Prosím o kontrolu logu HJT
Napsal: 29 zář 2018 20:57
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:40:09, on 29.9.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.19104)
Boot mode: Normal
Running processes:
C:\Users\Hačís\AppData\Roaming\wj2bqs25opr\3kwpybu5np4.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\Hačís\AppData\Roaming\wow3hira2wg\dwkk13lllcn.exe
C:\Users\Hačís\AppData\Roaming\4eqkwtq5byl\agxgx01mpdu.exe
C:\Users\Hačís\AppData\Roaming\ldflgbpnfdu\c3l4h34wbwg.exe
C:\Users\Hačís\AppData\Roaming\22mxecvpjl5\otjd35vvh2y.exe
C:\Users\HAS~1\AppData\Local\Temp\is-A6B5E.tmp\3kwpybu5np4.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-M1BGE.tmp\dwkk13lllcn.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-HQ7NE.tmp\agxgx01mpdu.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-EJ86L.tmp\c3l4h34wbwg.tmp
C:\Users\Hačís\AppData\Roaming\zywez53rmgy\byjczbvn2za.exe
C:\Users\HAS~1\AppData\Local\Temp\is-2PORQ.tmp\otjd35vvh2y.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-TR1AJ.tmp\byjczbvn2za.tmp
C:\Users\Hačís\AppData\Roaming\aqdu3wnpf4z\jargzdiop3j.exe
C:\Users\Hačís\AppData\Roaming\f1a11uuevi4\4h03emokrpp.exe
C:\Users\HAS~1\AppData\Local\Temp\is-BB2E4.tmp\4h03emokrpp.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-NTMHA.tmp\jargzdiop3j.tmp
C:\Users\Hačís\AppData\Roaming\lprqgv2eica\dq4lynszizl.exe
C:\Users\Hačís\AppData\Roaming\rar3a24r3eo\jxhd3yqy1x5.exe
C:\Users\Hačís\AppData\Roaming\gnnzspdulls\vubzpxkrt3l.exe
C:\Users\HAS~1\AppData\Local\Temp\is-Q37J1.tmp\jxhd3yqy1x5.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-9GPV5.tmp\dq4lynszizl.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-NMTQN.tmp\vubzpxkrt3l.tmp
C:\Users\Hačís\AppData\Roaming\np5iak5homj\j2zb2suetzz.exe
C:\Users\Hačís\AppData\Roaming\okoapnjjegc\q2retlbexst.exe
C:\Users\Hačís\AppData\Roaming\smstnl4t1xt\2ui5bkkhlya.exe
C:\Users\HAS~1\AppData\Local\Temp\is-T17SA.tmp\q2retlbexst.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-T17S9.tmp\j2zb2suetzz.tmp
C:\Users\Hačís\AppData\Roaming\wuyfuwi44yu\degvujbs54v.exe
C:\Users\HAS~1\AppData\Local\Temp\is-76170.tmp\2ui5bkkhlya.tmp
C:\Users\Hačís\AppData\Roaming\osrhd1xyczz\ii1fkud45xz.exe
C:\Users\Hačís\AppData\Roaming\lijia2u2as3\1gj4h34b4ph.exe
C:\Users\HAS~1\AppData\Local\Temp\is-1CULO.tmp\degvujbs54v.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-9SN7U.tmp\ii1fkud45xz.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-4PNEM.tmp\1gj4h34b4ph.tmp
C:\Users\Hačís\AppData\Roaming\tfnjc2nuxqe\mpa0gnijhsd.exe
C:\Users\Hačís\AppData\Roaming\14a5ops3r2f\ma205vx0xyv.exe
C:\Users\Hačís\AppData\Roaming\tiod5uanl5r\2oqla4nhvjl.exe
C:\Users\HAS~1\AppData\Local\Temp\is-E8E1C.tmp\ma205vx0xyv.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-0PTU0.tmp\mpa0gnijhsd.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-99MG6.tmp\2oqla4nhvjl.tmp
C:\Users\Hačís\AppData\Roaming\rfey3c0k32z\buol3he0sbz.exe
C:\Users\Hačís\AppData\Roaming\0gxeyae45l1\2c1y0k50uqf.exe
C:\Users\HAS~1\AppData\Local\Temp\is-IMS2O.tmp\buol3he0sbz.tmp
C:\Users\Hačís\AppData\Roaming\xibjq0rh1na\zrxotk3hggo.exe
C:\Users\Hačís\AppData\Roaming\etjzn1nrftw\rgubkz4yaff.exe
C:\Users\Hačís\AppData\Roaming\ch4vifxsxp0\mkvdpgugikr.exe
