09-27 20:26 - 2017-09-27 20:26 - 000001067 _____ C:\Users\DOMA\Desktop\Launch System Healer.lnk
2017-09-27 20:26 - 2017-09-27 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2017-09-27 20:26 - 2017-09-27 20:26 - 000000000 ____D C:\ProgramData\58745dd2-75b7-1
2017-09-27 20:26 - 2017-09-27 20:26 - 000000000 ____D C:\ProgramData\58745dd2-1431-0
2017-09-27 20:26 - 2017-09-27 20:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-09-27 20:25 - 2017-10-02 08:28 - 000000000 ____D C:\Users\DOMA\AppData\Roaming\Oneisc
2017-09-27 20:18 - 2017-09-27 20:18 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-09-27 20:18 - 2017-09-27 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-09-27 20:18 - 2017-09-27 20:18 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2017-09-27 20:13 - 2017-09-28 09:42 - 000000000 ____D C:\Users\DOMA\AppData\Local\GameSpy
2017-09-27 20:13 - 2017-09-28 09:41 - 000000000 ____D C:\Users\DOMA\AppData\Local\ApplicationHistory
2017-09-27 20:13 - 2017-09-27 20:14 - 000000000 ____D C:\Users\DOMA\AppData\Local\InternetInfoLocation
2017-09-27 20:13 - 2017-09-27 20:13 - 000000092 _____ C:\Users\DOMA\AppData\Local\fusioncache.dat
2017-09-26 21:53 - 2017-09-26 21:53 - 004756196 _____ C:\Users\DOMA\Downloads\Need For Speed Hot Pursuit 2010 Crack.rar
2017-09-26 21:47 - 2017-10-02 08:32 - 000000040 _____ C:\ProgramData\uyt.3gif
2017-09-26 21:43 - 2017-09-26 21:43 - 000000000 ____D C:\Users\DOMA\AppData\Roaming\BrowserModule
2017-09-26 21:42 - 2017-09-26 22:53 - 000000000 ____D C:\Users\DOMA\AppData\Roaming\Mp3tagApp2
2017-09-26 21:41 - 2017-09-27 20:13 - 000000000 ____D C:\Users\DOMA\AppData\Roaming\ErrorReporting
2017-09-26 21:41 - 2017-09-26 21:42 - 000000000 ____D C:\ProgramData\stream
2017-09-26 21:41 - 2017-09-26 21:41 - 001555456 _____ (BCCSoft Corporation) C:\ProgramData\WinSxC.exe
2017-09-26 21:41 - 2017-09-26 21:41 - 000000000 ____D C:\Users\DOMA\AppData\Roaming\1337
2017-09-26 21:41 - 2017-09-26 21:41 - 000000000 ____D C:\ProgramData\WindowsTask
2017-09-26 21:41 - 2017-09-26 21:41 - 000000000 ____D C:\ProgramData\System32
2017-09-26 21:41 - 2017-09-26 21:41 - 000000000 ____D C:\Program Files (x86)\Miped
2017-09-26 21:40 - 2017-09-26 21:41 - 000000000 ____D C:\Users\DOMA\AppData\Local\PCBooster
2017-09-26 21:40 - 2017-09-26 21:40 - 000002042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-09-26 21:40 - 2017-09-26 21:40 - 000002036 _____ C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2017-09-26 21:40 - 2017-09-26 21:40 - 000002030 _____ C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2017-09-26 21:40 - 2017-09-26 21:40 - 000002004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2017-09-26 21:40 - 2017-09-26 21:40 - 000001992 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2017-09-26 21:40 - 2017-09-26 21:40 - 000000000 ____D C:\Program Files (x86)\HPPanda
2017-09-26 21:39 - 2017-09-26 21:40 - 000627928 _____ C:\Users\DOMA\Downloads\nfs14_crack_rar_4_53_mbps.rar
2017-09-26 21:28 - 2017-09-26 21:28 - 007145966 _____ C:\Users\DOMA\Downloads\NFS14_x86-crack.rar
2017-09-26 21:27 - 2017-09-26 21:28 - 009749364 _____ C:\Users\DOMA\Downloads\nfs14_crack.rar
2017-09-26 20:52 - 2017-09-26 20:52 - 000000000 ____D C:\Users\DOMA\Documents\Criterion Games
2017-09-26 20:52 - 2017-09-26 20:52 - 000000000 ____D C:\ProgramData\EA Core
2017-09-26 20:37 - 2017-09-26 20:37 - 000000000 ____D C:\ProgramData\Solidshield
2017-09-26 08:35 - 2017-09-26 08:35 - 000000000 __HDC C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2017-09-26 08:31 - 2017-09-26 20:52 - 000000000 ____D C:\ProgramData\Electronic Arts
2017-09-26 08:31 - 2017-09-26 08:31 - 000002091 _____ C:\Users\Public\Desktop\EA Download Manager.lnk
2017-09-26 08:31 - 2017-09-26 08:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2017-09-26 08:29 - 2017-09-26 08:29 - 000000792 _____ C:\Windows\SysWOW64\ealregsnapshot1.reg
2017-09-26 08:29 - 2017-09-26 08:29 - 000000000 ____D C:\Users\DOMA\AppData\Local\Downloaded Installations
2017-09-25 12:56 - 2017-09-25 12:56 - 000178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2017-09-25 12:56 - 2017-09-25 12:56 - 000000000 __RHD C:\Users\DOMA\AppData\Roaming\SecuROM
2017-09-25 11:09 - 2017-09-25 11:09 - 000000000 ____D C:\Program Files (x86)\GameSpy
2017-09-25 11:08 - 2017-09-25 11:08 - 000669184 _____ C:\Windows\SysWOW64\pbsvc.exe
2017-09-25 11:08 - 2017-09-25 11:08 - 000103736 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-09-25 11:08 - 2017-09-25 11:08 - 000066872 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2017-09-25 11:08 - 2017-09-25 11:08 - 000000000 ____D C:\Windows\SysWOW64\URTTEMP
2017-09-25 11:04 - 2017-09-26 20:43 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2017-09-24 20:18 - 2017-09-24 21:51 - 1680799510 _____ C:\Users\DOMA\Downloads\Baby-driver--2017--cz-tit..avi
2017-09-24 15:04 - 2017-09-24 16:50 - 1866050099 _____ C:\Users\DOMA\Downloads\tmu.mkv
2017-09-24 00:08 - 2017-09-24 00:08 - 000003330 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-23 21:42 - 2017-09-23 21:42 - 000003286 _____ C:\Windows\System32\Tasks\{34BEAA1F-4805-4A04-8428-84424C5A96A0}
2017-09-23 21:31 - 2017-09-23 21:31 - 000003306 _____ C:\Windows\System32\Tasks\{9363E3FB-CA22-4C58-98FD-DB79D6AF3D31}
2017-09-23 21:29 - 2017-09-28 09:44 - 000000000 ____D C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cracked Steam
2017-09-23 15:11 - 2017-09-23 15:11 - 000150010 _____ C:\Users\DOMA\Downloads\rpttab5020001.pdf
2017-09-23 14:13 - 2017-09-28 09:19 - 000000375 _____ C:\Users\DOMA\AppData\Roaming\SE-history.cfg
2017-09-23 14:13 - 2017-09-23 14:13 - 000000431 _____ C:\Users\DOMA\AppData\Roaming\color.cfg
2017-09-23 14:12 - 2017-09-23 14:12 - 000001206 _____ C:\Users\Public\Desktop\Free XML Editor.lnk
2017-09-23 14:12 - 2017-09-23 14:12 - 000000000 ____D C:\Program Files (x86)\Free XML Editor
2017-09-23 14:11 - 2017-09-23 14:11 - 001965664 _____ (Free XML Editor) C:\Users\DOMA\Downloads\xmleditor_setup.exe
2017-09-23 12:49 - 2017-09-26 21:31 - 000000000 ____D C:\Users\DOMA\AppData\Local\CrashDumps
2017-09-23 12:34 - 2017-09-23 12:34 - 000000000 ____D C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer
2017-09-23 12:34 - 2017-09-23 12:34 - 000000000 ____D C:\Program Files (x86)\MindFusion Limited
2017-09-23 12:32 - 2017-09-23 12:32 - 000000000 ____D C:\Users\DOMA\Downloads\XMLViewer
2017-09-23 12:21 - 2017-09-23 12:21 - 001761127 _____ C:\Users\DOMA\Downloads\XMLViewer.zip
2017-09-23 12:08 - 2014-07-20 15:26 - 000004153 _____ C:\Users\DOMA\Desktop\xmlUdajeVysvetleni.txt
2017-09-22 15:20 - 2017-09-22 15:20 - 000000000 ____D C:\Users\DOMA\AppData\Local\GIANTSPackageRegistry
2017-09-22 15:20 - 2017-09-22 15:20 - 000000000 ____D C:\Users\DOMA\AppData\Local\GIANTS Editor 64bit 6.0.5
2017-09-22 15:14 - 2017-09-22 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIANTS Software
2017-09-22 15:14 - 2017-09-22 15:14 - 000000000 ____D C:\Program Files\GIANTS Software
2017-09-22 15:13 - 2017-09-22 15:13 - 000000000 ____D C:\Users\DOMA\Downloads\GIANTS_EDITOR_6.0.5
2017-09-22 12:15 - 2017-09-22 12:16 - 011685149 _____ C:\Users\DOMA\Downloads\GIANTS_EDITOR_6.0.5.rar
2017-09-22 11:53 - 2017-09-22 11:53 - 000000000 ____D C:\Users\DOMA\AppData\Roaming\NVIDIA
2017-09-22 11:48 - 2017-02-02 14:50 - 000089416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2017-09-22 11:47 - 2017-09-22 11:47 - 000000000 ____D C:\Users\DOMA\Downloads\vcruntime140
2017-09-22 11:46 - 2017-09-22 11:46 - 000049780 _____ C:\Users\DOMA\Downloads\vcruntime140.zip
2017-09-22 11:09 - 2017-09-22 11:09 - 014572000 _____ (Microsoft Corporation) C:\Users\DOMA\Downloads\vc_redist.x64(2).exe
2017-09-22 11:00 - 2017-09-22 11:00 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-22 10:59 - 2017-09-22 10:59 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-22 10:59 - 2017-09-22 10:59 - 000000000 ____D C:\Program Files\CCleaner
2017-09-22 10:55 - 2017-09-22 10:55 - 000000000 ____D C:\Users\DOMA\Downloads\125
2017-09-21 20:51 - 2017-09-23 23:47 - 000000000 ____D C:\Users\DOMA\AppData\Local\ESET
2017-09-21 20:51 - 2017-09-21 20:51 - 006753408 _____ (ESET spol. s r.o.) C:\Users\DOMA\Downloads\esetonlinescanner_csy.exe
2017-09-21 20:45 - 2017-09-21 20:46 - 022129726 _____ C:\Users\DOMA\Downloads\125.rar
2017-09-21 17:30 - 2017-09-21 17:36 - 000000000 ____D C:\Users\DOMA\AppData\Local\NVIDIA Corporation
2017-09-21 17:29 - 2017-09-21 17:31 - 000000000 ____D C:\Users\DOMA\AppData\Local\NVIDIA
2017-09-21 17:29 - 2016-11-14 14:30 - 001767712 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-09-21 17:29 - 2016-11-14 14:30 - 001756560 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-09-21 17:29 - 2016-11-14 14:30 - 001377752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-09-21 17:29 - 2016-11-14 14:30 - 001316136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-09-21 17:29 - 2016-11-14 14:30 - 000112168 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-09-21 17:28 - 2017-09-21 17:28 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-09-21 17:25 - 2016-11-14 11:45 - 000615992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-09-21 17:24 - 2016-11-14 11:09 - 007513855 _____ C:\Windows\system32\nvcoproc.bin
