Dobrý den.Můžete se mi prosím podívat na log?Pc pomaleji nabíhá a delší dobu trvá než je možné spustit prohlížeč.Používáme firefox.Předem díky
Logfile of random's system information tool 1.16 (written by random/random)
Run by Jenda at 2017-05-15 11:07:57
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 323 GB (68%) free of 477 GB
Total RAM: 4095 MB (62% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:08:24, on 15.5.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18666)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Jenda_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7701 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d1ab5c1a-7305-4613-9d29-20727442c857 -SystemEventPortName:HostProcess-06c5abd6-78d9-4a81-b871-fddf291972c6 -IoCancelEventPortName:HostProcess-840d1297-7a13-443a-b3de-c1f7f26b7dbc -NonStateChangingEventPortName:HostProcess-35ea46b3-91e8-4bd9-8779-0efdb94523eb -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2ecb714f-4f56-41c4-88a0-2f958f2707e3
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Jenda\Desktop\Stahování net\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\Dceried Host - "C:\Program Files (x86)\Riferpy\dclrik.exe" 2f64654d-596e-47fe-9160-b68e7d2fb129
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1489857064 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\{1B87ECA6-E1BE-404C-8765-A0AECF172B12} - "c:\program files (x86)\mozilla firefox\firefox.exe" https://ui.skype.com/ui/0/7.33.0.104/cs ... rogressBar
C:\Windows\system32\tasks\{982235FF-F8F3-440C-BDD2-C0B96F14A2A2} - C:\Windows\system32\pcalua.exe -a "C:\Users\Jenda\Desktop\Stahování net\FacebookGameroom(1).exe" -d "C:\Users\Jenda\Desktop\Stahování net"
C:\Windows\system32\tasks\{9FFF15B6-5C60-405F-B790-7B2FF5D0C7F4} - C:\Windows\system32\pcalua.exe -a "C:\Users\Jenda\Desktop\Stahování net\mctitan_launcher.exe" -d "C:\Users\Jenda\Desktop\Stahování net"
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-358467729-2002928426-4039490616-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate /silent /autoclose /background
C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe" /immunize /silent /autoclose
C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe" /scan /cleanclose
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\EOSNotify - %windir%\system32\EOSNotify.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Mozilla firefox=========
ProfilePath - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/?clid=22668"
prefs.js - "keyword.URL" - "http://search.seznam.cz/?sourceid=quick ... earchTerms}&"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.131.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\
foxmarks@kei.com
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\searchplugins\
seznam-avast.xml
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\addons.json
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b}
Xmarks Sync - extension - foxmarks@kei.com
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions.json
Xmarks - extension - foxmarks@kei.com - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\foxmarks@kei.com
Avast Passwords - extension - jid1-r1tDuNiNb4SEww@jetpack - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi
Avast Online Security - webextension - wrc@avast.com - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\wrc@avast.com.xpi
Avast SafePrice - webextension - sp@avast.com - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\sp@avast.com.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Shield Recipe Client - extension - shield-recipe-client@mozilla.org - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\features\{776e00e0-8ed1-4c9f-8312-f5d4de317921}\shield-recipe-client@mozilla.org.xpi
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b} - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\pluginreg.dat
Plugin - Shockwave Flash - 25.0.0.171 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
=========Google Chrome=========
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"=http://www.startpageing123.com/search/? ... earchTerms}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}]
"URL"=http://search.seznam.cz/?sourceid=quick ... earchTerms}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"=http://www.startpageing123.com/search/? ... earchTerms}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-01 895528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-04 473152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-01 773920]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-04 186944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-05-08 213824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-06-10 8810200]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-02-07 4701888]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2017-04-26 3019552]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BingSvc]
C:\Users\Jenda\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05 144008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2016-06-10 8810200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-06 11057768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-05-04 27716568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15 587288]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15 587288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4ED33EDA-F36B-11E6-AEE4-64006A5CFC23}"=C:\Users\Jenda\AppData\Roaming\Jipelegernise\Plindomfenuph.dll []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
====== List of files/folders created in the last 1 month ======
2017-05-15 11:07:57 ----D---- C:\rsit
2017-05-15 11:07:57 ----D---- C:\Program Files\trend micro
2017-05-15 11:07:46 ----D---- C:\ProgramData\SWCUTemp
2017-05-10 21:05:18 ----A---- C:\Windows\system32\mshtml.dll
2017-05-10 21:05:16 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-05-10 21:05:15 ----A---- C:\Windows\system32\ieframe.dll
2017-05-10 21:05:14 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-05-10 21:05:13 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-05-10 21:05:13 ----A---- C:\Windows\system32\jscript9.dll
2017-05-10 21:05:12 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-05-10 21:05:12 ----A---- C:\Windows\system32\wininet.dll
2017-05-10 21:05:12 ----A---- C:\Windows\system32\iertutil.dll
2017-05-10 21:05:12 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-05-10 21:05:11 ----A---- C:\Windows\system32\win32k.sys
2017-05-10 21:05:11 ----A---- C:\Windows\system32\urlmon.dll
2017-05-10 21:05:11 ----A---- C:\Windows\system32\ole32.dll
2017-05-10 21:05:11 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-05-10 21:05:10 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-05-10 21:05:10 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-05-10 21:05:09 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-05-10 21:05:09 ----A---- C:\Windows\system32\crypt32.dll
2017-05-10 21:05:09 ----A---- C:\Windows\system32\advapi32.dll
2017-05-10 21:05:08 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-05-10 21:05:08 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-05-10 21:05:08 ----A---- C:\Windows\system32\oleaut32.dll
2017-05-10 21:05:08 ----A---- C:\Windows\system32\drivers\srv.sys
2017-05-10 21:05:07 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2017-05-10 21:05:07 ----A---- C:\Windows\system32\pla.dll
2017-05-10 21:05:07 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-05-10 21:05:07 ----A---- C:\Windows\system32\drivers\afd.sys
2017-05-10 21:05:06 ----A---- C:\Windows\SYSWOW64\pla.dll
2017-05-10 21:05:06 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2017-05-10 21:05:06 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-05-10 21:05:06 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-05-10 21:05:06 ----A---- C:\Windows\system32\rpcss.dll
2017-05-10 21:05:06 ----A---- C:\Windows\system32\pdh.dll
2017-05-10 21:05:06 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-05-10 21:05:06 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-05-10 21:05:06 ----A---- C:\Windows\system32\drivers\netio.sys
2017-05-10 21:05:06 ----A---- C:\Windows\system32\drivers\fastfat.sys
2017-05-10 21:05:06 ----A---- C:\Windows\system32\drivers\exfat.sys
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\pdh.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\vbscript.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\ntdll.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-10 21:05:05 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\msfeeds.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\jscript.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\iedkcs32.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\drivers\tdx.sys
2017-05-10 21:05:05 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-05-10 21:05:05 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-05-10 21:05:05 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2017-05-10 21:05:04 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-05-10 21:05:04 ----A---- C:\Windows\SYSWOW64\oleres.dll
2017-05-10 21:05:04 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-05-10 21:05:04 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-05-10 21:05:04 ----A---- C:\Windows\system32\oleres.dll
2017-05-10 21:05:04 ----A---- C:\Windows\system32\gdi32.dll
2017-05-10 21:05:04 ----A---- C:\Windows\system32\dxtrans.dll
2017-05-10 21:05:04 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\comcat.dll
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\webcheck.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\rpcrt4.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\plasrv.exe
2017-05-10 21:05:03 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\mshtmled.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\lsasrv.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\kerberos.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\ieapfltr.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\ie4uinit.exe
2017-05-10 21:05:03 ----A---- C:\Windows\system32\comcat.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\certcli.dll
2017-05-10 21:05:02 ----A---- C:\Windows\system32\smss.exe
2017-05-10 21:05:02 ----A---- C:\Windows\system32\ieui.dll
2017-05-10 21:05:02 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-05-10 21:05:02 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-05-10 21:05:01 ----A---- C:\Windows\system32\schannel.dll
2017-05-10 21:05:01 ----A---- C:\Windows\system32\kernel32.dll
2017-05-10 21:05:01 ----A---- C:\Windows\system32\dxtmsft.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wow64win.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wow64cpu.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wow64.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wintrust.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\winsrv.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wdigest.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\TSpkg.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\sspisrv.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\sspicli.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\srcore.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\srclient.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\rpchttp.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\occache.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\ncrypt.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\msv1_0.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\msrating.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\lsass.exe
2017-05-10 21:05:00 ----A---- C:\Windows\system32\KernelBase.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\jsproxy.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\jscript9diag.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\inseng.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\ieUnatt.exe
2017-05-10 21:05:00 ----A---- C:\Windows\system32\iesetup.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\iernonce.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-05-10 21:05:00 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-05-10 21:05:00 ----A---- C:\Windows\system32\csrsrv.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\cryptsvc.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\cryptnet.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\conhost.exe
2017-05-10 21:05:00 ----A---- C:\Windows\system32\cdosys.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\bcrypt.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\user.exe
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\tzres.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\secur32.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\rstrui.exe
2017-05-10 21:04:59 ----A---- C:\Windows\system32\ntvdm64.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\drivers\appid.sys
2017-05-10 21:04:59 ----A---- C:\Windows\system32\cryptbase.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\credssp.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\cdd.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\auditpol.exe
2017-05-10 21:04:59 ----A---- C:\Windows\system32\appidsvc.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 21:04:59 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 21:04:59 ----A---- C:\Windows\system32\appidapi.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\apisetschema.dll
2017-05-10 21:04:58 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-05-10 21:04:58 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-05-10 21:04:58 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-05-10 21:04:58 ----A---- C:\Windows\system32\msobjs.dll
2017-05-10 21:04:58 ----A---- C:\Windows\system32\msaudite.dll
2017-05-10 21:04:58 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-05-10 21:04:58 ----A---- C:\Windows\system32\adtschema.dll