C:\Users\Hačís\AppData\Roaming\vw51xgv3143\zc4bd1205qy.exe
C:\Users\HAS~1\AppData\Local\Temp\is-OJ0K9.tmp\2c1y0k50uqf.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-12P6F.tmp\zrxotk3hggo.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-EH99S.tmp\mkvdpgugikr.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-FD5A2.tmp\rgubkz4yaff.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-PGDKL.tmp\zc4bd1205qy.tmp
C:\Users\Hačís\AppData\Roaming\egkvyuirmvt\zzcnv20a3n5.exe
C:\Users\Hačís\AppData\Roaming\byoccsr5awv\ghyufv5nogy.exe
C:\Users\Hačís\AppData\Roaming\la2vlm5mouk\k0slbfbhidd.exe
C:\Users\Hačís\AppData\Roaming\k4e0qdqdsxf\gftnhwudq0d.exe
C:\Users\HAS~1\AppData\Local\Temp\is-EQ4IB.tmp\zzcnv20a3n5.tmp
C:\Users\Hačís\AppData\Roaming\1rmxxtuxnj4\esfvl5phyh0.exe
C:\Users\HAS~1\AppData\Local\Temp\is-QGSL9.tmp\ghyufv5nogy.tmp
C:\Users\Hačís\AppData\Roaming\qubn023ut11\p4kixzox3al.exe
C:\Users\HAS~1\AppData\Local\Temp\is-CAOPO.tmp\k0slbfbhidd.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-MFI4F.tmp\gftnhwudq0d.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-4PU82.tmp\esfvl5phyh0.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-U3EME.tmp\p4kixzox3al.tmp
C:\Users\Hačís\AppData\Roaming\ccxld2btr4f\ekjzm0agjhx.exe
C:\Users\Hačís\AppData\Roaming\chdk4rn0p2g\5lyiimev0qg.exe
C:\Users\HAS~1\AppData\Local\Temp\is-KV4CB.tmp\5lyiimev0qg.tmp
C:\Users\Hačís\AppData\Roaming\aiqxdp2j2ye\lknjtfw1y5m.exe
C:\Users\HAS~1\AppData\Local\Temp\is-QR8TT.tmp\ekjzm0agjhx.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-QVH5U.tmp\lknjtfw1y5m.tmp
C:\Users\Hačís\AppData\Roaming\g2hgrrek4tl\sxoo2ypj33i.exe
C:\Users\HAS~1\AppData\Local\Temp\is-RUF6E.tmp\sxoo2ypj33i.tmp
C:\Users\Hačís\AppData\Roaming\pqjhlyaij4p\u13lizqbymf.exe
C:\Users\Hačís\AppData\Roaming\04dd3opwinq\eqtlwh34o35.exe
C:\Users\HAS~1\AppData\Local\Temp\is-QCGE7.tmp\u13lizqbymf.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-5BKP0.tmp\eqtlwh34o35.tmp
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
C:\Users\Hačís\Downloads\HijackThis.exe
C:\Users\Hačís\AppData\Roaming\Microsoft\Windows\twjhfwub\ugcuhgag.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://%66%65%65%64.%73%6F%6E%69%63-%7 ... DRsLlec&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://%66%65%65%64.%73%6F%6E%69%63-%7 ... DRsLlec&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://%66%65%65%64.%73%6F%6E%69%63-%7 ... DRsLlec&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://%66%65%65%64.%68%65%6C%70%65%72 ... uBtpeGviuZ
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://%66%65%65%64.%73%6F%6E%69%63-%7 ... DRsLlec&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [ShutdownTime] "C:\Program Files (x86)\ShutdownTime\ShutdownTime.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [5f805e177fa7c673482c92c255460b67] "C:\Users\Hačís\AppData\Roaming\System.exe" ..
O4 - HKCU\..\Run: [XTTXX6LA4HJPA4Q] "C:\Program Files (x86)\ShutdownTime\6A1H4.exe"
O4 - HKCU\..\Run: [II8S4NI9JJ3AIVZ] "C:\Program Files (x86)\ShutdownTime\IF2ME.exe"
O4 - HKCU\..\Run: [8060012] "C:\Users\Hačís\AppData\Roaming\wj2bqs25opr\3kwpybu5np4.exe" /VERYSILENT