2017-09-21 17:23 - 2016-11-14 14:30 - 000082488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-09-21 17:23 - 2016-11-14 14:30 - 000067520 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-09-21 17:21 - 2017-09-25 10:41 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-21 17:13 - 2016-11-14 14:30 - 031523384 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 024208440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 023000000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 016128720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 015301056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 013915720 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 013826968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 012905016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-09-21 17:13 - 2016-11-14 14:30 - 011270656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 011208312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 004253240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 003995192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 001908272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434201.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 001557552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434201.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 000951232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 000913856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 000909760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 000876480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 000114744 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 000104512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-09-21 17:13 - 2016-11-14 14:30 - 000056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-09-21 17:13 - 2016-11-14 14:30 - 000026157 _____ C:\Windows\system32\nvinfo.pb
2017-09-21 17:06 - 2017-09-21 17:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-09-21 16:50 - 2017-09-21 17:03 - 306673592 _____ (NVIDIA Corporation) C:\Users\DOMA\Downloads\342.01-desktop-win8-win7-winvista-64bit-international.exe
2017-09-21 16:31 - 2017-09-21 18:50 - 1694099032 _____ C:\Users\DOMA\Downloads\Ja Padouch 3 [CZ dabing, 2017].avi
2017-09-20 19:28 - 2017-09-20 22:14 - 2728269000 _____ C:\Users\DOMA\Downloads\pohlaba1.mkv
2017-09-16 15:53 - 2017-09-16 15:53 - 000518612 _____ C:\Users\DOMA\Downloads\UP153_05_Navrh_zmeny_UP_vzor.pdf
2017-09-16 15:51 - 2017-09-16 15:51 - 000302958 _____ C:\Users\DOMA\Downloads\UP152_05_Navrh_zmeny_UP_tisk.pdf
2017-09-14 19:04 - 2017-09-14 19:04 - 000000000 ____D C:\Program Files (x86)\Seznam.cz
2017-09-14 19:03 - 2017-10-02 08:32 - 000000000 ____D C:\Users\DOMA\AppData\Roaming\Seznam.cz
2017-09-14 19:03 - 2017-09-17 21:07 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-09-14 19:03 - 2017-09-14 19:03 - 000000000 ____D C:\Users\DOMA\AppData\LocalLow\Adobe
2017-09-14 19:02 - 2017-09-17 21:07 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-09-14 19:02 - 2017-09-14 19:04 - 000000000 ____D C:\ProgramData\Adobe
2017-09-14 19:02 - 2017-09-14 19:02 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-09-14 19:02 - 2017-09-14 19:02 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-09-14 19:01 - 2017-09-14 19:01 - 058136984 _____ C:\Users\DOMA\Downloads\AcroRdrDC1500720033_cs_CZ.exe
2017-09-14 19:00 - 2017-09-14 19:00 - 000469119 _____ C:\Users\DOMA\Downloads\Severní Kypr - základní informace 1.pdf
2017-09-14 19:00 - 2017-09-14 19:00 - 000036297 _____ C:\Users\DOMA\Downloads\Travel_documents_Booking_15349.pdf
2017-09-13 18:23 - 2017-08-19 17:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-13 18:23 - 2017-08-19 17:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-13 18:23 - 2017-08-16 17:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-09-13 18:23 - 2017-08-16 17:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-09-13 18:23 - 2017-08-16 16:57 - 003224576 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-13 18:23 - 2017-08-16 03:10 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-13 18:23 - 2017-08-16 02:25 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-13 18:23 - 2017-08-15 17:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-13 18:23 - 2017-08-15 17:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-09-13 18:23 - 2017-08-15 17:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-13 18:23 - 2017-08-15 17:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-13 18:23 - 2017-08-15 16:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-13 18:23 - 2017-08-15 16:01 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-09-13 18:23 - 2017-08-15 16:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-13 18:23 - 2017-08-15 16:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-13 18:23 - 2017-08-15 15:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-13 18:23 - 2017-08-14 19:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-09-13 18:23 - 2017-08-14 19:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2017-09-13 18:23 - 2017-08-14 19:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2017-09-13 18:23 - 2017-08-14 19:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2017-09-13 18:23 - 2017-08-14 19:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2017-09-13 18:23 - 2017-08-14 19:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2017-09-13 18:23 - 2017-08-14 19:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2017-09-13 18:23 - 2017-08-14 19:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2017-09-13 18:23 - 2017-08-13 23:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2017-09-13 18:23 - 2017-08-13 23:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2017-09-13 18:23 - 2017-08-13 20:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-13 18:23 - 2017-08-13 19:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-09-13 18:23 - 2017-08-13 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-09-13 18:23 - 2017-08-13 19:06 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-09-13 18:23 - 2017-08-13 19:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-13 18:23 - 2017-08-13 19:05 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-09-13 18:23 - 2017-08-13 19:05 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-09-13 18:23 - 2017-08-13 19:05 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-09-13 18:23 - 2017-08-13 19:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-13 18:23 - 2017-08-13 18:56 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-09-13 18:23 - 2017-08-13 18:55 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-09-13 18:23 - 2017-08-13 18:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-13 18:23 - 2017-08-13 18:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-09-13 18:23 - 2017-08-13 18:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-13 18:23 - 2017-08-13 18:51 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-09-13 18:23 - 2017-08-13 18:51 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-09-13 18:23 - 2017-08-13 18:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-13 18:23 - 2017-08-13 18:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-09-13 18:23 - 2017-08-13 18:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-09-13 18:23 - 2017-08-13 18:41 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-09-13 18:23 - 2017-08-13 18:38 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-09-13 18:23 - 2017-08-13 18:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-09-13 18:23 - 2017-08-13 18:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-13 18:23 - 2017-08-13 18:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-09-13 18:23 - 2017-08-13 18:29 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-09-13 18:23 - 2017-08-13 18:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-09-13 18:23 - 2017-08-13 18:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-09-13 18:23 - 2017-08-13 18:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-13 18:23 - 2017-08-13 18:27 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-09-13 18:23 - 2017-08-13 18:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-13 18:23 - 2017-08-13 18:24 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-09-13 18:23 - 2017-08-13 18:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-13 18:23 - 2017-08-13 18:22 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-09-13 18:23 - 2017-08-13 18:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-09-13 18:23 - 2017-08-13 18:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-13 18:23 - 2017-08-13 18:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-09-13 18:23 - 2017-08-13 18:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-09-13 18:23 - 2017-08-13 18:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-13 18:23 - 2017-08-13 18:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-09-13 18:23 - 2017-08-13 18:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-09-13 