2017-05-08 09:26:26 ----A---- C:\Windows\system32\aswBoot.exe
2017-04-30 15:38:12 ----D---- C:\Program Files (x86)\Rake Multiplayer
2017-04-22 16:51:34 ----D---- C:\Program Files (x86)\Microsoft WSE
2017-04-22 16:44:18 ----D---- C:\Program Files (x86)\Electronic Arts
2017-04-22 15:11:01 ----D---- C:\Program Files (x86)\Origin Games
2017-04-18 16:19:51 ----D---- C:\Users\Jenda\AppData\Roaming\Origin
2017-04-18 16:17:16 ----D---- C:\ProgramData\Origin
2017-04-18 16:17:16 ----D---- C:\ProgramData\Electronic Arts
2017-04-18 16:17:07 ----D---- C:\Program Files (x86)\Origin
2017-04-17 15:46:26 ----D---- C:\Program Files (x86)\Nexon
====== List of files/folders modified in the last 1 month ======
2017-05-15 11:08:10 ----D---- C:\Windows\Prefetch
2017-05-15 11:08:03 ----D---- C:\Windows\Temp
2017-05-15 11:07:57 ----RD---- C:\Program Files
2017-05-15 11:07:46 ----HD---- C:\ProgramData
2017-05-15 10:54:49 ----D---- C:\Program Files (x86)\Steam
2017-05-15 08:08:44 ----D---- C:\Windows\system32\config
2017-05-13 16:44:56 ----D---- C:\Windows\system32\drivers
2017-05-12 21:51:28 ----D---- C:\Program Files (x86)\FastShare
2017-05-11 18:28:04 ----D---- C:\Windows\rescache
2017-05-11 13:42:02 ----D---- C:\Windows\Microsoft.NET
2017-05-11 13:41:16 ----RSD---- C:\Windows\assembly
2017-05-11 13:33:34 ----D---- C:\Windows\System32
2017-05-11 13:33:34 ----D---- C:\Windows\inf
2017-05-11 13:33:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-05-11 13:27:31 ----D---- C:\Windows\winsxs
2017-05-11 13:24:34 ----D---- C:\Program Files\Internet Explorer
2017-05-11 13:24:33 ----D---- C:\Windows\SYSWOW64\migration
2017-05-11 13:24:33 ----D---- C:\Windows\SYSWOW64\en-US
2017-05-11 13:24:33 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-05-11 13:24:32 ----D---- C:\Windows\SysWOW64
2017-05-11 13:24:30 ----D---- C:\Windows\system32\migration
2017-05-11 13:24:30 ----D---- C:\Windows\system32\cs-CZ
2017-05-11 13:24:30 ----D---- C:\Windows\PolicyDefinitions
2017-05-11 13:24:29 ----D---- C:\Windows\system32\en-US
2017-05-11 13:24:26 ----D---- C:\Windows\AppPatch
2017-05-11 13:24:26 ----D---- C:\Program Files (x86)\Internet Explorer
2017-05-11 13:24:24 ----D---- C:\Windows\system32\Boot
2017-05-11 07:32:16 ----SHD---- C:\System Volume Information
2017-05-11 07:31:42 ----SHD---- C:\Windows\Installer
2017-05-11 07:31:42 ----D---- C:\ProgramData\Skype
2017-05-11 07:31:39 ----RD---- C:\Program Files (x86)\Skype
2017-05-11 07:31:39 ----D---- C:\Program Files (x86)\Common Files
2017-05-10 22:33:34 ----D---- C:\Windows\system32\catroot2
2017-05-10 21:07:23 ----D---- C:\Windows\system32\MRT
2017-05-10 21:07:23 ----D---- C:\Windows\debug
2017-05-10 21:07:13 ----AC---- C:\Windows\system32\MRT.exe
2017-05-09 18:47:19 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-05-09 18:47:17 ----D---- C:\Windows\system32\Macromed
2017-05-09 18:47:14 ----D---- C:\Windows\SYSWOW64\Macromed
2017-05-08 12:01:26 ----D---- C:\Users\Jenda\AppData\Roaming\vlc
2017-05-08 09:54:30 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-05-08 09:47:25 ----D---- C:\Windows
2017-05-08 09:28:17 ----D---- C:\Windows\system32\Tasks
2017-05-04 19:54:03 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2017-05-04 19:53:42 ----D---- C:\Program Files (x86)\Java
2017-05-04 19:13:28 ----D---- C:\Users\Jenda\AppData\Roaming\uTorrent
2017-05-04 19:13:28 ----D---- C:\Users\Jenda\AppData\Roaming\DAEMON Tools Lite
2017-05-04 19:10:25 ----D---- C:\Windows\Logs
2017-05-02 20:15:38 ----D---- C:\Windows\system32\NDF
2017-04-30 16:15:14 ----D---- C:\Users\Jenda\AppData\Roaming\.minecraft
2017-04-30 15:38:12 ----RD---- C:\Program Files (x86)
2017-04-30 15:25:49 ----D---- C:\Users\Jenda\AppData\Roaming\Skype
2017-04-23 16:46:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2017-04-16 16:50:25 ----SD---- C:\Users\Jenda\AppData\Roaming\Microsoft
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-05-08 190256]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-05-08 334576]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-05-08 49016]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-05-08 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-05-08 339696]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-05-08 311808]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-05-08 32600]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2017-05-08 507928]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-05-08 101152]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-05-08 1007160]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-05-08 569192]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-05-08 128648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-05-12 158880]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-10 6368256]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-10 188416]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2017-04-11 29432]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-03-01 104976]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2017-02-16 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2017-02-16 47672]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-06 2419176]
R3 lvpepf64;Volume Adapter; C:\Windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V64.SYS [2008-07-26 2624408]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 aswHdsKe;aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [2017-02-01 82936]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-05-08 38296]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2012-04-13 75016]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-05-08 263304]
R2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-05-08 310496]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\cscsvc.dll
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-05-08 7346208]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-02-07 1471168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 Origin Web Helper Service;Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2017-04-18 3115928]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-04-05 317400]
S3 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-02-10 202752]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-04-16 116224]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2017-04-18 2146704]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll" = %SystemRoot%\system32\peerdistsvc.dll
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-04-26 1590048]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\storsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-01-28 1255736]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09 271864]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118283
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím kontrolu logu
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím kontrolu logu
# AdwCleaner v6.046 - Log vytvořen 15/05/2017 v 20:53:52
# Aktualizováno dne 24/04/2017 z Malwarebytes
# Databáze : 2017-04-24.1 [Místní]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Jenda - JENDA-PC
# Spuštěno z : C:\Users\Jenda\Desktop\Stahování net\adwcleaner_6.046.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Nebyly nalezeny žádné škodlivé služby.
***** [ Složky ] *****
Složka nalezena: C:\Users\Jenda\AppData\Local\Standuck
Složka nalezena: C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\EasyPDFCombine_ce
Složka nalezena: C:\Program Files (x86)\Standuck
Složka nalezena: C:\Program Files (x86)\Dceried Host
Složka nalezena: C:\Users\Jenda\AppData\Roaming\Firefox
Složka nalezena: C:\Users\Jenda\AppData\Local\Firefox
***** [ Soubory ] *****
Soubor nalezen: C:\END
Soubor nalezen: C:\Users\Public\Documents\temp.dat
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Zástupce infikován: C:\Users\Jenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=148 ... g&from=che
Zástupce infikován: C:\Users\Jenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.startpageing123.com/?type=sc&ts=148 ... 83d581f6ab
Zástupce infikován: C:\Users\Jenda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=148 ... gbzeb2maqb
Zástupce infikován: C:\Users\Jenda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=148 ... 8eegbzeb2m
***** [ Naplánované úlohy ] *****
Naplánovaná úloha nalezena: Dceried Host
***** [ Registry ] *****
Klíč nalezen: HKLM\SOFTWARE\Classes\Standucksc
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Standucksc
Klíč nalezen: HKU\.DEFAULT\Software\ecb`nl
Klíč nalezen: HKU\S-1-5-21-358467729-2002928426-4039490616-1000\Software\Standuck
Klíč nalezen: HKU\S-1-5-18\Software\ecb`nl
Klíč nalezen: HKCU\Software\Standuck
Klíč nalezen: HKLM\SOFTWARE\ecb`nl
Klíč nalezen: HKLM\SOFTWARE\startpageing123Software
Klíč nalezen: HKLM\SOFTWARE\Standuck
Klíč nalezen: HKLM\SOFTWARE\msServer
Klíč nalezen: HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
Klíč nalezen: [x64] HKCU\Software\Standuck
Klíč nalezen: [x64] HKLM\SOFTWARE\ecb`nl
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds ... &uid=WDCXW
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... WD5000AAKX
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... AAKX-001CA
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds ... CXWD5000AA
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Data nalezena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=148 ... f6ab694aff
***** [ Internetové prohlížeče ] *****
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.foxcub.config.encodedConfig" - "{\"core\":{\"configUrl\":\"hxxps://download.seznam.cz/software/conf/\"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.BUTTON_STRUCTURE" - "[{\"b\":223772299,\"c\":\"mindspark.magnify\",\"p\"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.browser.startup.homepage.savedPrev" - "true"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.browser.startup.homepage.tb" - "hxxp://hp.myway.com/easypdfcombine/s1988
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.browser.startup.page.savedPrev" - 1
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.browser.startup.page.tb" - 1
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.browser.version.last" - "52.0"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.coId" - "504d2f96fc68495ebc3dd2f775bb6129"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.firstKnownVersion" - "7.700.10.55228"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.homepage" - "hxxp://hp.myway.com/easypdfcombine/s19888/index.html?coId=5
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.hp.enabled" - false
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.hp.guardType" - "HPR"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.initialized" - true
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installType" - "XPI"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.dlpCountryCode" - "CZ"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.installDate" - "2017032103"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.partnerId" - "^BSB^xdm095^S19888^cz"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.partnerSubId" - "CKukvdTo59ICFQcQ0wodAZEAFg"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.pixelUrl" - "hxxp://www.easypdfcombine.com/install_pixels.j
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.success" - true
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.toolbarDataSource" - "[\"COOKIE\",\"COOKIE\",\"LOCAL_STORAG
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.toolbarId" - "603FFF03-3202-4747-837E-144A0D9520A7"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.lastActivePing" - "1491055098581"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.lastKnownVersion" - "7.700.10.55228"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.lssState" - "{\"previousLocales\":[\"cs\",\"en-US\",\"en\"],\"supportedL
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.options.defaultSearch" - false
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.options.homePageEnabled" - true
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.options.keywordEnabled" - false
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.options.tabEnabled" - true
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.partnerPixelFired" - true
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.language" - "cs"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.newTabURL" - "hxxp://hp.myway.com/easypdfcombine/s
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.type" - "ToolTab"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.successUrl" - "hxxp://www.easypdfcombine.com/installComplete.jhtml"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.toolbarCollapsed" - false
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.uninstallSurveyUrl" - "hxxp://easypdfcombine.dl.myway.com/uninstall.jhtm
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.uninstallTasks" - "{\"prefBranchesToDelete\":[\"extensions.toolbar.minds
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark.hp.enabled" - false
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark.lastInstalled" - "easypdfcombine@mindspark.com"
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2276 Bajty] - [21/02/2017 13:33:12]
C:\AdwCleaner\AdwCleaner[C2].txt - [1801 Bajty] - [23/02/2017 19:21:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [1394 Bajty] - [30/01/2017 21:21:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [2308 Bajty] - [21/02/2017 13:32:00]
C:\AdwCleaner\AdwCleaner[S2].txt - [2047 Bajty] - [23/02/2017 19:16:55]
C:\AdwCleaner\AdwCleaner[S3].txt - [12712 Bajty] - [15/05/2017 20:53:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [12786 Bajty] ##########
# Aktualizováno dne 24/04/2017 z Malwarebytes
# Databáze : 2017-04-24.1 [Místní]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Jenda - JENDA-PC
# Spuštěno z : C:\Users\Jenda\Desktop\Stahování net\adwcleaner_6.046.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Nebyly nalezeny žádné škodlivé služby.