O4 - HKCU\..\Run: [5240118] "C:\Users\Hačís\AppData\Roaming\wow3hira2wg\dwkk13lllcn.exe" /VERYSILENT
O4 - HKCU\..\Run: [6943433] "C:\Users\Hačís\AppData\Roaming\4eqkwtq5byl\agxgx01mpdu.exe" /VERYSILENT
O4 - HKCU\..\Run: [9897167] "C:\Users\Hačís\AppData\Roaming\ldflgbpnfdu\c3l4h34wbwg.exe" /VERYSILENT
O4 - HKCU\..\Run: [7589979] "C:\Users\Hačís\AppData\Roaming\22mxecvpjl5\otjd35vvh2y.exe" /VERYSILENT
O4 - HKCU\..\Run: [3963462] "C:\Users\Hačís\AppData\Roaming\zywez53rmgy\byjczbvn2za.exe" /VERYSILENT
O4 - HKCU\..\Run: [5007112] "C:\Users\Hačís\AppData\Roaming\aqdu3wnpf4z\jargzdiop3j.exe" /VERYSILENT
O4 - HKCU\..\Run: [3303797] "C:\Users\Hačís\AppData\Roaming\f1a11uuevi4\4h03emokrpp.exe" /VERYSILENT
O4 - HKCU\..\Run: [YC3TRU68KHJIS95] "C:\Program Files\DK3WBD3U4Y\DK3WBD3U4.exe"
O4 - HKCU\..\Run: [A1A8ZTC9JDB0SKC] "C:\Program Files\TA5HT94J2A\TA5HT94J2.exe"
O4 - HKCU\..\Run: [8KJ32QZHMMHO7L1] "C:\Program Files\LJIVWPKYWC\LJIVWPKYW.exe"
O4 - HKCU\..\Run: [Z05B5JP4VFT5BI1] "C:\Program Files\D8G6CYSFYQ\D8G6CYSFY.exe"
O4 - HKCU\..\Run: [Blogger] C:\ProgramData\Blogger\Blogger.exe //ppiytddrexxdxd2232f
O4 - HKCU\..\Run: [01WLFIL8ZSYHPB1] "C:\Program Files\381PFGVE4O\381PFGVE4.exe"
O4 - HKCU\..\Run: [9OGJ30GMX2D5K1U] "C:\Program Files\5DRRLOPU8F\5DRRLOPU8.exe"
O4 - HKCU\..\Run: [7SJ9BJRGQQJQV7X] "C:\Program Files\YS07W6DPYF\YS07W6DPY.exe"
O4 - HKCU\..\Run: [4939421] "C:\Users\Hačís\AppData\Roaming\lprqgv2eica\dq4lynszizl.exe" /VERYSILENT
O4 - HKCU\..\Run: [2084152] "C:\Users\Hačís\AppData\Roaming\rar3a24r3eo\jxhd3yqy1x5.exe" /VERYSILENT
O4 - HKCU\..\Run: [5211822] "C:\Users\Hačís\AppData\Roaming\gnnzspdulls\vubzpxkrt3l.exe" /VERYSILENT
O4 - HKCU\..\Run: [JMXRB4DKNI8GQ6I] "C:\Program Files\D9M89IOTK1\455VHOMX8.exe"
O4 - HKCU\..\Run: [A5P649OA3FA3SPA] "C:\Program Files\Y607QCR3I7\2RP96HV95.exe"
O4 - HKCU\..\Run: [5703178] "C:\Users\Hačís\AppData\Roaming\np5iak5homj\j2zb2suetzz.exe" /VERYSILENT
O4 - HKCU\..\Run: [6261137] "C:\Users\Hačís\AppData\Roaming\okoapnjjegc\q2retlbexst.exe" /VERYSILENT
O4 - HKCU\..\Run: [8903116] "C:\Users\Hačís\AppData\Roaming\smstnl4t1xt\2ui5bkkhlya.exe" /VERYSILENT
O4 - HKCU\..\Run: [7PLEIRO4LZH3S34] "C:\Program Files\0FKE11MGDC\0FKE11MGD.exe"
O4 - HKCU\..\Run: [WAALEC7AYZHEQ02] "C:\Program Files\RYCUU6Y6T9\RYCUU6Y6T.exe"
O4 - HKCU\..\Run: [3470802] "C:\Users\Hačís\AppData\Roaming\wuyfuwi44yu\degvujbs54v.exe" /VERYSILENT
O4 - HKCU\..\Run: [4074675] "C:\Users\Hačís\AppData\Roaming\osrhd1xyczz\ii1fkud45xz.exe" /VERYSILENT
O4 - HKCU\..\Run: [6877431] "C:\Users\Hačís\AppData\Roaming\lijia2u2as3\1gj4h34b4ph.exe" /VERYSILENT
O4 - HKCU\..\Run: [4ZDLHGY3NNKZ3XV] "C:\Program Files\MW2GK8ELNH\MW2GK8ELN.exe"
O4 - HKCU\..\Run: [YEUS8KOMI7MPEQD] "C:\Program Files\SIGNBOMHWV\EV6065NWT.exe"
O4 - HKCU\..\Run: [7607259] "C:\Users\Hačís\AppData\Roaming\tfnjc2nuxqe\mpa0gnijhsd.exe" /VERYSILENT
O4 - HKCU\..\Run: [1804738] "C:\Users\Hačís\AppData\Roaming\14a5ops3r2f\ma205vx0xyv.exe" /VERYSILENT
O4 - HKCU\..\Run: [8138903] "C:\Users\Hačís\AppData\Roaming\tiod5uanl5r\2oqla4nhvjl.exe" /VERYSILENT
O4 - HKCU\..\Run: [UOCIJ6EAD88HQTU] "C:\Program Files\AZS0V8FQ24\AZS0V8FQ2.exe"
O4 - HKCU\..\Run: [2SCZXC0WO8HT84N] "C:\Program Files\WHLQY8ZWK5\555OLPUBI.exe"