18:23 - 2017-08-13 18:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-13 18:23 - 2017-08-13 18:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-13 18:23 - 2017-08-13 18:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-13 18:23 - 2017-08-13 18:02 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-09-13 18:23 - 2017-08-13 18:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-13 18:23 - 2017-08-13 18:01 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-09-13 18:23 - 2017-08-13 18:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-09-13 18:23 - 2017-08-13 18:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-09-13 18:23 - 2017-08-13 17:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-09-13 18:23 - 2017-08-13 17:53 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-09-13 18:23 - 2017-08-13 17:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-13 18:23 - 2017-08-13 17:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-13 18:23 - 2017-08-13 17:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-13 18:23 - 2017-08-13 17:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-13 18:23 - 2017-08-13 17:43 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-09-13 18:23 - 2017-08-13 17:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-13 18:23 - 2017-08-13 17:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-13 18:23 - 2017-08-13 17:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-13 18:23 - 2017-08-13 17:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-13 18:23 - 2017-08-13 17:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-13 18:23 - 2017-08-13 17:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-13 18:23 - 2017-08-11 08:42 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-09-13 18:23 - 2017-08-11 08:38 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-13 18:23 - 2017-08-11 08:38 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-09-13 18:23 - 2017-08-11 08:38 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-09-13 18:23 - 2017-08-11 08:38 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-09-13 18:23 - 2017-08-11 08:36 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-09-13 18:23 - 2017-08-11 08:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-13 18:23 - 2017-08-11 08:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-13 18:23 - 2017-08-11 08:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-13 18:23 - 2017-08-11 08:20 - 000071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-09-13 18:23 - 2017-08-11 08:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-09-13 18:23 - 2017-08-11 08:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-09-13 18:23 - 2017-08-11 08:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 08:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-09-13 18:23 - 2017-08-11 08:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-09-13 18:23 - 2017-08-11 08:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-13 18:23 - 2017-08-11 08:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-09-13 18:23 - 2017-08-11 08:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-13 18:23 - 2017-08-11 08:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-09-13 18:23 - 2017-08-11 08:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-13 18:23 - 2017-08-11 08:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-09-13 18:23 - 2017-08-11 08:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-09-13 18:23 - 2017-08-11 08:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-09-13 18:23 - 2017-08-11 08:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-13 18:23 - 2017-08-11 08:00 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-09-13 18:23 - 2017-08-11 08:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-09-13 18:23 - 2017-08-11 07:59 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-09-13 18:23 - 2017-08-11 07:59 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-09-13 18:23 - 2017-08-11 07:59 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-13 18:23 - 2017-08-11 07:59 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-13 18:23 - 2017-08-11 07:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-13 18:23 - 2017-08-11 07:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-13 18:23 - 2017-08-11 07:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-09-13 18:23 - 2017-08-11 07:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-13 18:23 - 2017-08-11 07:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-09-13 18:23 - 2017-08-11 07:56 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-09-13 18:23 - 2017-08-11 07:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-09-13 18:23 - 2017-08-11 07:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-09-13 18:23 - 2017-08-11 07:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-09-13 18:23 - 2017-08-11 07:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 07:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 07:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 18:23 - 2017-08-11 07:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-13 18:23 - 2017-07-07 17:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-09-13 18:23 - 2017-07-07 17:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-02 08:43 - 2009-07-14 06:45 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-02 08:43 - 2009-07-14 06:45 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-02 08:27 - 2017-05-15 10:08 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-02 08:27 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-29 08:57 - 2017-05-21 09:21 - 000000000 ____D C:\Users\DOMA\Desktop\Rychleby 20.05.17
2017-09-28 09:43 - 2017-05-13 00:55 - 000063832 _____ C:\Users\DOMA\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-28 09:43 - 2009-07-14 06:45 - 000286832 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-28 00:00 - 2017-05-13 00:32 - 000000000 ____D C:\Users\DOMA
2017-09-27 20:37 - 2017-05-13 20:37 - 000000000 ____D C:\Users\DOMA\AppData\LocalLow\Mozilla
2017-09-27 20:33 - 2017-06-12 18:06 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-27 20:28 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\GroupPolicy
2017-09-27 20:18 - 2017-06-12 18:25 - 000000000 ____D C:\Program Files\McAfee Security Scan
2017-09-27 20:13 - 2017-05-13 00:32 - 000000000 ____D C:\Users\DOMA\AppData\Local\VirtualStore
2017-09-26 20:48 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-26 10:06 - 2017-08-25 08:51 - 000000000 ____D C:\Users\DOMA\Documents\My Games
2017-09-26 08:31 - 2017-05-15 08:16 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-25 11:09 - 2017-05-15 20:34 - 000006422 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-25 11:09 - 2009-07-14 17:18 - 001418982 _____ C:\Windows\system32\perfh005.dat
2017-09-25 11:09 - 2009-07-14 17:18 - 000396980 _____ C:\Windows\system32\perfc005.dat
2017-09-25 11:09 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Registration
2017-09-25 11:09 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-09-24 22:08 - 2017-05-21 22:09 - 000000000 ____D C:\Users\DOMA\AppData\Roaming\MPC-HC
2017-09-23 20:11 - 2009-07-14 07:13 - 000006224 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-22 11:54 - 2017-05-13 01:23 - 000000000 ____D C:\Windows\Panther
2017-09-21 17:29 - 2017-05-15 10:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-09-21 17:29 - 2017-05-15 10:08 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-09-14 20:01 - 2017-05-16 09:30 - 000000000 ____D C:\Users\DOMA\AppData\Roaming\Adobe
2017-09-14 19:04 - 2017-06-12 17:54 - 000000000 ____D C:\Users\DOMA\AppData\Local\Adobe
2017-09-14 04:02 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2017-09-14 03:07 - 2017-08-23 09:40 - 000000000 ____D C:\Windows\system32\MRT
2017-09-14 03:05 - 2017-08-23 09:40 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-13 18:01 - 2017-06-12 17:55 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-13 18:01 - 2017-06-12 17:55 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-13 18:01 - 2017-06-12 17:55 - 000004408 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-13 18:01 - 2017-06-12 17:55 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-13 18:01 - 2017-05-15 08:18 - 000000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2017-09-23 14:13 - 2017-09-23 14:13 - 000000431 _____ () C:\Users\DOMA\AppData\Roaming\color.cfg
2017-09-29 10:05 - 2017-09-29 10:05 - 000432640 _____ () C:\Users\DOMA\AppData\Roaming\fak.exe
2017-09-23 14:13 - 2017-09-28 09:19 - 000000375 _____ () C:\Users\DOMA\AppData\Roaming\SE-history.cfg
2017-09-27 20:13 - 2017-09-27 20:13 - 000000092 _____ () C:\Users\DOMA\AppData\Local\fusioncache.dat
2017-05-15 10:13 - 2017-05-15 10:36 - 000000367 _____ () C:\ProgramData\hpzinstall.log
2017-08-25 08:32 - 2017-08-25 08:32 - 000000016 _____ () C:\ProgramData\mntemp
2017-09-26 21:47 - 2017-10-02 08:32 - 000000040 _____ () C:\ProgramData\uyt.3gif
2017-09-26 21:41 - 2017-09-26 21:41 - 001555456 _____ (BCCSoft Corporation) C:\ProgramData\WinSxC.exe