***** [ Složky ] *****
Složka nalezena: C:\Users\Jenda\AppData\Local\Standuck
Složka nalezena: C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\EasyPDFCombine_ce
Složka nalezena: C:\Program Files (x86)\Standuck
Složka nalezena: C:\Program Files (x86)\Dceried Host
Složka nalezena: C:\Users\Jenda\AppData\Roaming\Firefox
Složka nalezena: C:\Users\Jenda\AppData\Local\Firefox
***** [ Soubory ] *****
Soubor nalezen: C:\END
Soubor nalezen: C:\Users\Public\Documents\temp.dat
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Zástupce infikován: C:\Users\Jenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=148 ... g&from=che
Zástupce infikován: C:\Users\Jenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.startpageing123.com/?type=sc&ts=148 ... 83d581f6ab
Zástupce infikován: C:\Users\Jenda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=148 ... gbzeb2maqb
Zástupce infikován: C:\Users\Jenda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=148 ... 8eegbzeb2m
***** [ Naplánované úlohy ] *****
Naplánovaná úloha nalezena: Dceried Host
***** [ Registry ] *****
Klíč nalezen: HKLM\SOFTWARE\Classes\Standucksc
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Standucksc
Klíč nalezen: HKU\.DEFAULT\Software\ecb`nl
Klíč nalezen: HKU\S-1-5-21-358467729-2002928426-4039490616-1000\Software\Standuck
Klíč nalezen: HKU\S-1-5-18\Software\ecb`nl
Klíč nalezen: HKCU\Software\Standuck
Klíč nalezen: HKLM\SOFTWARE\ecb`nl
Klíč nalezen: HKLM\SOFTWARE\startpageing123Software
Klíč nalezen: HKLM\SOFTWARE\Standuck
Klíč nalezen: HKLM\SOFTWARE\msServer
Klíč nalezen: HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
Klíč nalezen: [x64] HKCU\Software\Standuck
Klíč nalezen: [x64] HKLM\SOFTWARE\ecb`nl
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds ... &uid=WDCXW
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... WD5000AAKX
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... AAKX-001CA
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds ... CXWD5000AA
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Data nalezena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=148 ... f6ab694aff
***** [ Internetové prohlížeče ] *****
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.foxcub.config.encodedConfig" - "{\"core\":{\"configUrl\":\"hxxps://download.seznam.cz/software/conf/\"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.BUTTON_STRUCTURE" - "[{\"b\":223772299,\"c\":\"mindspark.magnify\",\"p\"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.browser.startup.homepage.savedPrev" - "true"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.browser.startup.homepage.tb" - "hxxp://hp.myway.com/easypdfcombine/s1988
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.browser.startup.page.savedPrev" - 1
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.browser.startup.page.tb" - 1
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.browser.version.last" - "52.0"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.coId" - "504d2f96fc68495ebc3dd2f775bb6129"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.firstKnownVersion" - "7.700.10.55228"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.homepage" - "hxxp://hp.myway.com/easypdfcombine/s19888/index.html?coId=5
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.hp.enabled" - false
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.hp.guardType" - "HPR"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.initialized" - true
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installType" - "XPI"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.dlpCountryCode" - "CZ"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.installDate" - "2017032103"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.partnerId" - "^BSB^xdm095^S19888^cz"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.partnerSubId" - "CKukvdTo59ICFQcQ0wodAZEAFg"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.pixelUrl" - "hxxp://www.easypdfcombine.com/install_pixels.j
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.success" - true
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.toolbarDataSource" - "[\"COOKIE\",\"COOKIE\",\"LOCAL_STORAG
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.installation.toolbarId" - "603FFF03-3202-4747-837E-144A0D9520A7"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.lastActivePing" - "1491055098581"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.lastKnownVersion" - "7.700.10.55228"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.lssState" - "{\"previousLocales\":[\"cs\",\"en-US\",\"en\"],\"supportedL
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.options.defaultSearch" - false
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.options.homePageEnabled" - true
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.options.keywordEnabled" - false
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.options.tabEnabled" - true
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.partnerPixelFired" - true
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.language" - "cs"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.newTabURL" - "hxxp://hp.myway.com/easypdfcombine/s
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.type" - "ToolTab"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.successUrl" - "hxxp://www.easypdfcombine.com/installComplete.jhtml"
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.toolbarCollapsed" - false
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.uninstallSurveyUrl" - "hxxp://easypdfcombine.dl.myway.com/uninstall.jhtm
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark._ceMembers_.uninstallTasks" - "{\"prefBranchesToDelete\":[\"extensions.toolbar.minds
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark.hp.enabled" - false
Firefox nastavení nalezeno: [C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\prefs.js] - "extensions.toolbar.mindspark.lastInstalled" - "easypdfcombine@mindspark.com"
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2276 Bajty] - [21/02/2017 13:33:12]
C:\AdwCleaner\AdwCleaner[C2].txt - [1801 Bajty] - [23/02/2017 19:21:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [1394 Bajty] - [30/01/2017 21:21:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [2308 Bajty] - [21/02/2017 13:32:00]
C:\AdwCleaner\AdwCleaner[S2].txt - [2047 Bajty] - [23/02/2017 19:16:55]
C:\AdwCleaner\AdwCleaner[S3].txt - [12712 Bajty] - [15/05/2017 20:53:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [12786 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 118283
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím kontrolu logu
ADW nemazal, neklikl jste na mazání. Zkuste ještě jednou.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím kontrolu logu
Omlouvámse,hned mi to došlo.Tady je:
# AdwCleaner v6.046 - Log vytvořen 15/05/2017 v 20:58:53
# Aktualizováno dne 24/04/2017 z Malwarebytes
# Databáze : 2017-04-24.1 [Místní]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Jenda - JENDA-PC
# Spuštěno z : C:\Users\Jenda\Desktop\Stahování net\adwcleaner_6.046.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Jenda\AppData\Local\Standuck
[-] Složka smazána: C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\EasyPDFCombine_ce
[-] Složka smazána: C:\Program Files (x86)\Standuck
[-] Složka smazána: C:\Program Files (x86)\Dceried Host
[-] Složka smazána: C:\Users\Jenda\AppData\Roaming\Firefox
[-] Složka smazána: C:\Users\Jenda\AppData\Local\Firefox
***** [ Soubory ] *****
[-] Soubor smazán: C:\END
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[-] Zástupce vyléčen: C:\Users\Jenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\Jenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce vyléčen: C:\Users\Jenda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce vyléčen: C:\Users\Jenda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: Dceried Host
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Standucksc
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Standucksc
[-] Klíč smazán: HKU\.DEFAULT\Software\ecb`nl
[-] Klíč smazán: HKU\S-1-5-21-358467729-2002928426-4039490616-1000\Software\Standuck
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ecb`nl
[#] Klíč smazán po restartu: HKCU\Software\Standuck
[-] Klíč smazán: HKLM\SOFTWARE\ecb`nl
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\Standuck
[-] Klíč smazán: HKLM\SOFTWARE\msServer
[-] Klíč smazán: HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Standuck
[-] Klíč smazán: [x64] HKLM\SOFTWARE\ecb`nl
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
***** [ Prohlížeče ] *****
[-] Firefox předvolby vyčištěny:
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.BUTTON_STRUCTURE" - "[{\"b\":223772299,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":223772300,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0\"},{\"b\":223772302,\"c\":\"mindspark.full\",\"p\":\"L.0.1\"},{\"b\":223772306,\"c\":\"mindspark.imagesearch\",\"p\":\"L.0.2\"},{\"b\":223772309,\"c\":\"mindspark.advanced\",\"p\":\"L.0.3\"},{\"b\":223772312,\"c\":\"mindspark.directorysearch\",\"p\":\"L.0.4\"},{\"b\":223772253,\"c\":\"mindspark.search\",\"p\":\"L.1\"},{\"b\":225376993,\"c\":\"mindspark.easypdfcombine\",\"p\":\"L.2\"},{\"b\":223772257,\"c\":\"mindspark.sharefiles\",\"p\":\"L.3\"},{\"b\":223772258,\"c\":\"mindspark.shareviaemail\",\"p\":\"L.3.0\"},{\"b\":223772259,\"c\":\"mindspark.wetransfer\",\"p\":\"L.3.0.0\"},{\"b\":223772260,\"c\":\"mindspark.sendspace\",\"p\":\"L.3.0.1\"},{\"b\":223772261,\"c\":\"mindspark.mailbigfile\",\"p\":\"L.3.0.2\"},{\"b\":223772262,\"c\":\"mindspark.transferbigfiles\",\"p\":\"L.3.0.3\"},{\"b\":223772263,\"c\":\"mindspark.dropsend\",\"p\":\"L.3.0.4\"},{\"b\":223772264,\"c\":\"mindspark.shareviaurl\",\"p\":\"L.3.1\"},{\"b\":223772265,\"c\":\"mindspark.dropcanvas\",\"p\":\"L.3.1.0\"},{\"b\":223772266,\"c\":\"mindspark.gett\",\"p\":\"L.3.1.1\"},{\"b\":223772267,\"c\":\"mindspark.droplr\",\"p\":\"L.3.1.2\"},{\"b\":223772268,\"c\":\"mindspark.senduit\",\"p\":\"L.3.1.3\"},{\"b\":223772269,\"c\":\"mindspark.wikisend\",\"p\":\"L.3.1.4\"},{\"b\":223772270,\"c\":\"mindspark.filedropper\",\"p\":\"L.3.1.5\"},{\"b\":223772271,\"c\":\"mindspark.files\",\"p\":\"L.3.1.6\"},{\"b\":223772272,\"c\":\"mindspark.fileconvoy\",\"p\":\"L.3.1.7\"},{\"b\":223772275,\"c\":\"mindspark.webfilehost\",\"p\":\"L.3.1.8\"},{\"b\":223772276,\"c\":\"mindspark.createslideshow\",\"p\":\"L.3.2\"},{\"b\":223772277,\"c\":\"mindspark.convertfiles\",\"p\":\"L.4\"},{\"b\":223772278,\"c\":\"mindspark.languagetools\",\"p\":\"L.5\"},{\"b\":223772279,\"c\":\"mindspark.dictionary\",\"p\":\"L.5.0\"},{\"b\":223772280,\"c\":\"mindspark.thesaurus\",\"p\":\"L.5.1\"},{\"b\":223772281,\"c\":\"mindspark.reference\",\"p\":\"L.5.2\"},{\"b\":223772282,\"c\":\"mindspark.translate\",\"p\":\"L.5.3\"},{\"b\":223772283,\"c\":\"mindspark.weather\",\"v\":\"1.2.2\",\"p\":\"L.6\"},{\"b\":224441925,\"c\":\"mindspark.facebook\",\"p\":\"L.7\"},{\"b\":230546746,\"c\":\"mindspark.radio\",\"v\":\"1.1.3\",\"p\":\"L.8\"},{\"b\":223772316,\"c\":\"mindspark.wrench\",\"p\":\"R.0\"}]"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.browser.startup.homepage.savedPrev" - "true"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.browser.startup.homepage.tb" - "hxxp://hp.myway.com/easypdfcombine/s19888/index.html?coId=504d2f96fc68495ebc3dd2f775bb6129&subId=CKukvdTo59ICFQcQ0wodAZEAFg&ln=cs&n=783977a7&ptb=603FFF03-3202-4747-837E-144A0D9520A7&st&p2=%5EBSB%5Exdm095%5ES19888%5Ecz&si=CKukvdTo59ICFQcQ0wodAZEAFg"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.browser.startup.page.savedPrev" - 1
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.browser.startup.page.tb" - 1
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.browser.version.last" - "52.0"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.coId" - "504d2f96fc68495ebc3dd2f775bb6129"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.firstKnownVersion" - "7.700.10.55228"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.homepage" - "hxxp://hp.myway.com/easypdfcombine/s19888/index.html?coId=504d2f96fc68495ebc3dd2f775bb6129&subId=CKukvdTo59ICFQcQ0wodAZEAFg&ln=cs&n=783977a7&ptb=603FFF03-3202-4747-837E-144A0D9520A7&st&p2=%5EBSB%5Exdm095%5ES19888%5Ecz&si=CKukvdTo59ICFQcQ0wodAZEAFg"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.hp.enabled" - false
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.hp.guardType" - "HPR"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.initialized" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installType" - "XPI"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.dlpCountryCode" - "CZ"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.installDate" - "2017032103"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.partnerId" - "^BSB^xdm095^S19888^cz"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.partnerSubId" - "CKukvdTo59ICFQcQ0wodAZEAFg"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.pixelUrl" - "hxxp://www.easypdfcombine.com/install_pixels.j ... 4A0D9520A7"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.success" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.toolbarDataSource" - "[\"COOKIE\",\"COOKIE\",\"LOCAL_STORAGE\"]"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.toolbarId" - "603FFF03-3202-4747-837E-144A0D9520A7"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.lastActivePing" - "1491055098581"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.lastKnownVersion" - "7.700.10.55228"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.lssState" - "{\"previousLocales\":[\"cs\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supportedLocale\":\"en\",\"previousLocale\":\"en\"}"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.options.defaultSearch" - false