O4 - HKCU\..\Run: [1995196] "C:\Users\Hačís\AppData\Roaming\rfey3c0k32z\buol3he0sbz.exe" /VERYSILENT
O4 - HKCU\..\Run: [1141880] "C:\Users\Hačís\AppData\Roaming\0gxeyae45l1\2c1y0k50uqf.exe" /VERYSILENT
O4 - HKCU\..\Run: [4962049] "C:\Users\Hačís\AppData\Roaming\xibjq0rh1na\zrxotk3hggo.exe" /VERYSILENT
O4 - HKCU\..\Run: [4850465] "C:\Users\Hačís\AppData\Roaming\etjzn1nrftw\rgubkz4yaff.exe" /VERYSILENT
O4 - HKCU\..\Run: [2651582] "C:\Users\Hačís\AppData\Roaming\ch4vifxsxp0\mkvdpgugikr.exe" /VERYSILENT
O4 - HKCU\..\Run: [6921366] "C:\Users\Hačís\AppData\Roaming\vw51xgv3143\zc4bd1205qy.exe" /VERYSILENT
O4 - HKCU\..\Run: [DCRHUXOV72COGZF] "C:\Program Files\E9CW6J3WN8\4NPQMIFXL.exe"
O4 - HKCU\..\Run: [Q7AAJI0ZL6KIEL7] "C:\Program Files\KJB1IH1TDI\WH0SB6JBM.exe"
O4 - HKCU\..\Run: [3XGPRI60K3C0EXE] "C:\Program Files\0KGYV2KFM2\7QU3QDSQV.exe"
O4 - HKCU\..\Run: [XBYWJMWJFMEPPQW] "C:\Program Files\MD3QVWRBY7\7QU3QDSQV.exe"
O4 - HKCU\..\Run: [8769610] "C:\Users\Hačís\AppData\Roaming\egkvyuirmvt\zzcnv20a3n5.exe" /VERYSILENT
O4 - HKCU\..\Run: [7506111] "C:\Users\Hačís\AppData\Roaming\byoccsr5awv\ghyufv5nogy.exe" /VERYSILENT
O4 - HKCU\..\Run: [9462071] "C:\Users\Hačís\AppData\Roaming\la2vlm5mouk\k0slbfbhidd.exe" /VERYSILENT
O4 - HKCU\..\Run: [4375124] "C:\Users\Hačís\AppData\Roaming\k4e0qdqdsxf\gftnhwudq0d.exe" /VERYSILENT
O4 - HKCU\..\Run: [9429314] "C:\Users\Hačís\AppData\Roaming\1rmxxtuxnj4\esfvl5phyh0.exe" /VERYSILENT
O4 - HKCU\..\Run: [4375163] "C:\Users\Hačís\AppData\Roaming\qubn023ut11\p4kixzox3al.exe" /VERYSILENT
O4 - HKCU\..\Run: [LES1BGEFSIWE9HV] "C:\Program Files\DJ15TYZDVN\BJ8E07T2D.exe"
O4 - HKCU\..\Run: [YMK7RLGCHX0GVTD] "C:\Program Files\62JCB056T6\62JCB056T.exe"
O4 - HKCU\..\Run: [PI3VZREG5OGDIEZ] "C:\Program Files\D67YA31PNM\D67YA31PN.exe"
O4 - HKCU\..\Run: [2892094] "C:\Users\Hačís\AppData\Roaming\ccxld2btr4f\ekjzm0agjhx.exe" /VERYSILENT
O4 - HKCU\..\Run: [4926956] "C:\Users\Hačís\AppData\Roaming\chdk4rn0p2g\5lyiimev0qg.exe" /VERYSILENT
O4 - HKCU\..\Run: [1FLAVS2R23ASU64] "C:\Program Files\PJ15H6JWF1\8T89OP18E.exe"
O4 - HKCU\..\Run: [8101868] "C:\Users\Hačís\AppData\Roaming\aiqxdp2j2ye\lknjtfw1y5m.exe" /VERYSILENT
O4 - HKCU\..\Run: [OXE1XSMXK343Y5S] "C:\Program Files\L66VGE4VML\LBLHTK4I4.exe"
O4 - HKCU\..\Run: [6398553] "C:\Users\Hačís\AppData\Roaming\g2hgrrek4tl\sxoo2ypj33i.exe" /VERYSILENT
O4 - HKCU\..\Run: [BRS28KQXZLL0QPD] "C:\Program Files\UAN8886QZT\LBLHTK4I4.exe"
O4 - HKCU\..\Run: [1554451] "C:\Users\Hačís\AppData\Roaming\pqjhlyaij4p\u13lizqbymf.exe" /VERYSILENT
O4 - HKCU\..\Run: [514589] "C:\Users\Hačís\AppData\Roaming\04dd3opwinq\eqtlwh34o35.exe" /VERYSILENT
O4 - HKCU\..\Run: [I928Z44UW94OVV5] "C:\Program Files\YBGEECP6W3\YBGEECP6W.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: 5f805e177fa7c673482c92c255460b67.exe
O4 - Startup: Poslat do aplikace OneNote.lnk = C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
O4 - Startup: twjhfwub.lnk
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Background Logic Handler (backlh) - Unknown owner - C:\ProgramData\Logic Cramble\set.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CRMSvc - Unknown owner - C:\Users\Hačís\AppData\Roaming\CRMSvc\CRMSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe (file missing)