Files to move or delete:
====================
C:\ProgramData\WinSxC.exe


Some files in TEMP:
====================
2017-09-26 21:41 - 2017-09-26 21:42 - 000637661 _____ (65HzDE2qMxn8XHkwSyWe ) C:\Users\DOMA\AppData\Local\Temp\browmodule.exe
2017-09-26 21:41 - 2017-09-26 21:41 - 000097280 _____ () C:\Users\DOMA\AppData\Local\Temp\DriverEasySetup.exe
2017-09-25 12:56 - 2017-09-25 12:56 - 000065536 _____ (Sony DADC Austria AG) C:\Users\DOMA\AppData\Local\Temp\drm_dialogs.dll
2017-09-25 12:56 - 2017-09-25 12:56 - 000208896 _____ (Sony DADC Austria AG) C:\Users\DOMA\AppData\Local\Temp\drm_dyndata_7340014.dll
2017-09-27 20:13 - 2017-09-27 20:15 - 030228480 _____ (Electronic Arts, Inc.) C:\Users\DOMA\AppData\Local\Temp\EAD13AE.exe
2017-09-28 09:05 - 2017-09-28 09:05 - 002156544 _____ (Electronic Arts, Inc.) C:\Users\DOMA\AppData\Local\Temp\EAD511B.exe
2017-10-02 08:27 - 2017-10-02 08:28 - 041123840 _____ (Electronic Arts, Inc.) C:\Users\DOMA\AppData\Local\Temp\EAD8F15.exe
2017-10-01 09:50 - 2017-10-01 09:51 - 047796216 _____ (Electronic Arts, Inc.) C:\Users\DOMA\AppData\Local\Temp\EADA2A4.exe
2017-09-28 09:17 - 2017-09-28 09:18 - 039581696 _____ (Electronic Arts, Inc.) C:\Users\DOMA\AppData\Local\Temp\EADB598.exe
2017-09-28 09:40 - 2017-09-28 09:40 - 004939776 _____ (Electronic Arts, Inc.) C:\Users\DOMA\AppData\Local\Temp\EADBFF4.exe
2017-09-28 09:44 - 2017-09-28 09:44 - 000616448 _____ (Electronic Arts, Inc.) C:\Users\DOMA\AppData\Local\Temp\EADD577.exe
2017-09-29 08:41 - 2017-09-29 08:41 - 004245504 _____ (Electronic Arts, Inc.) C:\Users\DOMA\AppData\Local\Temp\EADD76A.exe
2017-09-27 20:30 - 2017-09-27 20:31 - 047796216 _____ (Electronic Arts, Inc.) C:\Users\DOMA\AppData\Local\Temp\EADE6F4.exe
2017-09-26 21:41 - 2017-09-26 21:41 - 001884646 _____ ( ) C:\Users\DOMA\AppData\Local\Temp\enjoyWIFI.exe
2017-09-26 21:42 - 2017-09-26 21:42 - 004077118 _____ () C:\Users\DOMA\AppData\Local\Temp\installer_campaign_20521.exe
2017-09-26 21:40 - 2017-09-26 21:40 - 002541293 _____ () C:\Users\DOMA\AppData\Local\Temp\installer_campaign_20522.exe
2017-09-26 21:40 - 2017-09-26 21:40 - 000173568 _____ () C:\Users\DOMA\AppData\Local\Temp\load.exe
2017-09-26 21:41 - 2017-09-26 21:41 - 001555456 _____ (BCCSoft Corporation) C:\Users\DOMA\AppData\Local\Temp\msclean.exe
2017-09-26 21:40 - 2017-09-26 21:41 - 007989026 _____ () C:\Users\DOMA\AppData\Local\Temp\setupWQ.exe
2017-09-26 22:52 - 2017-09-26 21:41 - 000104129 _____ () C:\Users\DOMA\AppData\Local\Temp\Uninstall.exe
2017-09-26 21:41 - 2017-09-26 21:41 - 000772056 _____ (VideoBox ) C:\Users\DOMA\AppData\Local\Temp\vbd.exe
2017-09-27 20:24 - 2017-09-27 20:24 - 000008704 _____ () C:\Users\DOMA\AppData\Local\Temp\win100.exe
2017-09-27 20:27 - 2017-09-27 20:27 - 002278552 _____ () C:\Users\DOMA\AppData\Local\Temp\win103.exe
2017-09-27 20:26 - 2017-09-27 20:26 - 005169088 _____ (Optimal Software s.r.o. ) C:\Users\DOMA\AppData\Local\Temp\win3.exe
2017-09-27 20:25 - 2017-09-27 20:25 - 004154168 _____ (SystemHealer ) C:\Users\DOMA\AppData\Local\Temp\win8.exe
2017-09-26 21:42 - 2017-09-26 21:42 - 002529751 _____ () C:\Users\DOMA\AppData\Local\Temp\ytab_m_1_big.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-20 15:14