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.options.homePageEnabled" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.options.keywordEnabled" - false
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.options.tabEnabled" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.partnerPixelFired" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.language" - "cs"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.newTabURL" - "hxxp://hp.myway.com/easypdfcombine/s19888/index.html?p2=${partnerID}&n=${installDateHex}&ptb=${toolbarID}&si=${partnerSubID}"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.type" - "ToolTab"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.successUrl" - "hxxp://www.easypdfcombine.com/installComplete.jhtml"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.toolbarCollapsed" - false
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.uninstallSurveyUrl" - "hxxp://easypdfcombine.dl.myway.com/uninstall.jhtml?surveyUrl=hxxp%3A%2F%2Fwww.research.net%2Fr%2FHYSCVNM%3Fc%3D<!--toolbarID-->%26ptb%3D<!--partnerID-->"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.uninstallTasks" - "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._ceMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\Jenda\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqh2u10h.default\\\\EasyPDFCombine_ce\\\\603FFF03-3202-4747-837E-144A0D9520A7.sqlite\",\"C:\\\\Users\\\\Jenda\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqh2u10h.default\\\\EasyPDFCombine_ce\"]}"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark.hp.enabled" - false
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark.lastInstalled" - "easypdfcombine@mindspark.com"
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2276 Bajty] - [21/02/2017 13:33:12]
C:\AdwCleaner\AdwCleaner[C2].txt - [1801 Bajty] - [23/02/2017 19:21:00]
C:\AdwCleaner\AdwCleaner[C3].txt - [11970 Bajty] - [15/05/2017 20:58:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [1394 Bajty] - [30/01/2017 21:21:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [2308 Bajty] - [21/02/2017 13:32:00]
C:\AdwCleaner\AdwCleaner[S2].txt - [2047 Bajty] - [23/02/2017 19:16:55]
C:\AdwCleaner\AdwCleaner[S3].txt - [12902 Bajty] - [15/05/2017 20:53:52]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [12337 Bajty] ##########
# AdwCleaner v6.046 - Log vytvořen 15/05/2017 v 20:58:53
# Aktualizováno dne 24/04/2017 z Malwarebytes
# Databáze : 2017-04-24.1 [Místní]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Jenda - JENDA-PC
# Spuštěno z : C:\Users\Jenda\Desktop\Stahování net\adwcleaner_6.046.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Jenda\AppData\Local\Standuck
[-] Složka smazána: C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\EasyPDFCombine_ce
[-] Složka smazána: C:\Program Files (x86)\Standuck
[-] Složka smazána: C:\Program Files (x86)\Dceried Host
[-] Složka smazána: C:\Users\Jenda\AppData\Roaming\Firefox
[-] Složka smazána: C:\Users\Jenda\AppData\Local\Firefox
***** [ Soubory ] *****
[-] Soubor smazán: C:\END
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[-] Zástupce vyléčen: C:\Users\Jenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\Jenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce vyléčen: C:\Users\Jenda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce vyléčen: C:\Users\Jenda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: Dceried Host
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Standucksc
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Standucksc
[-] Klíč smazán: HKU\.DEFAULT\Software\ecb`nl
[-] Klíč smazán: HKU\S-1-5-21-358467729-2002928426-4039490616-1000\Software\Standuck
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ecb`nl
[#] Klíč smazán po restartu: HKCU\Software\Standuck
[-] Klíč smazán: HKLM\SOFTWARE\ecb`nl
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\Standuck
[-] Klíč smazán: HKLM\SOFTWARE\msServer
[-] Klíč smazán: HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Standuck
[-] Klíč smazán: [x64] HKLM\SOFTWARE\ecb`nl
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
***** [ Prohlížeče ] *****
[-] Firefox předvolby vyčištěny:
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.BUTTON_STRUCTURE" - "[{\"b\":223772299,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":223772300,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0\"},{\"b\":223772302,\"c\":\"mindspark.full\",\"p\":\"L.0.1\"},{\"b\":223772306,\"c\":\"mindspark.imagesearch\",\"p\":\"L.0.2\"},{\"b\":223772309,\"c\":\"mindspark.advanced\",\"p\":\"L.0.3\"},{\"b\":223772312,\"c\":\"mindspark.directorysearch\",\"p\":\"L.0.4\"},{\"b\":223772253,\"c\":\"mindspark.search\",\"p\":\"L.1\"},{\"b\":225376993,\"c\":\"mindspark.easypdfcombine\",\"p\":\"L.2\"},{\"b\":223772257,\"c\":\"mindspark.sharefiles\",\"p\":\"L.3\"},{\"b\":223772258,\"c\":\"mindspark.shareviaemail\",\"p\":\"L.3.0\"},{\"b\":223772259,\"c\":\"mindspark.wetransfer\",\"p\":\"L.3.0.0\"},{\"b\":223772260,\"c\":\"mindspark.sendspace\",\"p\":\"L.3.0.1\"},{\"b\":223772261,\"c\":\"mindspark.mailbigfile\",\"p\":\"L.3.0.2\"},{\"b\":223772262,\"c\":\"mindspark.transferbigfiles\",\"p\":\"L.3.0.3\"},{\"b\":223772263,\"c\":\"mindspark.dropsend\",\"p\":\"L.3.0.4\"},{\"b\":223772264,\"c\":\"mindspark.shareviaurl\",\"p\":\"L.3.1\"},{\"b\":223772265,\"c\":\"mindspark.dropcanvas\",\"p\":\"L.3.1.0\"},{\"b\":223772266,\"c\":\"mindspark.gett\",\"p\":\"L.3.1.1\"},{\"b\":223772267,\"c\":\"mindspark.droplr\",\"p\":\"L.3.1.2\"},{\"b\":223772268,\"c\":\"mindspark.senduit\",\"p\":\"L.3.1.3\"},{\"b\":223772269,\"c\":\"mindspark.wikisend\",\"p\":\"L.3.1.4\"},{\"b\":223772270,\"c\":\"mindspark.filedropper\",\"p\":\"L.3.1.5\"},{\"b\":223772271,\"c\":\"mindspark.files\",\"p\":\"L.3.1.6\"},{\"b\":223772272,\"c\":\"mindspark.fileconvoy\",\"p\":\"L.3.1.7\"},{\"b\":223772275,\"c\":\"mindspark.webfilehost\",\"p\":\"L.3.1.8\"},{\"b\":223772276,\"c\":\"mindspark.createslideshow\",\"p\":\"L.3.2\"},{\"b\":223772277,\"c\":\"mindspark.convertfiles\",\"p\":\"L.4\"},{\"b\":223772278,\"c\":\"mindspark.languagetools\",\"p\":\"L.5\"},{\"b\":223772279,\"c\":\"mindspark.dictionary\",\"p\":\"L.5.0\"},{\"b\":223772280,\"c\":\"mindspark.thesaurus\",\"p\":\"L.5.1\"},{\"b\":223772281,\"c\":\"mindspark.reference\",\"p\":\"L.5.2\"},{\"b\":223772282,\"c\":\"mindspark.translate\",\"p\":\"L.5.3\"},{\"b\":223772283,\"c\":\"mindspark.weather\",\"v\":\"1.2.2\",\"p\":\"L.6\"},{\"b\":224441925,\"c\":\"mindspark.facebook\",\"p\":\"L.7\"},{\"b\":230546746,\"c\":\"mindspark.radio\",\"v\":\"1.1.3\",\"p\":\"L.8\"},{\"b\":223772316,\"c\":\"mindspark.wrench\",\"p\":\"R.0\"}]"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.browser.startup.homepage.savedPrev" - "true"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.browser.startup.homepage.tb" - "hxxp://hp.myway.com/easypdfcombine/s19888/index.html?coId=504d2f96fc68495ebc3dd2f775bb6129&subId=CKukvdTo59ICFQcQ0wodAZEAFg&ln=cs&n=783977a7&ptb=603FFF03-3202-4747-837E-144A0D9520A7&st&p2=%5EBSB%5Exdm095%5ES19888%5Ecz&si=CKukvdTo59ICFQcQ0wodAZEAFg"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.browser.startup.page.savedPrev" - 1
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.browser.startup.page.tb" - 1
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.browser.version.last" - "52.0"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.coId" - "504d2f96fc68495ebc3dd2f775bb6129"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.firstKnownVersion" - "7.700.10.55228"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.homepage" - "hxxp://hp.myway.com/easypdfcombine/s19888/index.html?coId=504d2f96fc68495ebc3dd2f775bb6129&subId=CKukvdTo59ICFQcQ0wodAZEAFg&ln=cs&n=783977a7&ptb=603FFF03-3202-4747-837E-144A0D9520A7&st&p2=%5EBSB%5Exdm095%5ES19888%5Ecz&si=CKukvdTo59ICFQcQ0wodAZEAFg"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.hp.enabled" - false
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.hp.guardType" - "HPR"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.initialized" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installType" - "XPI"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.dlpCountryCode" - "CZ"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.installDate" - "2017032103"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.partnerId" - "^BSB^xdm095^S19888^cz"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.partnerSubId" - "CKukvdTo59ICFQcQ0wodAZEAFg"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.pixelUrl" - "hxxp://www.easypdfcombine.com/install_pixels.j ... 4A0D9520A7"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.success" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.toolbarDataSource" - "[\"COOKIE\",\"COOKIE\",\"LOCAL_STORAGE\"]"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.installation.toolbarId" - "603FFF03-3202-4747-837E-144A0D9520A7"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.lastActivePing" - "1491055098581"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.lastKnownVersion" - "7.700.10.55228"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.lssState" - "{\"previousLocales\":[\"cs\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supportedLocale\":\"en\",\"previousLocale\":\"en\"}"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.options.defaultSearch" - false
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.options.homePageEnabled" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.options.keywordEnabled" - false
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.options.tabEnabled" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.partnerPixelFired" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.language" - "cs"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.newTabURL" - "hxxp://hp.myway.com/easypdfcombine/s19888/index.html?p2=${partnerID}&n=${installDateHex}&ptb=${toolbarID}&si=${partnerSubID}"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.type" - "ToolTab"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.successUrl" - "hxxp://www.easypdfcombine.com/installComplete.jhtml"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.toolbarCollapsed" - false
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.uninstallSurveyUrl" - "hxxp://easypdfcombine.dl.myway.com/uninstall.jhtml?surveyUrl=hxxp%3A%2F%2Fwww.research.net%2Fr%2FHYSCVNM%3Fc%3D<!--toolbarID-->%26ptb%3D<!--partnerID-->"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._ceMembers_.uninstallTasks" - "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._ceMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\Jenda\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqh2u10h.default\\\\EasyPDFCombine_ce\\\\603FFF03-3202-4747-837E-144A0D9520A7.sqlite\",\"C:\\\\Users\\\\Jenda\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqh2u10h.default\\\\EasyPDFCombine_ce\"]}"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark.hp.enabled" - false
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark.lastInstalled" - "easypdfcombine@mindspark.com"
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2276 Bajty] - [21/02/2017 13:33:12]
C:\AdwCleaner\AdwCleaner[C2].txt - [1801 Bajty] - [23/02/2017 19:21:00]
C:\AdwCleaner\AdwCleaner[C3].txt - [11970 Bajty] - [15/05/2017 20:58:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [1394 Bajty] - [30/01/2017 21:21:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [2308 Bajty] - [21/02/2017 13:32:00]
C:\AdwCleaner\AdwCleaner[S2].txt - [2047 Bajty] - [23/02/2017 19:16:55]
C:\AdwCleaner\AdwCleaner[S3].txt - [12902 Bajty] - [15/05/2017 20:53:52]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [12337 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 118283
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím kontrolu logu
Teď je to OK. Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím kontrolu logu
Logfile of random's system information tool 1.16 (written by random/random)
Run by Jenda at 2017-05-16 12:20:09
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 321 GB (67%) free of 477 GB
Total RAM: 4095 MB (60% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:11, on 16.5.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18666)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe
C:\Program Files\trend micro\Jenda_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7900 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
C:\Program Files\AVAST Software\Avast\AvastUI.exe
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f516cdf0-574a-401a-8243-007b4b4f55e3 -SystemEventPortName:HostProcess-7c1bf44c-ab30-4ab2-a676-fd1042c0f090 -IoCancelEventPortName:HostProcess-ba1c5203-b20c-4987-9bb9-5f0fbe63c820 -NonStateChangingEventPortName:HostProcess-1d630418-48d5-4735-853c-dd640a576f19 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:bee42fb0-01c0-4fd9-9255-22fca8aca8f2
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="2524.0.850863591\1970576895" "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 2524 "\\.\pipe\gecko-crash-server-pipe.2524" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe" --proxy-stub-channel=Flash4688.6AB04898.20803 --host-broker-channel=Flash4688.6AB04898.20162 --host-pid=4688 --host-npapi-version=29 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe" --channel=2856.0030F67C.1271848725 --proxy-stub-channel=Flash4688.6AB04898.20803 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll" --host-npapi-version=29 --type=renderer