--
End of file - 22993 bytes
Scan saved at 20:40:09, on 29.9.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.19104)
Boot mode: Normal
Running processes:
C:\Users\Hačís\AppData\Roaming\wj2bqs25opr\3kwpybu5np4.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\Hačís\AppData\Roaming\wow3hira2wg\dwkk13lllcn.exe
C:\Users\Hačís\AppData\Roaming\4eqkwtq5byl\agxgx01mpdu.exe
C:\Users\Hačís\AppData\Roaming\ldflgbpnfdu\c3l4h34wbwg.exe
C:\Users\Hačís\AppData\Roaming\22mxecvpjl5\otjd35vvh2y.exe
C:\Users\HAS~1\AppData\Local\Temp\is-A6B5E.tmp\3kwpybu5np4.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-M1BGE.tmp\dwkk13lllcn.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-HQ7NE.tmp\agxgx01mpdu.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-EJ86L.tmp\c3l4h34wbwg.tmp
C:\Users\Hačís\AppData\Roaming\zywez53rmgy\byjczbvn2za.exe
C:\Users\HAS~1\AppData\Local\Temp\is-2PORQ.tmp\otjd35vvh2y.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-TR1AJ.tmp\byjczbvn2za.tmp
C:\Users\Hačís\AppData\Roaming\aqdu3wnpf4z\jargzdiop3j.exe
C:\Users\Hačís\AppData\Roaming\f1a11uuevi4\4h03emokrpp.exe
C:\Users\HAS~1\AppData\Local\Temp\is-BB2E4.tmp\4h03emokrpp.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-NTMHA.tmp\jargzdiop3j.tmp
C:\Users\Hačís\AppData\Roaming\lprqgv2eica\dq4lynszizl.exe
C:\Users\Hačís\AppData\Roaming\rar3a24r3eo\jxhd3yqy1x5.exe
C:\Users\Hačís\AppData\Roaming\gnnzspdulls\vubzpxkrt3l.exe
C:\Users\HAS~1\AppData\Local\Temp\is-Q37J1.tmp\jxhd3yqy1x5.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-9GPV5.tmp\dq4lynszizl.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-NMTQN.tmp\vubzpxkrt3l.tmp
C:\Users\Hačís\AppData\Roaming\np5iak5homj\j2zb2suetzz.exe
C:\Users\Hačís\AppData\Roaming\okoapnjjegc\q2retlbexst.exe
C:\Users\Hačís\AppData\Roaming\smstnl4t1xt\2ui5bkkhlya.exe
C:\Users\HAS~1\AppData\Local\Temp\is-T17SA.tmp\q2retlbexst.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-T17S9.tmp\j2zb2suetzz.tmp
C:\Users\Hačís\AppData\Roaming\wuyfuwi44yu\degvujbs54v.exe
C:\Users\HAS~1\AppData\Local\Temp\is-76170.tmp\2ui5bkkhlya.tmp
C:\Users\Hačís\AppData\Roaming\osrhd1xyczz\ii1fkud45xz.exe
C:\Users\Hačís\AppData\Roaming\lijia2u2as3\1gj4h34b4ph.exe
C:\Users\HAS~1\AppData\Local\Temp\is-1CULO.tmp\degvujbs54v.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-9SN7U.tmp\ii1fkud45xz.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-4PNEM.tmp\1gj4h34b4ph.tmp
C:\Users\Hačís\AppData\Roaming\tfnjc2nuxqe\mpa0gnijhsd.exe
C:\Users\Hačís\AppData\Roaming\14a5ops3r2f\ma205vx0xyv.exe
C:\Users\Hačís\AppData\Roaming\tiod5uanl5r\2oqla4nhvjl.exe
C:\Users\HAS~1\AppData\Local\Temp\is-E8E1C.tmp\ma205vx0xyv.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-0PTU0.tmp\mpa0gnijhsd.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-99MG6.tmp\2oqla4nhvjl.tmp
C:\Users\Hačís\AppData\Roaming\rfey3c0k32z\buol3he0sbz.exe
C:\Users\Hačís\AppData\Roaming\0gxeyae45l1\2c1y0k50uqf.exe
C:\Users\HAS~1\AppData\Local\Temp\is-IMS2O.tmp\buol3he0sbz.tmp
C:\Users\Hačís\AppData\Roaming\xibjq0rh1na\zrxotk3hggo.exe
C:\Users\Hačís\AppData\Roaming\etjzn1nrftw\rgubkz4yaff.exe
C:\Users\Hačís\AppData\Roaming\ch4vifxsxp0\mkvdpgugikr.exe
C:\Users\Hačís\AppData\Roaming\vw51xgv3143\zc4bd1205qy.exe
C:\Users\HAS~1\AppData\Local\Temp\is-OJ0K9.tmp\2c1y0k50uqf.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-12P6F.tmp\zrxotk3hggo.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-EH99S.tmp\mkvdpgugikr.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-FD5A2.tmp\rgubkz4yaff.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-PGDKL.tmp\zc4bd1205qy.tmp
C:\Users\Hačís\AppData\Roaming\egkvyuirmvt\zzcnv20a3n5.exe
C:\Users\Hačís\AppData\Roaming\byoccsr5awv\ghyufv5nogy.exe
C:\Users\Hačís\AppData\Roaming\la2vlm5mouk\k0slbfbhidd.exe
C:\Users\Hačís\AppData\Roaming\k4e0qdqdsxf\gftnhwudq0d.exe
C:\Users\HAS~1\AppData\Local\Temp\is-EQ4IB.tmp\zzcnv20a3n5.tmp
C:\Users\Hačís\AppData\Roaming\1rmxxtuxnj4\esfvl5phyh0.exe
C:\Users\HAS~1\AppData\Local\Temp\is-QGSL9.tmp\ghyufv5nogy.tmp
C:\Users\Hačís\AppData\Roaming\qubn023ut11\p4kixzox3al.exe
C:\Users\HAS~1\AppData\Local\Temp\is-CAOPO.tmp\k0slbfbhidd.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-MFI4F.tmp\gftnhwudq0d.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-4PU82.tmp\esfvl5phyh0.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-U3EME.tmp\p4kixzox3al.tmp
C:\Users\Hačís\AppData\Roaming\ccxld2btr4f\ekjzm0agjhx.exe
C:\Users\Hačís\AppData\Roaming\chdk4rn0p2g\5lyiimev0qg.exe
C:\Users\HAS~1\AppData\Local\Temp\is-KV4CB.tmp\5lyiimev0qg.tmp
C:\Users\Hačís\AppData\Roaming\aiqxdp2j2ye\lknjtfw1y5m.exe
C:\Users\HAS~1\AppData\Local\Temp\is-QR8TT.tmp\ekjzm0agjhx.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-QVH5U.tmp\lknjtfw1y5m.tmp
C:\Users\Hačís\AppData\Roaming\g2hgrrek4tl\sxoo2ypj33i.exe
C:\Users\HAS~1\AppData\Local\Temp\is-RUF6E.tmp\sxoo2ypj33i.tmp
C:\Users\Hačís\AppData\Roaming\pqjhlyaij4p\u13lizqbymf.exe
C:\Users\Hačís\AppData\Roaming\04dd3opwinq\eqtlwh34o35.exe
C:\Users\HAS~1\AppData\Local\Temp\is-QCGE7.tmp\u13lizqbymf.tmp
C:\Users\HAS~1\AppData\Local\Temp\is-5BKP0.tmp\eqtlwh34o35.tmp
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
C:\Users\Hačís\Downloads\HijackThis.exe
C:\Users\Hačís\AppData\Roaming\Microsoft\Windows\twjhfwub\ugcuhgag.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://%66%65%65%64.%73%6F%6E%69%63-%7 ... DRsLlec&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://%66%65%65%64.%73%6F%6E%69%63-%7 ... DRsLlec&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://%66%65%65%64.%73%6F%6E%69%63-%7 ... DRsLlec&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://%66%65%65%64.%68%65%6C%70%65%72 ... uBtpeGviuZ
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://%66%65%65%64.%73%6F%6E%69%63-%7 ... DRsLlec&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [ShutdownTime] "C:\Program Files (x86)\ShutdownTime\ShutdownTime.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [5f805e177fa7c673482c92c255460b67] "C:\Users\Hačís\AppData\Roaming\System.exe" ..
O4 - HKCU\..\Run: [XTTXX6LA4HJPA4Q] "C:\Program Files (x86)\ShutdownTime\6A1H4.exe"
O4 - HKCU\..\Run: [II8S4NI9JJ3AIVZ] "C:\Program Files (x86)\ShutdownTime\IF2ME.exe"
O4 - HKCU\..\Run: [8060012] "C:\Users\Hačís\AppData\Roaming\wj2bqs25opr\3kwpybu5np4.exe" /VERYSILENT
O4 - HKCU\..\Run: [5240118] "C:\Users\Hačís\AppData\Roaming\wow3hira2wg\dwkk13lllcn.exe" /VERYSILENT