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:97.56 GB) (Free:12.3 GB) NTFS
Drive d: (Data) (Fixed) (Total:368.1 GB) (Free:92.23 GB) NTFS

Available physical RAM: 2582.59 MB
Total physical RAM: 4095.12 MB
Percentage of memory in use: 36%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 24C224C1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\Windows\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\DOMA\Desktop" je 283 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 02 říj 2017 15:27
od Rudy
Zdravím!
Jak je na tom váš oper. systém s legalitou?

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 03 říj 2017 09:36
od Jenda939
Zdravím, operační systém mám koupený.

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 03 říj 2017 16:49
od Rudy
OK. Udělejte tento sken:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
a klikněte na >Prohledat<. Dejte oba logy.

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 04 říj 2017 08:22
od Jenda939
OTL.zip
(27.09 KiB) Staženo 82 x
Zdravím, přídávám log z OTL. Díky za pomoc.

Extras.Txt:

OTL Extras logfile created on: 4.10.2017 8:36:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DOMA\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18792)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 49,48% Memory free
8,00 Gb Paging File | 5,61 Gb Available in Paging File | 70,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 12,08 Gb Free Space | 12,38% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 92,23 Gb Free Space | 25,06% Space Free | Partition Type: NTFS

Computer Name: DOMA-PC | User Name: DOMA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1924470004-3593775857-3483786101-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc64.enqueue] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc64.play] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" "%1" (MPC-HC Team)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc64.enqueue] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc64.play] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" "%1" (MPC-HC Team)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E4FBFAE-C15F-47B2-94C2-777B06B14B9D}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{4A50CDF8-615B-4CAE-BC63-17D4879F1A34}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{4B9EE97D-7F3F-46B6-B75B-1C3FE67B768B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{67A4A983-C56C-43D4-A3A0-1788CF03BEF2}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{6AF6EABB-9D0E-4091-AEE4-D7B1B2540844}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{85E646B4-22C8-4BFD-855F-7B57380F3C43}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{B3B794C3-403B-4C13-ADFC-49E2DF74E6C5}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{C0490CA0-88BA-47C7-84F8-95061DBAD6C9}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{EF725680-A5D0-41D9-BFFF-F0EFE69205B8}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20E1256A-5095-45D3-B746-EE125D583C68}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{28401C36-F1F6-4F3E-AB01-FADD57DDF8C0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{38DB87F3-7090-4BBF-AC05-9B08D4153AA9}" = dir=in | app=e:\setup\hpznui40.exe |
"{4508E3D4-7F43-4187-9F68-5461FF89FF82}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{49255CB1-EA86-42BE-A0D9-219CB3ABB46E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5F152D3A-C3FD-413A-8C9B-94B0DADC160D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{63E0F3C5-F593-4B5B-BBB0-DCD7F2530227}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7C7D1B86-59AB-4AC9-AD61-67FC307281DE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{835189DA-CB32-4D0F-8935-968442EFDDD7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8E9BBD34-BA74-404B-9CB1-1B2E2AF7CF87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{92983C09-0AF2-4796-A00C-9235CDC36D93}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{AD5EAEFD-DE77-4159-BBAA-958A6A22C075}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{CA373A77-DDC6-4FDD-B9CA-717EB04BE928}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{D2BC2400-E3EF-4BEA-A089-EBFADE28C480}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{D5AD6600-F238-4A99-B89B-4AA0CD65C88C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{DE5A8745-FC89-4EFE-A8E7-BD0FE3435FE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{E65560ED-966E-4DAC-928A-844303819ADF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"TCP Query User{27CAD244-B3F1-4074-BDFE-0F394331AB0B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{790C0379-5CEC-449D-923C-9C1F3F5D5039}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"TCP Query User{8162B992-D29C-4321-8C5D-2555DB070435}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |
"TCP Query User{AB0FDEEE-DB10-4118-9D90-C0F69ACF0DA7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{116FCC4B-DDFA-4912-ABCD-881F8B95F14A}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{15851E5E-A5B9-4848-8AA9-DE17563E6EB3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2D9BEDC2-03E0-4F2F-9335-04F441F77759}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{C42DB177-5677-4615-8684-0BC0A372CB2D}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23026
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{44FC9E77-F65B-3ED1-B6A5-30C9BA6B2592}" = Microsoft .NET Framework 4.7 (CSY)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.7 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.7
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 342.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 342.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 342.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.11.4.125
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 340.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 2.11.4.125
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.11.4.125
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.41
"{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23026
"{BCF0C1F7-671C-3922-A7EA-8AC11F4FC0EB}" = Microsoft .NET Framework 4.7
"CCleaner" = CCleaner
"DAEMON Tools Ultra" = DAEMON Tools Ultra
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 55.0.3 (x64 cs)" = Mozilla Firefox 55.0.3 (x64 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RmFybWluZ1NpbXVsYXRvcjE1_is1" = Farming Simulator 15 Gold Edition
"Total Uninstall 6_is1" = Total Uninstall 6.20.0
"WinRAR archiver" = WinRAR 5.40 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000405-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{07AC973E-5CB3-339C-83A0-D42B3367464E}" = Microsoft Visual Basic PowerPacks 1.1
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{213E2CCF-8265-444F-A6CA-40BD946A8D4A}" = NOT ONLY TV
"{24C4BB38-F45D-4247-90B9-7E6CAA877FF3}" = TotalMedia Setup
"{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-0804-1033-1959-001824237067}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1029-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Czech
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{e46eca4f-393b-40df-9f49-076faf788d83}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
"{E8D1BA24-D0D8-4E53-9D54-22D46A5F1825}" = Free XML Editor
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F58E04CD-6E76-43C8-AAF1-482225C2910E}" = Xml Viewer
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Adobe Flash Player NPAPI" = Adobe Flash Player 27 NPAPI
"BSPlayerf" = BS.Player FREE
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"giants_editor_6.0.5_win64_is1" = GIANTS Editor 6.0.5 64-bit
"Google Chrome" = Google Chrome
"HPPanda" = HPPanda
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 12.5.5 Full
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"SystemHealer_is1" = System Healer
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"ZonerCallisto5_CZ_is1" = Zoner Callisto 5 FREE