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Jenda\Desktop\Stahování net\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1489857064 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\{1B87ECA6-E1BE-404C-8765-A0AECF172B12} - "c:\program files (x86)\mozilla firefox\firefox.exe" https://ui.skype.com/ui/0/7.33.0.104/cs ... rogressBar
C:\Windows\system32\tasks\{982235FF-F8F3-440C-BDD2-C0B96F14A2A2} - C:\Windows\system32\pcalua.exe -a "C:\Users\Jenda\Desktop\Stahování net\FacebookGameroom(1).exe" -d "C:\Users\Jenda\Desktop\Stahování net"
C:\Windows\system32\tasks\{9FFF15B6-5C60-405F-B790-7B2FF5D0C7F4} - C:\Windows\system32\pcalua.exe -a "C:\Users\Jenda\Desktop\Stahování net\mctitan_launcher.exe" -d "C:\Users\Jenda\Desktop\Stahování net"
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-358467729-2002928426-4039490616-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate /silent /autoclose /background
C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe" /immunize /silent /autoclose
C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe" /scan /cleanclose
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\EOSNotify - %windir%\system32\EOSNotify.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Mozilla firefox=========
ProfilePath - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/?clid=22668"
prefs.js - "keyword.URL" - "http://search.seznam.cz/?sourceid=quick ... earchTerms}&"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.131.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\
foxmarks@kei.com
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\searchplugins\
seznam-avast.xml
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\addons.json
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b}
Xmarks Sync - extension - foxmarks@kei.com
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions.json
Xmarks - extension - foxmarks@kei.com - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\foxmarks@kei.com
Avast Passwords - extension - jid1-r1tDuNiNb4SEww@jetpack - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi
Avast Online Security - webextension - wrc@avast.com - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\wrc@avast.com.xpi
Avast SafePrice - webextension - sp@avast.com - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\sp@avast.com.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b} - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\pluginreg.dat
Plugin - Shockwave Flash - 25.0.0.171 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
=========Google Chrome=========
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}]
"URL"=http://search.seznam.cz/?sourceid=quick ... earchTerms}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-01 895528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-04 473152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-01 773920]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-04 186944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-05-08 213824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-06-10 8810200]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-02-07 4701888]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2017-04-26 3019552]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BingSvc]
C:\Users\Jenda\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05 144008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2016-06-10 8810200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-06 11057768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-05-04 27716568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15 587288]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15 587288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4ED33EDA-F36B-11E6-AEE4-64006A5CFC23}"=C:\Users\Jenda\AppData\Roaming\Jipelegernise\Plindomfenuph.dll []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
====== List of files/folders created in the last 1 month ======
2017-05-16 12:13:54 ----D---- C:\ProgramData\SWCUTemp
2017-05-15 11:07:57 ----D---- C:\rsit
2017-05-15 11:07:57 ----D---- C:\Program Files\trend micro
2017-05-10 21:05:18 ----A---- C:\Windows\system32\mshtml.dll
2017-05-10 21:05:16 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-05-10 21:05:15 ----A---- C:\Windows\system32\ieframe.dll
2017-05-10 21:05:14 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-05-10 21:05:13 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-05-10 21:05:13 ----A---- C:\Windows\system32\jscript9.dll
2017-05-10 21:05:12 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-05-10 21:05:12 ----A---- C:\Windows\system32\wininet.dll
2017-05-10 21:05:12 ----A---- C:\Windows\system32\iertutil.dll
2017-05-10 21:05:12 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-05-10 21:05:11 ----A---- C:\Windows\system32\win32k.sys
2017-05-10 21:05:11 ----A---- C:\Windows\system32\urlmon.dll
2017-05-10 21:05:11 ----A---- C:\Windows\system32\ole32.dll
2017-05-10 21:05:11 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-05-10 21:05:10 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-05-10 21:05:10 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-05-10 21:05:09 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-05-10 21:05:09 ----A---- C:\Windows\system32\crypt32.dll
2017-05-10 21:05:09 ----A---- C:\Windows\system32\advapi32.dll
2017-05-10 21:05:08 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-05-10 21:05:08 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-05-10 21:05:08 ----A---- C:\Windows\system32\oleaut32.dll
2017-05-10 21:05:08 ----A---- C:\Windows\system32\drivers\srv.sys
2017-05-10 21:05:07 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2017-05-10 21:05:07 ----A---- C:\Windows\system32\pla.dll
2017-05-10 21:05:07 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-05-10 21:05:07 ----A---- C:\Windows\system32\drivers\afd.sys
2017-05-10 21:05:06 ----A---- C:\Windows\SYSWOW64\pla.dll
2017-05-10 21:05:06 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2017-05-10 21:05:06 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-05-10 21:05:06 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-05-10 21:05:06 ----A---- C:\Windows\system32\rpcss.dll
2017-05-10 21:05:06 ----A---- C:\Windows\system32\pdh.dll
2017-05-10 21:05:06 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-05-10 21:05:06 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-05-10 21:05:06 ----A---- C:\Windows\system32\drivers\netio.sys
2017-05-10 21:05:06 ----A---- C:\Windows\system32\drivers\fastfat.sys
2017-05-10 21:05:06 ----A---- C:\Windows\system32\drivers\exfat.sys
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\pdh.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\vbscript.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\ntdll.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-10 21:05:05 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\msfeeds.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\jscript.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\iedkcs32.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\drivers\tdx.sys
2017-05-10 21:05:05 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-05-10 21:05:05 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-05-10 21:05:05 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2017-05-10 21:05:04 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-05-10 21:05:04 ----A---- C:\Windows\SYSWOW64\oleres.dll
2017-05-10 21:05:04 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-05-10 21:05:04 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-05-10 21:05:04 ----A---- C:\Windows\system32\oleres.dll
2017-05-10 21:05:04 ----A---- C:\Windows\system32\gdi32.dll
2017-05-10 21:05:04 ----A---- C:\Windows\system32\dxtrans.dll
2017-05-10 21:05:04 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\comcat.dll
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\webcheck.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\rpcrt4.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\plasrv.exe
2017-05-10 21:05:03 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\mshtmled.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\lsasrv.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\kerberos.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\ieapfltr.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\ie4uinit.exe
2017-05-10 21:05:03 ----A---- C:\Windows\system32\comcat.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\certcli.dll
2017-05-10 21:05:02 ----A---- C:\Windows\system32\smss.exe
2017-05-10 21:05:02 ----A---- C:\Windows\system32\ieui.dll
2017-05-10 21:05:02 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-05-10 21:05:02 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-05-10 21:05:01 ----A---- C:\Windows\system32\schannel.dll
2017-05-10 21:05:01 ----A---- C:\Windows\system32\kernel32.dll
2017-05-10 21:05:01 ----A---- C:\Windows\system32\dxtmsft.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wow64win.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wow64cpu.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wow64.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wintrust.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\winsrv.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wdigest.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\TSpkg.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\sspisrv.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\sspicli.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\srcore.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\srclient.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\rpchttp.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\occache.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\ncrypt.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\msv1_0.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\msrating.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\lsass.exe
2017-05-10 21:05:00 ----A---- C:\Windows\system32\KernelBase.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\jsproxy.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\jscript9diag.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\inseng.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\ieUnatt.exe
2017-05-10 21:05:00 ----A---- C:\Windows\system32\iesetup.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\iernonce.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-05-10 21:05:00 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-05-10 21:05:00 ----A---- C:\Windows\system32\csrsrv.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\cryptsvc.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\cryptnet.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\conhost.exe
2017-05-10 21:05:00 ----A---- C:\Windows\system32\cdosys.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\bcrypt.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\user.exe
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\tzres.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\secur32.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\rstrui.exe
2017-05-10 21:04:59 ----A---- C:\Windows\system32\ntvdm64.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\drivers\appid.sys
2017-05-10 21:04:59 ----A---- C:\Windows\system32\cryptbase.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\credssp.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\cdd.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\auditpol.exe
2017-05-10 21:04:59 ----A---- C:\Windows\system32\appidsvc.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 21:04:59 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 21:04:59 ----A---- C:\Windows\system32\appidapi.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\apisetschema.dll
2017-05-10 21:04:58 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-05-10 21:04:58 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-05-10 21:04:58 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-05-10 21:04:58 ----A---- C:\Windows\system32\msobjs.dll
2017-05-10 21:04:58 ----A---- C:\Windows\system32\msaudite.dll
2017-05-10 21:04:58 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-05-10 21:04:58 ----A---- C:\Windows\system32\adtschema.dll
2017-05-08 09:26:26 ----A---- C:\Windows\system32\aswBoot.exe
2017-04-30 15:38:12 ----D---- C:\Program Files (x86)\Rake Multiplayer
2017-04-22 16:51:34 ----D---- C:\Program Files (x86)\Microsoft WSE
2017-04-22 16:44:18 ----D---- C:\Program Files (x86)\Electronic Arts
2017-04-22 15:11:01 ----D---- C:\Program Files (x86)\Origin Games
2017-04-18 16:19:51 ----D---- C:\Users\Jenda\AppData\Roaming\Origin
2017-04-18 16:17:16 ----D---- C:\ProgramData\Origin
2017-04-18 16:17:16 ----D---- C:\ProgramData\Electronic Arts
2017-04-18 16:17:07 ----D---- C:\Program Files (x86)\Origin
2017-04-17 15:46:26 ----D---- C:\Program Files (x86)\Nexon
====== List of files/folders modified in the last 1 month ======
2017-05-16 12:17:55 ----D---- C:\Windows\Temp
2017-05-16 12:13:54 ----HD---- C:\ProgramData
2017-05-16 12:13:35 ----D---- C:\Program Files (x86)\Steam
2017-05-15 21:12:17 ----D---- C:\Windows\system32\config
2017-05-15 21:06:24 ----D---- C:\Windows\Prefetch