O4 - HKCU\..\Run: [6943433] "C:\Users\Hačís\AppData\Roaming\4eqkwtq5byl\agxgx01mpdu.exe" /VERYSILENT
O4 - HKCU\..\Run: [9897167] "C:\Users\Hačís\AppData\Roaming\ldflgbpnfdu\c3l4h34wbwg.exe" /VERYSILENT
O4 - HKCU\..\Run: [7589979] "C:\Users\Hačís\AppData\Roaming\22mxecvpjl5\otjd35vvh2y.exe" /VERYSILENT
O4 - HKCU\..\Run: [3963462] "C:\Users\Hačís\AppData\Roaming\zywez53rmgy\byjczbvn2za.exe" /VERYSILENT
O4 - HKCU\..\Run: [5007112] "C:\Users\Hačís\AppData\Roaming\aqdu3wnpf4z\jargzdiop3j.exe" /VERYSILENT
O4 - HKCU\..\Run: [3303797] "C:\Users\Hačís\AppData\Roaming\f1a11uuevi4\4h03emokrpp.exe" /VERYSILENT
O4 - HKCU\..\Run: [YC3TRU68KHJIS95] "C:\Program Files\DK3WBD3U4Y\DK3WBD3U4.exe"
O4 - HKCU\..\Run: [A1A8ZTC9JDB0SKC] "C:\Program Files\TA5HT94J2A\TA5HT94J2.exe"
O4 - HKCU\..\Run: [8KJ32QZHMMHO7L1] "C:\Program Files\LJIVWPKYWC\LJIVWPKYW.exe"
O4 - HKCU\..\Run: [Z05B5JP4VFT5BI1] "C:\Program Files\D8G6CYSFYQ\D8G6CYSFY.exe"
O4 - HKCU\..\Run: [Blogger] C:\ProgramData\Blogger\Blogger.exe //ppiytddrexxdxd2232f
O4 - HKCU\..\Run: [01WLFIL8ZSYHPB1] "C:\Program Files\381PFGVE4O\381PFGVE4.exe"
O4 - HKCU\..\Run: [9OGJ30GMX2D5K1U] "C:\Program Files\5DRRLOPU8F\5DRRLOPU8.exe"
O4 - HKCU\..\Run: [7SJ9BJRGQQJQV7X] "C:\Program Files\YS07W6DPYF\YS07W6DPY.exe"
O4 - HKCU\..\Run: [4939421] "C:\Users\Hačís\AppData\Roaming\lprqgv2eica\dq4lynszizl.exe" /VERYSILENT
O4 - HKCU\..\Run: [2084152] "C:\Users\Hačís\AppData\Roaming\rar3a24r3eo\jxhd3yqy1x5.exe" /VERYSILENT
O4 - HKCU\..\Run: [5211822] "C:\Users\Hačís\AppData\Roaming\gnnzspdulls\vubzpxkrt3l.exe" /VERYSILENT
O4 - HKCU\..\Run: [JMXRB4DKNI8GQ6I] "C:\Program Files\D9M89IOTK1\455VHOMX8.exe"
O4 - HKCU\..\Run: [A5P649OA3FA3SPA] "C:\Program Files\Y607QCR3I7\2RP96HV95.exe"
O4 - HKCU\..\Run: [5703178] "C:\Users\Hačís\AppData\Roaming\np5iak5homj\j2zb2suetzz.exe" /VERYSILENT
O4 - HKCU\..\Run: [6261137] "C:\Users\Hačís\AppData\Roaming\okoapnjjegc\q2retlbexst.exe" /VERYSILENT
O4 - HKCU\..\Run: [8903116] "C:\Users\Hačís\AppData\Roaming\smstnl4t1xt\2ui5bkkhlya.exe" /VERYSILENT
O4 - HKCU\..\Run: [7PLEIRO4LZH3S34] "C:\Program Files\0FKE11MGDC\0FKE11MGD.exe"
O4 - HKCU\..\Run: [WAALEC7AYZHEQ02] "C:\Program Files\RYCUU6Y6T9\RYCUU6Y6T.exe"
O4 - HKCU\..\Run: [3470802] "C:\Users\Hačís\AppData\Roaming\wuyfuwi44yu\degvujbs54v.exe" /VERYSILENT
O4 - HKCU\..\Run: [4074675] "C:\Users\Hačís\AppData\Roaming\osrhd1xyczz\ii1fkud45xz.exe" /VERYSILENT
O4 - HKCU\..\Run: [6877431] "C:\Users\Hačís\AppData\Roaming\lijia2u2as3\1gj4h34b4ph.exe" /VERYSILENT
O4 - HKCU\..\Run: [4ZDLHGY3NNKZ3XV] "C:\Program Files\MW2GK8ELNH\MW2GK8ELN.exe"
O4 - HKCU\..\Run: [YEUS8KOMI7MPEQD] "C:\Program Files\SIGNBOMHWV\EV6065NWT.exe"
O4 - HKCU\..\Run: [7607259] "C:\Users\Hačís\AppData\Roaming\tfnjc2nuxqe\mpa0gnijhsd.exe" /VERYSILENT
O4 - HKCU\..\Run: [1804738] "C:\Users\Hačís\AppData\Roaming\14a5ops3r2f\ma205vx0xyv.exe" /VERYSILENT
O4 - HKCU\..\Run: [8138903] "C:\Users\Hačís\AppData\Roaming\tiod5uanl5r\2oqla4nhvjl.exe" /VERYSILENT
O4 - HKCU\..\Run: [UOCIJ6EAD88HQTU] "C:\Program Files\AZS0V8FQ24\AZS0V8FQ2.exe"
O4 - HKCU\..\Run: [2SCZXC0WO8HT84N] "C:\Program Files\WHLQY8ZWK5\555OLPUBI.exe"
O4 - HKCU\..\Run: [1995196] "C:\Users\Hačís\AppData\Roaming\rfey3c0k32z\buol3he0sbz.exe" /VERYSILENT
O4 - HKCU\..\Run: [1141880] "C:\Users\Hačís\AppData\Roaming\0gxeyae45l1\2c1y0k50uqf.exe" /VERYSILENT
O4 - HKCU\..\Run: [4962049] "C:\Users\Hačís\AppData\Roaming\xibjq0rh1na\zrxotk3hggo.exe" /VERYSILENT
O4 - HKCU\..\Run: [4850465] "C:\Users\Hačís\AppData\Roaming\etjzn1nrftw\rgubkz4yaff.exe" /VERYSILENT
O4 - HKCU\..\Run: [2651582] "C:\Users\Hačís\AppData\Roaming\ch4vifxsxp0\mkvdpgugikr.exe" /VERYSILENT
O4 - HKCU\..\Run: [6921366] "C:\Users\Hačís\AppData\Roaming\vw51xgv3143\zc4bd1205qy.exe" /VERYSILENT
O4 - HKCU\..\Run: [DCRHUXOV72COGZF] "C:\Program Files\E9CW6J3WN8\4NPQMIFXL.exe"
O4 - HKCU\..\Run: [Q7AAJI0ZL6KIEL7] "C:\Program Files\KJB1IH1TDI\WH0SB6JBM.exe"
O4 - HKCU\..\Run: [3XGPRI60K3C0EXE] "C:\Program Files\0KGYV2KFM2\7QU3QDSQV.exe"
O4 - HKCU\..\Run: [XBYWJMWJFMEPPQW] "C:\Program Files\MD3QVWRBY7\7QU3QDSQV.exe"
O4 - HKCU\..\Run: [8769610] "C:\Users\Hačís\AppData\Roaming\egkvyuirmvt\zzcnv20a3n5.exe" /VERYSILENT
O4 - HKCU\..\Run: [7506111] "C:\Users\Hačís\AppData\Roaming\byoccsr5awv\ghyufv5nogy.exe" /VERYSILENT
O4 - HKCU\..\Run: [9462071] "C:\Users\Hačís\AppData\Roaming\la2vlm5mouk\k0slbfbhidd.exe" /VERYSILENT
O4 - HKCU\..\Run: [4375124] "C:\Users\Hačís\AppData\Roaming\k4e0qdqdsxf\gftnhwudq0d.exe" /VERYSILENT
O4 - HKCU\..\Run: [9429314] "C:\Users\Hačís\AppData\Roaming\1rmxxtuxnj4\esfvl5phyh0.exe" /VERYSILENT
O4 - HKCU\..\Run: [4375163] "C:\Users\Hačís\AppData\Roaming\qubn023ut11\p4kixzox3al.exe" /VERYSILENT
O4 - HKCU\..\Run: [LES1BGEFSIWE9HV] "C:\Program Files\DJ15TYZDVN\BJ8E07T2D.exe"
O4 - HKCU\..\Run: [YMK7RLGCHX0GVTD] "C:\Program Files\62JCB056T6\62JCB056T.exe"
O4 - HKCU\..\Run: [PI3VZREG5OGDIEZ] "C:\Program Files\D67YA31PNM\D67YA31PN.exe"
O4 - HKCU\..\Run: [2892094] "C:\Users\Hačís\AppData\Roaming\ccxld2btr4f\ekjzm0agjhx.exe" /VERYSILENT
O4 - HKCU\..\Run: [4926956] "C:\Users\Hačís\AppData\Roaming\chdk4rn0p2g\5lyiimev0qg.exe" /VERYSILENT
O4 - HKCU\..\Run: [1FLAVS2R23ASU64] "C:\Program Files\PJ15H6JWF1\8T89OP18E.exe"
O4 - HKCU\..\Run: [8101868] "C:\Users\Hačís\AppData\Roaming\aiqxdp2j2ye\lknjtfw1y5m.exe" /VERYSILENT
O4 - HKCU\..\Run: [OXE1XSMXK343Y5S] "C:\Program Files\L66VGE4VML\LBLHTK4I4.exe"
O4 - HKCU\..\Run: [6398553] "C:\Users\Hačís\AppData\Roaming\g2hgrrek4tl\sxoo2ypj33i.exe" /VERYSILENT
O4 - HKCU\..\Run: [BRS28KQXZLL0QPD] "C:\Program Files\UAN8886QZT\LBLHTK4I4.exe"
O4 - HKCU\..\Run: [1554451] "C:\Users\Hačís\AppData\Roaming\pqjhlyaij4p\u13lizqbymf.exe" /VERYSILENT
O4 - HKCU\..\Run: [514589] "C:\Users\Hačís\AppData\Roaming\04dd3opwinq\eqtlwh34o35.exe" /VERYSILENT
O4 - HKCU\..\Run: [I928Z44UW94OVV5] "C:\Program Files\YBGEECP6W3\YBGEECP6W.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: 5f805e177fa7c673482c92c255460b67.exe
O4 - Startup: Poslat do aplikace OneNote.lnk = C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
O4 - Startup: twjhfwub.lnk
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Background Logic Handler (backlh) - Unknown owner - C:\ProgramData\Logic Cramble\set.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CRMSvc - Unknown owner - C:\Users\Hačís\AppData\Roaming\CRMSvc\CRMSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe (file missing)
--
End of file - 22993 bytes