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1924470004-3593775857-3483786101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Seznam Browser" = Prohlížeč Seznam.cz
"SeznamInstall" = Seznam Software

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26.9.2017 15:30:19 | Computer Name = DOMA-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: NFS14_x86.exe, verze: 1.1.0.0, časové razítko:
0x52810f10 Název chybujícího modulu: NFS14_x86.exe, verze: 1.1.0.0, časové razítko:
0x52810f10 Kód výjimky: 0xc0000005 Posun chyby: 0x00128c1f ID chybujícího procesu:
0x350 Čas spuštění chybující aplikace: 0x01d336fde23c7cd2 Cesta k chybující aplikaci:
C:\Program Files (x86)\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS14_x86.exe
Cesta
k chybujícímu modulu: C:\Program Files (x86)\Electronic Arts\Need for Speed(TM)
Hot Pursuit\NFS14_x86.exe ID zprávy: 2144daa5-a2f1-11e7-b5f8-001e8c336939

Error - 26.9.2017 15:31:00 | Computer Name = DOMA-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: NFS14_x86.exe, verze: 1.1.0.0, časové razítko:
0x52810f10 Název chybujícího modulu: NFS14_x86.exe, verze: 1.1.0.0, časové razítko:
0x52810f10 Kód výjimky: 0xc0000005 Posun chyby: 0x00128c1f ID chybujícího procesu:
0x11ac Čas spuštění chybující aplikace: 0x01d336fdfb6ee2d1 Cesta k chybující aplikaci:
C:\Program Files (x86)\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS14_x86.exe
Cesta
k chybujícímu modulu: C:\Program Files (x86)\Electronic Arts\Need for Speed(TM)
Hot Pursuit\NFS14_x86.exe ID zprávy: 3961ae31-a2f1-11e7-b5f8-001e8c336939

Error - 28.9.2017 3:06:53 | Computer Name = DOMA-PC | Source = VSS | ID = 8194
Description =

Error - 28.9.2017 3:08:33 | Computer Name = DOMA-PC | Source = Application Hang | ID = 1002
Description = Program sllauncher.exe verze 5.1.30514.0 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: 11e4 Čas spuštění: 01d338285ca84102 Čas ukončení: 4 Cesta k aplikaci: C:\Program
Files (x86)\Microsoft Silverlight\sllauncher.exe ID hlášení: bd3e981b-a41b-11e7-b992-001e8c336939


Error - 28.9.2017 3:22:10 | Computer Name = DOMA-PC | Source = VSS | ID = 8194
Description =

Error - 29.9.2017 3:06:10 | Computer Name = DOMA-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 29.9.2017 3:47:35 | Computer Name = DOMA-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: NvStreamUserAgent.exe, verze: 7.1.2117.8928,
časové razítko: 0x57e24380 Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23889,
časové razítko: 0x598d5074 Kód výjimky: 0xc0000005 Posun chyby: 0x000000000004da56
ID
chybujícího procesu: 0x920 Čas spuštění chybující aplikace: 0x01d338f72f019b3a Cesta
k chybující aplikaci: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Cesta
k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll ID zprávy: 748b91de-a4ea-11e7-8401-001e8c336939

Error - 30.9.2017 13:53:07 | Computer Name = DOMA-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1.10.2017 10:42:20 | Computer Name = DOMA-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3.10.2017 2:53:07 | Computer Name = DOMA-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 27.9.2017 14:29:47 | Computer Name = DOMA-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (20:27:49, ?27.?9.?2017) bylo neočekávané.

Error - 27.9.2017 14:29:34 | Computer Name = DOMA-PC | Source = volmgr | ID = 262193
Description = Konfigurace stránkovacího souboru pro výpis stavu systému se nezdařila.
Přesvědčte se, zda na spouštěcím oddílu disku je stránkovací soubor a zda je na
něm dostatek místa pro uložení obsahu celé fyzické paměti.

Error - 27.9.2017 14:30:22 | Computer Name = DOMA-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby WinSxC bylo dosaženo časového limitu
(60000 ms).

Error - 27.9.2017 14:30:22 | Computer Name = DOMA-PC | Source = Service Control Manager | ID = 7000
Description = Služba WinSxC neuspěla při spuštění v důsledku následující chyby:
%%1053

Error - 28.9.2017 3:50:23 | Computer Name = DOMA-PC | Source = Service Control Manager | ID = 7022
Description = Služba Windows Update přestala během spouštění reagovat.

Error - 28.9.2017 7:57:50 | Computer Name = DOMA-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error - 28.9.2017 9:19:43 | Computer Name = DOMA-PC | Source = DCOM | ID = 10010
Description =

Error - 29.9.2017 7:20:36 | Computer Name = DOMA-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error - 30.9.2017 11:22:08 | Computer Name = DOMA-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error - 1.10.2017 10:10:18 | Computer Name = DOMA-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.


< End of report >

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 04 říj 2017 18:28
od Rudy
Spusťte znovu OTL jako správce a do bílého okna zkopírujte:
:OTL
PRC - [2017.10.03 20:50:13 | 001,167,360 | ---- | M] () -- C:\ProgramData\{81A3FB2F-3608-4C84-08D3-404C7B1447BB}\D926A03D-6E8D-1796-C340-07582CAF471F.exe
MOD - [2017.10.03 20:50:13 | 001,167,360 | ---- | M] () -- C:\ProgramData\{81A3FB2F-3608-4C84-08D3-404C7B1447BB}\D926A03D-6E8D-1796-C340-07582CAF471F.exe
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1924470004-3593775857-3483786101-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{18f4bec2-3df5-11e7-b907-001e8c336939}\Shell - "" = AutoRun
O33 - MountPoints2\{18f4bec2-3df5-11e7-b907-001e8c336939}\Shell\AutoRun\command - "" = G:\HiSuiteDownLoader.exe
O33 - MountPoints2\{453878ca-5565-11e7-9037-001e8c336939}\Shell - "" = AutoRun
O33 - MountPoints2\{453878ca-5565-11e7-9037-001e8c336939}\Shell\AutoRun\command - "" = G:\HiSuiteDownLoader.exe
O33 - MountPoints2\{c072aea0-a0f8-11e7-83ae-001e8c336939}\Shell - "" = AutoRun
O33 - MountPoints2\{c072aea0-a0f8-11e7-83ae-001e8c336939}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{dffb7ba1-87c6-11e7-9812-001e8c336939}\Shell - "" = AutoRun
O33 - MountPoints2\{dffb7ba1-87c6-11e7-9812-001e8c336939}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe
C:\ProgramData\58745dd2-78f1-0
C:\ProgramData\54041617-7825-0
C:\ProgramData\54041617-69e7-0
C:\ProgramData\54041617-23e7-1
C:\ProgramData\46ff6f41
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

:files
C:\ProgramData\{81A3FB2F-3608-4C84-08D3-404C7B1447BB}\D926A03D-6E8D-1796-C340-07582CAF471F.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 05 říj 2017 10:37
od Jenda939
Zdravím, zde přidávám nový log po opravě.