2017-05-15 20:58:53 ----D---- C:\AdwCleaner
2017-05-15 20:58:44 ----D---- C:\Windows\system32\Tasks
2017-05-15 20:56:20 ----RD---- C:\Program Files (x86)
2017-05-15 20:44:21 ----D---- C:\Program Files (x86)\FastShare
2017-05-15 20:40:43 ----D---- C:\Users\Jenda\AppData\Roaming\vlc
2017-05-15 20:36:08 ----D---- C:\Windows\System32
2017-05-15 20:36:08 ----D---- C:\Windows\inf
2017-05-15 20:36:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-05-15 11:07:57 ----RD---- C:\Program Files
2017-05-13 16:44:56 ----D---- C:\Windows\system32\drivers
2017-05-11 18:28:04 ----D---- C:\Windows\rescache
2017-05-11 13:42:02 ----D---- C:\Windows\Microsoft.NET
2017-05-11 13:41:16 ----RSD---- C:\Windows\assembly
2017-05-11 13:27:31 ----D---- C:\Windows\winsxs
2017-05-11 13:24:34 ----D---- C:\Program Files\Internet Explorer
2017-05-11 13:24:33 ----D---- C:\Windows\SYSWOW64\migration
2017-05-11 13:24:33 ----D---- C:\Windows\SYSWOW64\en-US
2017-05-11 13:24:33 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-05-11 13:24:32 ----D---- C:\Windows\SysWOW64
2017-05-11 13:24:30 ----D---- C:\Windows\system32\migration
2017-05-11 13:24:30 ----D---- C:\Windows\system32\cs-CZ
2017-05-11 13:24:30 ----D---- C:\Windows\PolicyDefinitions
2017-05-11 13:24:29 ----D---- C:\Windows\system32\en-US
2017-05-11 13:24:26 ----D---- C:\Windows\AppPatch
2017-05-11 13:24:26 ----D---- C:\Program Files (x86)\Internet Explorer
2017-05-11 13:24:24 ----D---- C:\Windows\system32\Boot
2017-05-11 07:32:16 ----SHD---- C:\System Volume Information
2017-05-11 07:31:42 ----SHD---- C:\Windows\Installer
2017-05-11 07:31:42 ----D---- C:\ProgramData\Skype
2017-05-11 07:31:39 ----RD---- C:\Program Files (x86)\Skype
2017-05-11 07:31:39 ----D---- C:\Program Files (x86)\Common Files
2017-05-10 22:33:34 ----D---- C:\Windows\system32\catroot2
2017-05-10 22:33:17 ----D---- C:\Windows\system32\MRT
2017-05-10 21:07:23 ----D---- C:\Windows\debug
2017-05-10 21:07:13 ----AC---- C:\Windows\system32\MRT.exe
2017-05-09 18:47:19 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-05-09 18:47:17 ----D---- C:\Windows\system32\Macromed
2017-05-09 18:47:14 ----D---- C:\Windows\SYSWOW64\Macromed
2017-05-08 09:54:30 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-05-08 09:47:25 ----D---- C:\Windows
2017-05-04 19:54:03 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2017-05-04 19:53:42 ----D---- C:\Program Files (x86)\Java
2017-05-04 19:13:28 ----D---- C:\Users\Jenda\AppData\Roaming\uTorrent
2017-05-04 19:13:28 ----D---- C:\Users\Jenda\AppData\Roaming\DAEMON Tools Lite
2017-05-04 19:10:25 ----D---- C:\Windows\Logs
2017-05-02 20:15:38 ----D---- C:\Windows\system32\NDF
2017-04-30 16:15:14 ----D---- C:\Users\Jenda\AppData\Roaming\.minecraft
2017-04-30 15:25:49 ----D---- C:\Users\Jenda\AppData\Roaming\Skype
2017-04-23 16:46:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-05-08 190256]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-05-08 334576]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-05-08 49016]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-05-08 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-05-08 339696]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-05-08 311808]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-05-08 32600]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2017-05-08 507928]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-05-08 101152]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-05-08 1007160]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-05-08 569192]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-05-08 128648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-05-12 158880]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-10 6368256]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-10 188416]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2017-04-11 29432]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-03-01 104976]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2017-02-16 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2017-02-16 47672]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-06 2419176]
R3 lvpepf64;Volume Adapter; C:\Windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V64.SYS [2008-07-26 2624408]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 aswHdsKe;aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [2017-02-01 82936]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-05-08 38296]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2012-04-13 75016]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-05-08 263304]
R2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-05-08 310496]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\cscsvc.dll
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-05-08 7346208]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-02-07 1471168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 Origin Web Helper Service;Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2017-04-18 3115928]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-04-05 317400]
S3 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-02-10 202752]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-04-16 116224]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2017-04-18 2146704]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll" = %SystemRoot%\system32\peerdistsvc.dll
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-04-26 1590048]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\storsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-01-28 1255736]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09 271864]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Run by Jenda at 2017-05-16 12:20:09
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 321 GB (67%) free of 477 GB
Total RAM: 4095 MB (60% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:11, on 16.5.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18666)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe
C:\Program Files\trend micro\Jenda_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7900 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
C:\Program Files\AVAST Software\Avast\AvastUI.exe
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f516cdf0-574a-401a-8243-007b4b4f55e3 -SystemEventPortName:HostProcess-7c1bf44c-ab30-4ab2-a676-fd1042c0f090 -IoCancelEventPortName:HostProcess-ba1c5203-b20c-4987-9bb9-5f0fbe63c820 -NonStateChangingEventPortName:HostProcess-1d630418-48d5-4735-853c-dd640a576f19 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:bee42fb0-01c0-4fd9-9255-22fca8aca8f2
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="2524.0.850863591\1970576895" "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 2524 "\\.\pipe\gecko-crash-server-pipe.2524" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe" --proxy-stub-channel=Flash4688.6AB04898.20803 --host-broker-channel=Flash4688.6AB04898.20162 --host-pid=4688 --host-npapi-version=29 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe" --channel=2856.0030F67C.1271848725 --proxy-stub-channel=Flash4688.6AB04898.20803 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll" --host-npapi-version=29 --type=renderer
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Jenda\Desktop\Stahování net\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1489857064 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\{1B87ECA6-E1BE-404C-8765-A0AECF172B12} - "c:\program files (x86)\mozilla firefox\firefox.exe" https://ui.skype.com/ui/0/7.33.0.104/cs ... rogressBar
C:\Windows\system32\tasks\{982235FF-F8F3-440C-BDD2-C0B96F14A2A2} - C:\Windows\system32\pcalua.exe -a "C:\Users\Jenda\Desktop\Stahování net\FacebookGameroom(1).exe" -d "C:\Users\Jenda\Desktop\Stahování net"
C:\Windows\system32\tasks\{9FFF15B6-5C60-405F-B790-7B2FF5D0C7F4} - C:\Windows\system32\pcalua.exe -a "C:\Users\Jenda\Desktop\Stahování net\mctitan_launcher.exe" -d "C:\Users\Jenda\Desktop\Stahování net"
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-358467729-2002928426-4039490616-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate /silent /autoclose /background
C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe" /immunize /silent /autoclose
C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe" /scan /cleanclose
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\EOSNotify - %windir%\system32\EOSNotify.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Mozilla firefox=========
ProfilePath - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/?clid=22668"
prefs.js - "keyword.URL" - "http://search.seznam.cz/?sourceid=quick ... earchTerms}&"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.131.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\
foxmarks@kei.com
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\searchplugins\
seznam-avast.xml
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\addons.json
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b}
Xmarks Sync - extension - foxmarks@kei.com
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions.json
Xmarks - extension - foxmarks@kei.com - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\foxmarks@kei.com
Avast Passwords - extension - jid1-r1tDuNiNb4SEww@jetpack - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi
Avast Online Security - webextension - wrc@avast.com - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\wrc@avast.com.xpi
Avast SafePrice - webextension - sp@avast.com - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\sp@avast.com.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b} - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default\pluginreg.dat
Plugin - Shockwave Flash - 25.0.0.171 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
=========Google Chrome=========
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}]
"URL"=http://search.seznam.cz/?sourceid=quick ... earchTerms}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-01 895528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-04 473152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-01 773920]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-04 186944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-05-08 213824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-06-10 8810200]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-02-07 4701888]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2017-04-26 3019552]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BingSvc]
C:\Users\Jenda\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05 144008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2016-06-10 8810200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-06 11057768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-05-04 27716568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15 587288]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15 587288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4ED33EDA-F36B-11E6-AEE4-64006A5CFC23}"=C:\Users\Jenda\AppData\Roaming\Jipelegernise\Plindomfenuph.dll []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
====== List of files/folders created in the last 1 month ======
2017-05-16 12:13:54 ----D---- C:\ProgramData\SWCUTemp
2017-05-15 11:07:57 ----D---- C:\rsit
2017-05-15 11:07:57 ----D---- C:\Program Files\trend micro
2017-05-10 21:05:18 ----A---- C:\Windows\system32\mshtml.dll
2017-05-10 21:05:16 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-05-10 21:05:15 ----A---- C:\Windows\system32\ieframe.dll
2017-05-10 21:05:14 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-05-10 21:05:13 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-05-10 21:05:13 ----A---- C:\Windows\system32\jscript9.dll
2017-05-10 21:05:12 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-05-10 21:05:12 ----A---- C:\Windows\system32\wininet.dll
2017-05-10 21:05:12 ----A---- C:\Windows\system32\iertutil.dll
2017-05-10 21:05:12 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-05-10 21:05:11 ----A---- C:\Windows\system32\win32k.sys
2017-05-10 21:05:11 ----A---- C:\Windows\system32\urlmon.dll
2017-05-10 21:05:11 ----A---- C:\Windows\system32\ole32.dll
2017-05-10 21:05:11 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-05-10 21:05:10 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-05-10 21:05:10 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-05-10 21:05:09 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-05-10 21:05:09 ----A---- C:\Windows\system32\crypt32.dll
2017-05-10 21:05:09 ----A---- C:\Windows\system32\advapi32.dll
2017-05-10 21:05:08 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-05-10 21:05:08 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-05-10 21:05:08 ----A---- C:\Windows\system32\oleaut32.dll
2017-05-10 21:05:08 ----A---- C:\Windows\system32\drivers\srv.sys
2017-05-10 21:05:07 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2017-05-10 21:05:07 ----A---- C:\Windows\system32\pla.dll
2017-05-10 21:05:07 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-05-10 21:05:07 ----A---- C:\Windows\system32\drivers\afd.sys
2017-05-10 21:05:06 ----A---- C:\Windows\SYSWOW64\pla.dll
2017-05-10 21:05:06 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2017-05-10 21:05:06 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-05-10 21:05:06 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-05-10 21:05:06 ----A---- C:\Windows\system32\rpcss.dll
2017-05-10 21:05:06 ----A---- C:\Windows\system32\pdh.dll
2017-05-10 21:05:06 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-05-10 21:05:06 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-05-10 21:05:06 ----A---- C:\Windows\system32\drivers\netio.sys
2017-05-10 21:05:06 ----A---- C:\Windows\system32\drivers\fastfat.sys
2017-05-10 21:05:06 ----A---- C:\Windows\system32\drivers\exfat.sys
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\pdh.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-05-10 21:05:05 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\vbscript.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\ntdll.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-10 21:05:05 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\msfeeds.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\jscript.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\iedkcs32.dll
2017-05-10 21:05:05 ----A---- C:\Windows\system32\drivers\tdx.sys
2017-05-10 21:05:05 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-05-10 21:05:05 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-05-10 21:05:05 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2017-05-10 21:05:04 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-05-10 21:05:04 ----A---- C:\Windows\SYSWOW64\oleres.dll
2017-05-10 21:05:04 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-05-10 21:05:04 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-05-10 21:05:04 ----A---- C:\Windows\system32\oleres.dll
2017-05-10 21:05:04 ----A---- C:\Windows\system32\gdi32.dll
2017-05-10 21:05:04 ----A---- C:\Windows\system32\dxtrans.dll
2017-05-10 21:05:04 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\comcat.dll
2017-05-10 21:05:03 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\webcheck.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\rpcrt4.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\plasrv.exe
2017-05-10 21:05:03 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\mshtmled.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\lsasrv.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\kerberos.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\ieapfltr.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\ie4uinit.exe
2017-05-10 21:05:03 ----A---- C:\Windows\system32\comcat.dll
2017-05-10 21:05:03 ----A---- C:\Windows\system32\certcli.dll
2017-05-10 21:05:02 ----A---- C:\Windows\system32\smss.exe
2017-05-10 21:05:02 ----A---- C:\Windows\system32\ieui.dll
2017-05-10 21:05:02 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-05-10 21:05:02 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-05-10 21:05:01 ----A---- C:\Windows\system32\schannel.dll
2017-05-10 21:05:01 ----A---- C:\Windows\system32\kernel32.dll
2017-05-10 21:05:01 ----A---- C:\Windows\system32\dxtmsft.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-05-10 21:05:00 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wow64win.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wow64cpu.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wow64.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wintrust.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\winsrv.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\wdigest.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\TSpkg.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\sspisrv.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\sspicli.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\srcore.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\srclient.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\rpchttp.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\occache.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\ncrypt.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\msv1_0.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\msrating.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\lsass.exe
2017-05-10 21:05:00 ----A---- C:\Windows\system32\KernelBase.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\jsproxy.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\jscript9diag.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\inseng.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\ieUnatt.exe
2017-05-10 21:05:00 ----A---- C:\Windows\system32\iesetup.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\iernonce.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-05-10 21:05:00 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-05-10 21:05:00 ----A---- C:\Windows\system32\csrsrv.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\cryptsvc.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\cryptnet.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\conhost.exe
2017-05-10 21:05:00 ----A---- C:\Windows\system32\cdosys.dll
2017-05-10 21:05:00 ----A---- C:\Windows\system32\bcrypt.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 21:04:59 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\user.exe
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-05-10 21:04:59 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\tzres.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\secur32.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\rstrui.exe
2017-05-10 21:04:59 ----A---- C:\Windows\system32\ntvdm64.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\drivers\appid.sys
2017-05-10 21:04:59 ----A---- C:\Windows\system32\cryptbase.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\credssp.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\cdd.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\auditpol.exe
2017-05-10 21:04:59 ----A---- C:\Windows\system32\appidsvc.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 21:04:59 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 21:04:59 ----A---- C:\Windows\system32\appidapi.dll
2017-05-10 21:04:59 ----A---- C:\Windows\system32\apisetschema.dll
2017-05-10 21:04:58 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-05-10 21:04:58 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-05-10 21:04:58 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-05-10 21:04:58 ----A---- C:\Windows\system32\msobjs.dll
2017-05-10 21:04:58 ----A---- C:\Windows\system32\msaudite.dll
2017-05-10 21:04:58 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-05-10 21:04:58 ----A---- C:\Windows\system32\adtschema.dll
2017-05-08 09:26:26 ----A---- C:\Windows\system32\aswBoot.exe
2017-04-30 15:38:12 ----D---- C:\Program Files (x86)\Rake Multiplayer
2017-04-22 16:51:34 ----D---- C:\Program Files (x86)\Microsoft WSE
2017-04-22 16:44:18 ----D---- C:\Program Files (x86)\Electronic Arts
2017-04-22 15:11:01 ----D---- C:\Program Files (x86)\Origin Games
2017-04-18 16:19:51 ----D---- C:\Users\Jenda\AppData\Roaming\Origin
2017-04-18 16:17:16 ----D---- C:\ProgramData\Origin
2017-04-18 16:17:16 ----D---- C:\ProgramData\Electronic Arts
2017-04-18 16:17:07 ----D---- C:\Program Files (x86)\Origin
2017-04-17 15:46:26 ----D---- C:\Program Files (x86)\Nexon
====== List of files/folders modified in the last 1 month ======
2017-05-16 12:17:55 ----D---- C:\Windows\Temp
2017-05-16 12:13:54 ----HD---- C:\ProgramData
2017-05-16 12:13:35 ----D---- C:\Program Files (x86)\Steam
2017-05-15 21:12:17 ----D---- C:\Windows\system32\config
2017-05-15 21:06:24 ----D---- C:\Windows\Prefetch
2017-05-15 20:58:53 ----D---- C:\AdwCleaner
2017-05-15 20:58:44 ----D---- C:\Windows\system32\Tasks
2017-05-15 20:56:20 ----RD---- C:\Program Files (x86)
2017-05-15 20:44:21 ----D---- C:\Program Files (x86)\FastShare
2017-05-15 20:40:43 ----D---- C:\Users\Jenda\AppData\Roaming\vlc
2017-05-15 20:36:08 ----D---- C:\Windows\System32
2017-05-15 20:36:08 ----D---- C:\Windows\inf
2017-05-15 20:36:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-05-15 11:07:57 ----RD---- C:\Program Files
2017-05-13 16:44:56 ----D---- C:\Windows\system32\drivers
2017-05-11 18:28:04 ----D---- C:\Windows\rescache
2017-05-11 13:42:02 ----D---- C:\Windows\Microsoft.NET
2017-05-11 13:41:16 ----RSD---- C:\Windows\assembly
2017-05-11 13:27:31 ----D---- C:\Windows\winsxs
2017-05-11 13:24:34 ----D---- C:\Program Files\Internet Explorer
2017-05-11 13:24:33 ----D---- C:\Windows\SYSWOW64\migration
2017-05-11 13:24:33 ----D---- C:\Windows\SYSWOW64\en-US
2017-05-11 13:24:33 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-05-11 13:24:32 ----D---- C:\Windows\SysWOW64
2017-05-11 13:24:30 ----D---- C:\Windows\system32\migration
2017-05-11 13:24:30 ----D---- C:\Windows\system32\cs-CZ
2017-05-11 13:24:30 ----D---- C:\Windows\PolicyDefinitions
2017-05-11 13:24:29 ----D---- C:\Windows\system32\en-US
2017-05-11 13:24:26 ----D---- C:\Windows\AppPatch
2017-05-11 13:24:26 ----D---- C:\Program Files (x86)\Internet Explorer
2017-05-11 13:24:24 ----D---- C:\Windows\system32\Boot
2017-05-11 07:32:16 ----SHD---- C:\System Volume Information
2017-05-11 07:31:42 ----SHD---- C:\Windows\Installer
2017-05-11 07:31:42 ----D---- C:\ProgramData\Skype
2017-05-11 07:31:39 ----RD---- C:\Program Files (x86)\Skype
2017-05-11 07:31:39 ----D---- C:\Program Files (x86)\Common Files
2017-05-10 22:33:34 ----D---- C:\Windows\system32\catroot2
2017-05-10 22:33:17 ----D---- C:\Windows\system32\MRT
2017-05-10 21:07:23 ----D---- C:\Windows\debug
2017-05-10 21:07:13 ----AC---- C:\Windows\system32\MRT.exe
2017-05-09 18:47:19 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-05-09 18:47:17 ----D---- C:\Windows\system32\Macromed
2017-05-09 18:47:14 ----D---- C:\Windows\SYSWOW64\Macromed
2017-05-08 09:54:30 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-05-08 09:47:25 ----D---- C:\Windows
2017-05-04 19:54:03 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2017-05-04 19:53:42 ----D---- C:\Program Files (x86)\Java
2017-05-04 19:13:28 ----D---- C:\Users\Jenda\AppData\Roaming\uTorrent
2017-05-04 19:13:28 ----D---- C:\Users\Jenda\AppData\Roaming\DAEMON Tools Lite
2017-05-04 19:10:25 ----D---- C:\Windows\Logs
2017-05-02 20:15:38 ----D---- C:\Windows\system32\NDF
2017-04-30 16:15:14 ----D---- C:\Users\Jenda\AppData\Roaming\.minecraft
2017-04-30 15:25:49 ----D---- C:\Users\Jenda\AppData\Roaming\Skype
2017-04-23 16:46:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-05-08 190256]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-05-08 334576]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-05-08 49016]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-05-08 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-05-08 339696]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-05-08 311808]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-05-08 32600]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2017-05-08 507928]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-05-08 101152]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-05-08 1007160]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-05-08 569192]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-05-08 128648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-05-12 158880]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-10 6368256]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-10 188416]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2017-04-11 29432]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-03-01 104976]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2017-02-16 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2017-02-16 47672]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-06 2419176]
R3 lvpepf64;Volume Adapter; C:\Windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V64.SYS [2008-07-26 2624408]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 aswHdsKe;aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [2017-02-01 82936]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-05-08 38296]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2012-04-13 75016]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-05-08 263304]
R2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-05-08 310496]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\cscsvc.dll
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-05-08 7346208]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-02-07 1471168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 Origin Web Helper Service;Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2017-04-18 3115928]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-04-05 317400]
S3 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-02-10 202752]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-04-16 116224]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2017-04-18 2146704]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll" = %SystemRoot%\system32\peerdistsvc.dll
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-04-26 1590048]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\storsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-01-28 1255736]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09 271864]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 118283
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím kontrolu logu
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:files
C:\Users\Jenda\AppData\Local\Microsoft\BingSvc
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]/64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BingSvc]/64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]/64
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím kontrolu logu
All processes killed
========== FILES ==========
C:\Users\Jenda\AppData\Local\Microsoft\BingSvc folder moved successfully.
========== REGISTRY ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BingSvc\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jenda
->Temp folder emptied: 13056119 bytes
->Temporary Internet Files folder emptied: 4784727 bytes
->FireFox cache emptied: 181481323 bytes
->Flash cache emptied: 1033 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 186529811 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 262 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 728 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 262 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 368,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Jenda
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 05182017_073620
Files moved on Reboot...
C:\Users\Jenda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jenda\AppData\Local\Temp\~DFF059892E72930CBD.TMP moved successfully.
C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170125152651.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170125152655.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170125154906.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170125154907.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170201172510.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170201172511.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170201172519.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170201175008.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170201175010.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170204085517.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170204085536.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170204090235.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170204090236.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170222130544.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170222130545.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170222130551.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170222171300.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170222171301.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170224174255.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170224174302.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170224181016.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170310173900.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170310173902.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170318181055.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170318181104.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170319183420.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170319183421.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170330132146.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170330132150.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170330132218.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170401134209.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170401134217.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170411122043.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170411122119.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170508092805.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170508092806.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170508092811.log scheduled to be moved on reboot.
C:\Windows\temp\avast_ash2\Mozilla Firefox\download.ini moved successfully.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
Registry entries deleted on Reboot...
========== FILES ==========
C:\Users\Jenda\AppData\Local\Microsoft\BingSvc folder moved successfully.
========== REGISTRY ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BingSvc\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jenda
->Temp folder emptied: 13056119 bytes
->Temporary Internet Files folder emptied: 4784727 bytes
->FireFox cache emptied: 181481323 bytes
->Flash cache emptied: 1033 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 186529811 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 262 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 728 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 262 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 368,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Jenda
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 05182017_073620
Files moved on Reboot...
C:\Users\Jenda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jenda\AppData\Local\Temp\~DFF059892E72930CBD.TMP moved successfully.
C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170125152651.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170125152655.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170125154906.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170125154907.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170201172510.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170201172511.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170201172519.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170201175008.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170201175010.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170204085517.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170204085536.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170204090235.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170204090236.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170222130544.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170222130545.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170222130551.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170222171300.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170222171301.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170224174255.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170224174302.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170224181016.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170310173900.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170310173902.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170318181055.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170318181104.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170319183420.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170319183421.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170330132146.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170330132150.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170330132218.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170401134209.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170401134217.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170411122043.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170411122119.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170508092805.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170508092806.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170508092811.log scheduled to be moved on reboot.
C:\Windows\temp\avast_ash2\Mozilla Firefox\download.ini moved successfully.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
Registry entries deleted on Reboot...
-
Rudy
- Site Admin
- Příspěvky: 118283
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím kontrolu logu
OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím kontrolu logu
Pc pracuje lépe.Nevím proč po startu se prohlížeč spouští stále pomalu?Může to být třeba síťovou kartou?Jinak jsem moc spokojen.Díky za Váš čas a pomoc
-
Rudy
- Site Admin
- Příspěvky: 118283
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím kontrolu logu
Můžeme ještě zkusit prohlížeče vyčistit. Spusťte následující utility:
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím kontrolu logu
Přikládám ten druhý log.Nevím jak ten první program má běžet dlouho ale po cca. dvou hodinách se tvářil že nepracuje?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64
Ran by Jenda (Administrator) on źt 25.05.2017 at 10:45:39,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 8
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22BSSLV0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XW4D44F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRKDJDLY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNXNJHR8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22BSSLV0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XW4D44F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRKDJDLY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNXNJHR8 (Temporary Internet Files Folder)
Registry: 4
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 25.05.2017 at 10:47:44,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64
Ran by Jenda (Administrator) on źt 25.05.2017 at 10:45:39,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 8
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22BSSLV0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XW4D44F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRKDJDLY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNXNJHR8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22BSSLV0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XW4D44F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRKDJDLY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNXNJHR8 (Temporary Internet Files Folder)
Registry: 4
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 25.05.2017 at 10:47:44,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64
Ran by Jenda (Administrator) on źt 25.05.2017 at 10:45:39,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 8
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22BSSLV0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XW4D44F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRKDJDLY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNXNJHR8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22BSSLV0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XW4D44F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRKDJDLY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNXNJHR8 (Temporary Internet Files Folder)
Registry: 4
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 25.05.2017 at 10:47:44,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64
Ran by Jenda (Administrator) on źt 25.05.2017 at 10:45:39,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 8
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22BSSLV0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XW4D44F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRKDJDLY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNXNJHR8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22BSSLV0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XW4D44F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRKDJDLY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNXNJHR8 (Temporary Internet Files Folder)
Registry: 4
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 25.05.2017 at 10:47:44,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Rudy
- Site Admin
- Příspěvky: 118283
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím kontrolu logu
Junkware něco smazal. Zoek zkuste spustit v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím kontrolu logu
Zkusil jsem to v nouzáku a chová se to stejně.Běželo to do 11h,pak jsem to utnul.Přikládám obrázek stavu:
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Jenda on p 26.05.2017 at 9:34:07,93.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Safe Mode MINIMAL No Internet Access Detected
Launched: C:\Users\Jenda\Desktop\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 9:35:14,76 =====
--- Create Environment Variables 9:35:15,43
--- Checking Input 9:35:19,58
--- Reset Hosts File 9:35:26,32
--- AU AppData Check 9:35:26,53
--- Remove From Windows Installer 9:35:28,17
--- Empty Folders Check 9:35:54,54
--- Registry HKLM Software Check 9:35:54,55
--- Quick Launch Shortcut Check 9:36:03,01
--- IE Startpage Check 9:36:04,19
--- Program Files DB Check 9:36:11,23
--- C:\Users\Default\AppData\Roaming DB Check 9:36:44,08
--- C:\Users\Default User\AppData\Roaming DB Check 9:36:44,08
--- C:\Users\Jenda\AppData\Roaming DB Check 9:36:44,08
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 9:36:44,08
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 9:36:44,08
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 9:36:44,08
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 9:36:44,08
--- C:\Users\Jenda DB Check 9:38:19,24
--- C:\PROGRA~3 DB Check 9:38:31,41
--- C:\Users\Default\AppData\Local DB Check 9:38:34,02
--- C:\Users\Default User\AppData\Local DB Check 9:38:34,02
--- C:\Users\Jenda\AppData\Local DB Check 9:38:34,02
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 9:38:34,02
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 9:38:34,02
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 9:38:34,02
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 9:38:34,02
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 9:39:38,65
--- C:\Users\Jenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 9:39:45,56
--- Tasks DB Check 9:39:50,02
--- Downloads DB Check 9:39:52,78
--- C:\Users\Jenda\AppData\LocalLow DB Check 9:39:55,65
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 9:39:55,65
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 9:39:55,65
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 9:39:55,65
--- Tasks2 DB Check 9:40:23,34
--- Documents DB Check 9:40:44,84
--- C:\Users\Jenda\AppData\Roaming\Profiles\Stacity.default DB Check 9:40:50,02
--- C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default DB Check 9:40:50,02
--- C:\Users\Public\Desktop DB Check 9:40:53,23
--- C:\Users\Jenda\Desktop DB Check 9:40:56,80
--- Services DB Check 9:41:01,93
--- FF prefs.js DB Check 9:41:13,51
--- Emptyclsid 9:42:04,18
--- Del by CLSID 9:42:05,15
--- Delete Services 9:42:19,19
--- Firefox Fix 9:42:21,70
--- Delete files\folders 9:42:23,74
--- Create Backups 9:42:23,79
--- Firefox Extensions 9:42:24,96
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Jenda on p 26.05.2017 at 9:34:07,93.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Safe Mode MINIMAL No Internet Access Detected
Launched: C:\Users\Jenda\Desktop\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 9:35:14,76 =====
--- Create Environment Variables 9:35:15,43
--- Checking Input 9:35:19,58
--- Reset Hosts File 9:35:26,32
--- AU AppData Check 9:35:26,53
--- Remove From Windows Installer 9:35:28,17
--- Empty Folders Check 9:35:54,54
--- Registry HKLM Software Check 9:35:54,55
--- Quick Launch Shortcut Check 9:36:03,01
--- IE Startpage Check 9:36:04,19
--- Program Files DB Check 9:36:11,23
--- C:\Users\Default\AppData\Roaming DB Check 9:36:44,08
--- C:\Users\Default User\AppData\Roaming DB Check 9:36:44,08
--- C:\Users\Jenda\AppData\Roaming DB Check 9:36:44,08
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 9:36:44,08
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 9:36:44,08
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 9:36:44,08
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 9:36:44,08
--- C:\Users\Jenda DB Check 9:38:19,24
--- C:\PROGRA~3 DB Check 9:38:31,41
--- C:\Users\Default\AppData\Local DB Check 9:38:34,02
--- C:\Users\Default User\AppData\Local DB Check 9:38:34,02
--- C:\Users\Jenda\AppData\Local DB Check 9:38:34,02
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 9:38:34,02
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 9:38:34,02
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 9:38:34,02
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 9:38:34,02
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 9:39:38,65
--- C:\Users\Jenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 9:39:45,56
--- Tasks DB Check 9:39:50,02
--- Downloads DB Check 9:39:52,78
--- C:\Users\Jenda\AppData\LocalLow DB Check 9:39:55,65
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 9:39:55,65
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 9:39:55,65
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 9:39:55,65
--- Tasks2 DB Check 9:40:23,34
--- Documents DB Check 9:40:44,84
--- C:\Users\Jenda\AppData\Roaming\Profiles\Stacity.default DB Check 9:40:50,02
--- C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\bqh2u10h.default DB Check 9:40:50,02
--- C:\Users\Public\Desktop DB Check 9:40:53,23
--- C:\Users\Jenda\Desktop DB Check 9:40:56,80
--- Services DB Check 9:41:01,93
--- FF prefs.js DB Check 9:41:13,51
--- Emptyclsid 9:42:04,18
--- Del by CLSID 9:42:05,15
--- Delete Services 9:42:19,19
--- Firefox Fix 9:42:21,70
--- Delete files\folders 9:42:23,74
--- Create Backups 9:42:23,79
--- Firefox Extensions 9:42:24,96
Přispějete na provoz fóra?