All processes killed
========== OTL ==========
Process D926A03D-6E8D-1796-C340-07582CAF471F.exe killed successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1924470004-3593775857-3483786101-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001\ not found.
File Protocol\Handler\ipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18f4bec2-3df5-11e7-b907-001e8c336939}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18f4bec2-3df5-11e7-b907-001e8c336939}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18f4bec2-3df5-11e7-b907-001e8c336939}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18f4bec2-3df5-11e7-b907-001e8c336939}\ not found.
File G:\HiSuiteDownLoader.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{453878ca-5565-11e7-9037-001e8c336939}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{453878ca-5565-11e7-9037-001e8c336939}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{453878ca-5565-11e7-9037-001e8c336939}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{453878ca-5565-11e7-9037-001e8c336939}\ not found.
File G:\HiSuiteDownLoader.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c072aea0-a0f8-11e7-83ae-001e8c336939}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c072aea0-a0f8-11e7-83ae-001e8c336939}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c072aea0-a0f8-11e7-83ae-001e8c336939}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c072aea0-a0f8-11e7-83ae-001e8c336939}\ not found.
File H:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dffb7ba1-87c6-11e7-9812-001e8c336939}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dffb7ba1-87c6-11e7-9812-001e8c336939}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dffb7ba1-87c6-11e7-9812-001e8c336939}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dffb7ba1-87c6-11e7-9812-001e8c336939}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\setup.exe not found.
========== FILES ==========
C:\ProgramData\{81A3FB2F-3608-4C84-08D3-404C7B1447BB}\D926A03D-6E8D-1796-C340-07582CAF471F.exe moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DOMA
->Temp folder emptied: 343296004 bytes
->Temporary Internet Files folder emptied: 1374921 bytes
->FireFox cache emptied: 384600591 bytes
->Google Chrome cache emptied: 109864126 bytes
->Flash cache emptied: 780 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47285435 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 262 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 845,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: DOMA
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10052017_111729

Files\Folders moved on Reboot...
C:\Users\DOMA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\b9928bf7aa10148369087e55f224ad6b_fce8394c8fd8a83d_15f74c7777689be5_0_0.bin moved successfully.
C:\Users\DOMA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\b9928bf7aa10148369087e55f224ad6b_fce8394c8fd8a83d_15f74c7777689be5_0_0.toc moved successfully.
C:\Users\DOMA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\b9928bf7aa10148369087e55f224ad6b_fce8394c8fd8a83d_15f74c7777689be5_1_0.bin moved successfully.
C:\Users\DOMA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\b9928bf7aa10148369087e55f224ad6b_fce8394c8fd8a83d_15f74c7777689be5_1_0.toc moved successfully.
C:\Users\DOMA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\b9928bf7aa10148369087e55f224ad6b_fce8394c8fd8a83d_15f74c7777689be5_1_1.bin moved successfully.
C:\Users\DOMA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\b9928bf7aa10148369087e55f224ad6b_fce8394c8fd8a83d_15f74c7777689be5_2_0.bin moved successfully.
C:\Users\DOMA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\b9928bf7aa10148369087e55f224ad6b_fce8394c8fd8a83d_15f74c7777689be5_2_0.toc moved successfully.
C:\Users\DOMA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\b9928bf7aa10148369087e55f224ad6b_fce8394c8fd8a83d_15f74c7777689be5_2_1.toc moved successfully.
File move failed. C:\Users\DOMA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\b9928bf7aa10148369087e55f224ad6b_fce8394c8fd8a83d_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\DOMA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\b9928bf7aa10148369087e55f224ad6b_fce8394c8fd8a83d_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\DOMA\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\DOMA\AppData\Local\Temp\~DF9A9738E8E76D5F33.TMP moved successfully.
File move failed. C:\Users\DOMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\Users\DOMA\AppData\Local\Mozilla\Firefox\Profiles\e2i0b8xa.default\startupCache\scriptCache-child-current.bin moved successfully.
C:\Users\DOMA\AppData\Local\Mozilla\Firefox\Profiles\e2i0b8xa.default\startupCache\scriptCache-current.bin moved successfully.
C:\Users\DOMA\AppData\Local\Mozilla\Firefox\Profiles\e2i0b8xa.default\startupCache\startupCache.8.little moved successfully.
C:\Users\DOMA\AppData\Local\Mozilla\Firefox\Profiles\e2i0b8xa.default\cache2\entries\622EC75D59E2CDCC52104F521A80A9499FC0A4F3 moved successfully.
C:\Users\DOMA\AppData\Local\Mozilla\Firefox\Profiles\e2i0b8xa.default\cache2\entries\6E2AE8F2F1B53BDAA0410B9F496381197C824AB6 moved successfully.
C:\Users\DOMA\AppData\Local\Mozilla\Firefox\Profiles\e2i0b8xa.default\cache2\entries\DFF95EE4460642C4543938BE3B51098FCF76E58E moved successfully.
C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 05 říj 2017 17:17
od Rudy
Smazáno. Nastala nějaká změna?

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 06 říj 2017 08:54
od Jenda939
Zdravím, bohužel žádná změna.

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 06 říj 2017 16:23
od Rudy
Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 08 říj 2017 10:16
od Jenda939
Zdravím, přidávám log ze Zoek a z JRT. Díky za pomoc.


Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by DOMA on so 07.10.2017 at 10:31:16,46.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\DOMA\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

7.10.2017 10:34:00 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\McAfee deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Program Files\Common Files\McAfee deleted successfully
C:\PROGRA~3\58745dd2-1431-0 deleted successfully
C:\PROGRA~3\58745dd2-2e03-0 deleted successfully
C:\PROGRA~3\58745dd2-2f91-0 deleted successfully
C:\PROGRA~3\58745dd2-3b45-0 deleted successfully
C:\PROGRA~3\58745dd2-48f3-0 deleted successfully
C:\PROGRA~3\58745dd2-7153-0 deleted successfully
C:\PROGRA~3\58745dd2-75b7-1 deleted successfully
C:\PROGRA~3\58745dd2-78f1-0 deleted successfully
C:\PROGRA~3\Solidshield deleted successfully
C:\PROGRA~3\stream deleted successfully
C:\PROGRA~3\{052CEF1F-B287-58B4-5DD4-EFB51274A842} deleted successfully
C:\PROGRA~3\{81A3FB2F-3608-4C84-08D3-404C7B1447BB} deleted successfully
C:\PROGRA~3\{CF3A8518-7891-32B3-EA7D-966D3F915133} deleted successfully
C:\Users\DOMA\AppData\Roaming\Mp3tagApp2 deleted successfully
C:\Users\DOMA\AppData\Local\ESET deleted successfully
C:\Users\DOMA\AppData\Local\GHISLER deleted successfully
C:\Users\DOMA\AppData\Local\Notepad++ deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default\prefs.js:

Added to C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{052CEF1F-B287-58B4-5DD4-EFB51274A842} not found
C:\PROGRA~3\{81A3FB2F-3608-4C84-08D3-404C7B1447BB} not found
C:\PROGRA~3\{CF3A8518-7891-32B3-EA7D-966D3F915133} not found
C:\PROGRA~3\Package Cache deleted
C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oneisc.vbs deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Users\DOMA\Downloads\bsplayer271.setup.exe deleted
C:\windows\SysNative\GroupPolicy\Adm deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\DOMA\AppData\Roaming\fak.exe deleted
"C:\ProgramData\mntemp" deleted
"C:\PROGRA~3\WinSxC.exe" deleted
"C:\Users\DOMA\AppData\Roaming\Oneisc\bytso.vbs" deleted
"C:\Users\DOMA\AppData\Roaming\Oneisc\fak.exe" deleted
"C:\Users\DOMA\AppData\Roaming\Oneisc\hacd.vbs" deleted
"C:\Users\DOMA\AppData\Roaming\Oneisc\rar.exe" deleted
"C:\Users\DOMA\AppData\Roaming\Oneisc" not deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default
- Undetermined - %ProfilePath%\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Undetermined - %ProfilePath%\extensions\378507@extcorp.net.xpi
- Undetermined - %ProfilePath%\extensions\cookieimporter@krk.xpi
- Safe Browsing Version 4 temporary add-on - %ProfilePath%\extensions\sbv4-gradual-rollout@mozilla.com.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bgjpfhpjcgdppjbgnpnjllokbmcdllig - No path found[]
blmojkbhnkkphngknkmgccmlenfaelkd - No path found[]
olfeabkoenfaoljndfecamgilllcpiak - No path found[]

Seznam Lištička - Email - DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Lištička - Slovník - DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
EditThisCookie - DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
Seznam Lištička - Rychlá volba - DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
Quick Searcher v16.2 - DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha
Chrome Media Router - DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... 02&pc=UE10"

==== Reset Google Chrome ======================

C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\DOMA\AppData\Local\Seznam.cz\User Data\Default\Preferences was reset successfully
C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\DOMA\AppData\Local\Seznam.cz\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DOMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DOMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\DOMA\AppData\Local\Mozilla\Firefox\Profiles\e2i0b8xa.default\cache2 will be emptied at reboot
C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default\storage\default\https+++quantumsystem.org\cache emptied successfully
C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default\storage\default\https+++weather.com\cache will be emptied at reboot
C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default\storage\default\https+++www.youtube.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\DOMA\AppData\Local\Seznam.cz\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=31 folders=26 35500010 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DOMA\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\DOMA\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\WinSxC.exesearch" not found
"C:\Users\DOMA\AppData\Roaming\Oneisc" not found

==== EOF on so 07.10.2017 at 12:19:17,86 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64
Ran by DOMA (Administrator) on ne 08.10.2017 at 11:09:16,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 29

Successfully deleted: C:\ProgramData\{56fe349e-012c-0} (Folder)
Successfully deleted: C:\ProgramData\{657560f6-212c-1} (Folder)
Successfully deleted: C:\ProgramData\46ff6f41 (Folder)
Successfully deleted: C:\ProgramData\54041617-23e7-1 (Folder)
Successfully deleted: C:\ProgramData\54041617-69e7-0 (Folder)
Successfully deleted: C:\ProgramData\54041617-7825-0 (Folder)
Successfully deleted: C:\ProgramData\58745dd2-2cb7-0 (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\system healer (Folder)
Successfully deleted: C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Folder)
Successfully deleted: C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Folder)
Successfully deleted: C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Folder)
Successfully deleted: C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage (File)
Successfully deleted: C:\Users\DOMA\AppData\Roaming\1337 (Folder)
Successfully deleted: C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 (Folder)
Successfully deleted: C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\e2i0b8xa.default\user.js (File)
Successfully deleted: C:\Users\DOMA\AppData\Roaming\system healer (Folder)
Successfully deleted: C:\Users\DOMA\Desktop\launch system healer.lnk (Shortcut)
Successfully deleted: C:\Windows\system32\Tasks\System HealerPeriod (Task)
Successfully deleted: C:\Windows\system32\Tasks\System HealerStartUp (Task)
Successfully deleted: C:\Windows\Tasks\System HealerPeriod.job (Task)
Successfully deleted: C:\Windows\Tasks\System HealerStartUp.job (Task)
Successfully deleted: C:\Users\DOMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P0657XH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DOMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JPML1MD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DOMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5K4R33V8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DOMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVNGD84W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P0657XH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JPML1MD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5K4R33V8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVNGD84W (Temporary Internet Files Folder)



Registry: 4

Successfully deleted: HKCU\Software\Google\Chrome\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Registry Key)
Successfully deleted: HKCU\Software\Google\Chrome\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Registry Key)
Successfully deleted: HKCU\Software\Google\Chrome\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\PCSUUCDRV (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 08.10.2017 at 11:11:42,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 08 říj 2017 11:49
od Rudy
OK. Změnilo se něco teď?

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 10 říj 2017 16:39
od Jenda939
Zdravím, tak došlo ke změně už při startu nenabíhá škodlivý program a je pryč. Ještě se mě stává, že při otevření prohlížeče otevře škodlivá stránka. Nebo se stává, že otevřu webovou stránku a při rozkliknutí článku se buď otevře cizí stránka nebo se webová stránka změní na jinou a pak nejde změnit na původní. Díky za pomoc.

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 10 říj 2017 16:50
od Rudy
Pokud to dělá Firefox, zkusíme ho přeinstalovat. FF zazálohujte pomocí MozBackup: http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ . Pak FF kompletně odinstalujte vč. jeho profilu (podadresáře Mozilla v c:\users\DOMA\appdata\local, c:\users\DOMA\appdata\roaming, c:\users\DOMA\data aplikací, c:\users\DOMA\local settings a v c:\program data musí být smazány. Potom udělejte novou, čistou instalaci FF a zpět ze zálohy nakopírujte pouze záložky a hesla.

Re: Odstranění nežadoucího programu plus stranky v prohlížeč

Napsal: 19 říj 2017 10:27
od Jenda939
Zdravím, omlouvám se za pozdější odpověď, ale bohužel jsem se k tomu dřív nedostal. Přeinstaloval jsem chrome a firefox. Vypadalo to dobře, ale pak se to zase změnilo. U firefoxu a chromu otevřu stránku a poté vní klepnu na článek a dojde ke změně celé stránky najinou nebo se otevře v novém okně cizí stránka. U chromu došlo ke změně ikony.Zkusil jsem nainstalovat dopněk blokace reklam, ale to u některých stránek dojde k rozhození článků. Děkuji za pomoc.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz