Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by vojtech (administrator) on DESKTOP-RMRMPGC (16-02-2017 10:37:11)
Running from C:\Users\vojtech\Desktop
Loaded Profiles: vojtech (Available Profiles: vojtech & joee)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\SysWOW64\SETB7CB.tmp
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Search Module Ltd.) C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0184b3a4-11af-4ee2-9ca2-7bea0f760317}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{850c9ace-eb40-4dd2-81c8-9ba0929ffd7e}: [DhcpNameServer] 10.65.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
FireFox:
========
FF DefaultProfile: iaa2ha12.default
FF ProfilePath: C:\Users\vojtech\AppData\Roaming\Mozilla\Firefox\Profiles\iaa2ha12.default [2017-02-16]
FF NewTab: Mozilla\Firefox\Profiles\iaa2ha12.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h1szamobl20564bu,f16f4ce6-e01c-4a6f-9d81-6eacca2b216e,
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\iaa2ha12.default ->
FF Homepage: Mozilla\Firefox\Profiles\iaa2ha12.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h1szamobl20564bu,f16f4ce6-e01c-4a6f-9d81-6eacca2b216e,
FF Keyword.URL: Mozilla\Firefox\Profiles\iaa2ha12.default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=h1szamobl20564bu,f16f4ce6-e01c-4a6f-9d81-6eacca2b216e,
FF SearchPlugin: C:\Users\vojtech\AppData\Roaming\Mozilla\Firefox\Profiles\iaa2ha12.default\searchplugins\h49mkssl.xml [2017-01-25]
FF SearchPlugin: C:\Users\vojtech\AppData\Roaming\Mozilla\Firefox\Profiles\iaa2ha12.default\searchplugins\smod.xml [2017-01-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.seznam.cz/
CHR StartupUrls: ChromeDefaultData -> "hxxp://www-searching.com/?pid=s&s=h1szamobl20564bu,f16f4ce6-e01c-4a6f-9d81-6eacca2b216e,"
CHR Profile: C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-16] <==== ATTENTION
CHR Extension: (Prezentace Google) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-28]
CHR Extension: (Dokumenty Google) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-03]
CHR Extension: (Disk Google) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-03]
CHR Extension: (YouTube) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-03]
CHR Extension: (Vyhledávání Google) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Extension: (easychrome) - C:\Users\vojtech\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2017-01-28]
CHR HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows (R) Win 7 DDK provider)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-08-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdatesvr.exe [133480 2015-08-15] (Zhuhai Kingsoft Office Software Co.,Ltd)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [3109888 2017-01-27] (Search Module Ltd.) [File not signed] <==== ATTENTION
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-22] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-22] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-22] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2015-08-17] (Intel Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-12-03] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [46392 2015-12-03] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-12-03] (Realsil Semiconductor Corporation)
R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2017-01-27] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-16 10:37 - 2017-02-16 10:37 - 00016682 _____ C:\Users\vojtech\Desktop\FRST.txt
2017-02-16 10:34 - 2017-02-16 10:34 - 00112640 _____ (forum.viry.cz) C:\Users\vojtech\Downloads\FRSTLauncher.exe
2017-02-16 10:34 - 2017-02-16 10:34 - 00112640 _____ (forum.viry.cz) C:\Users\vojtech\Desktop\FRSTLauncher.exe
2017-02-16 10:34 - 2017-02-16 10:34 - 00029696 _____ C:\Users\vojtech\AppData\Local\MSGBOX.EXE
2017-02-16 10:34 - 2017-02-16 10:34 - 00015327 _____ C:\Users\vojtech\Desktop\LM.bat
2017-02-16 10:33 - 2017-02-16 10:32 - 02422272 _____ (Farbar) C:\Users\vojtech\Desktop\FRST64.exe
2017-02-16 10:32 - 2017-02-16 10:37 - 00000000 ____D C:\FRST
2017-02-16 10:32 - 2017-02-16 10:32 - 02422272 _____ (Farbar) C:\Users\vojtech\Downloads\FRST64.exe
2017-01-31 11:52 - 2017-01-31 11:52 - 00000000 ____D C:\Users\vojtech\Downloads\Rytmus---Krstný-otec-(2016)
2017-01-29 16:13 - 2017-01-29 16:20 - 118644551 _____ C:\Users\vojtech\Downloads\Rytmus---Krstný-otec-(2016).rar
2017-01-29 10:29 - 2017-01-29 22:57 - 00000000 ____D C:\Users\vojtech\AppData\Local\BrowserAir
2017-01-29 10:29 - 2017-01-29 21:08 - 00003356 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2017-01-29 10:28 - 2017-01-29 10:28 - 00326144 _____ C:\ProgramData\smp2.exe
2017-01-29 10:28 - 2017-01-29 10:28 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-01-29 10:28 - 2017-01-29 10:28 - 00004430 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_313631373936393239362d4a4a5b415a34782a456c375a
2017-01-29 10:28 - 2017-01-29 10:28 - 00004264 _____ C:\WINDOWS\System32\Tasks\SMW_P
2017-01-29 10:28 - 2017-01-29 10:28 - 00000000 ____D C:\ProgramData\SearchModule
2017-01-28 19:36 - 2017-01-28 19:36 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-01-28 13:28 - 2017-01-28 19:36 - 00000000 ____D C:\WINDOWS\LastGood
2017-01-28 12:30 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-28 12:30 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-28 10:39 - 2017-01-28 12:15 - 00000000 ____D C:\Program Files (x86)\ContentPush
2017-01-28 10:39 - 2017-01-28 10:52 - 00000000 ____D C:\Users\vojtech\AppData\Roaming\VDI
2017-01-28 10:39 - 2017-01-28 10:39 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2017-01-28 10:38 - 2017-01-28 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2017-01-28 10:38 - 2017-01-28 11:02 - 00000000 ____D C:\Users\vojtech\AppData\Roaming\System Healer
2017-01-28 10:38 - 2017-01-28 10:38 - 00000000 ____D C:\ProgramData\29d2af85-4f17-1
2017-01-28 10:38 - 2017-01-28 10:38 - 00000000 ____D C:\ProgramData\29d2af85-20a5-0
2017-01-28 10:35 - 2017-01-28 10:35 - 00000000 ____D C:\ProgramData\Ronzaps
2017-01-28 10:34 - 2017-01-28 12:15 - 00000000 ____D C:\ProgramData\Ronzap
2017-01-28 10:34 - 2017-01-28 12:15 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
2017-01-28 10:34 - 2017-01-28 12:15 - 00000000 ____D C:\ProgramData\Logic Handler
2017-01-28 10:34 - 2017-01-28 10:34 - 07316480 _____ C:\Users\vojtech\AppData\Roaming\agent.dat
2017-01-28 10:34 - 2017-01-28 10:34 - 01938535 _____ C:\Users\vojtech\AppData\Roaming\Toughhome.bin
2017-01-28 10:34 - 2017-01-28 10:34 - 01908297 _____ C:\Users\vojtech\AppData\Roaming\Isfind.tst
2017-01-28 10:34 - 2017-01-28 10:34 - 00278517 _____ C:\Users\vojtech\AppData\Roaming\TrueQuadis.bin
2017-01-28 10:34 - 2017-01-28 10:34 - 00140288 _____ C:\Users\vojtech\AppData\Roaming\Installer.dat
2017-01-28 10:34 - 2017-01-28 10:34 - 00136827 _____ () C:\Users\vojtech\AppData\Roaming\Stronglex.bin
2017-01-28 10:34 - 2017-01-28 10:34 - 00126464 _____ C:\Users\vojtech\AppData\Roaming\noah.dat
2017-01-28 10:34 - 2017-01-28 10:34 - 00070752 _____ C:\Users\vojtech\AppData\Roaming\Config.xml
2017-01-28 10:34 - 2017-01-28 10:34 - 00019056 _____ C:\Users\vojtech\AppData\Roaming\InstallationConfiguration.xml
2017-01-28 10:34 - 2017-01-28 10:34 - 00018432 _____ C:\Users\vojtech\AppData\Roaming\Main.dat
2017-01-28 10:34 - 2017-01-28 10:34 - 00005568 _____ C:\Users\vojtech\AppData\Roaming\md.xml
2017-01-26 14:51 - 2017-01-26 14:51 - 00285696 _____ C:\WINDOWS\system32\bi3.exe
2017-01-25 20:58 - 2017-01-25 20:58 - 00000000 ____D C:\Users\vojtech\AppData\Roaming\kingsoft
2017-01-25 20:58 - 2017-01-25 20:58 - 00000000 ____D C:\Users\vojtech\AppData\Local\kingsoft
2017-01-25 20:30 - 2017-01-28 12:15 - 00000000 ____D C:\Users\vojtech\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-01-25 20:30 - 2017-01-28 12:15 - 00000000 ____D C:\ProgramData\ProductData
2017-01-25 20:30 - 2017-01-28 12:15 - 00000000 ____D C:\ProgramData\IObit
2017-01-25 20:30 - 2017-01-25 20:30 - 00000000 ____D C:\WINDOWS\IObit
2017-01-25 20:30 - 2017-01-25 20:30 - 00000000 ____D C:\ProgramData\Avg
2017-01-25 20:29 - 2017-01-28 12:15 - 00000000 ____D C:\Users\vojtech\AppData\Roaming\isMiner
2017-01-25 20:29 - 2017-01-25 21:31 - 00000000 ____D C:\Users\vojtech\AppData\Roaming\Jevush
2017-01-25 20:29 - 2017-01-25 20:30 - 00000000 ____D C:\Users\vojtech\AppData\Local\Cherrise
2017-01-25 20:29 - 2017-01-25 20:29 - 00000000 ____D C:\Users\vojtech\AppData\Roaming\IObit
2017-01-25 20:29 - 2017-01-25 20:29 - 00000000 ____D C:\Users\Public\Thunder Network
2017-01-25 20:29 - 2017-01-25 20:29 - 00000000 ____D C:\ProgramData\Thunder Network
2017-01-25 10:44 - 2017-01-25 10:44 - 00024199 _____ C:\Users\vojtech\Downloads\Občanský průkaz, cestovní pas, evidence obyvatel.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-16 10:33 - 2016-05-19 10:58 - 00001412 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-16 10:33 - 2016-05-19 10:57 - 00001424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-16 10:33 - 2015-10-05 04:03 - 00002468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-16 10:33 - 2015-10-05 04:03 - 00002456 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-16 10:32 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-16 10:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-16 10:31 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-16 10:28 - 2016-10-19 08:15 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-02-16 10:28 - 2016-09-27 14:06 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-16 10:28 - 2015-10-05 03:43 - 00000000 __SHD C:\Users\vojtech\IntelGraphicsProfiles
2017-02-15 13:39 - 2016-09-27 14:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-13 08:42 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-04 14:32 - 2017-01-02 21:25 - 00000000 ____D C:\Users\vojtech\AppData\LocalLow\Mozilla
2017-01-29 22:58 - 2015-08-15 06:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-01-29 22:58 - 2015-08-15 06:29 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-01-29 22:57 - 2016-05-19 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-29 22:57 - 2016-05-19 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 19:36 - 2016-09-27 14:06 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-01-28 13:27 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-28 12:22 - 2016-05-04 10:50 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-28 12:18 - 2016-09-27 14:11 - 00000000 ____D C:\Users\vojtech
2017-01-28 12:17 - 2016-09-27 14:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-28 12:16 - 2016-09-27 14:11 - 00000000 ____D C:\Users\joee
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-28 12:16 - 2015-07-10 12:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-28 12:15 - 2016-11-26 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Download Casino
2017-01-28 12:15 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-28 12:15 - 2015-08-15 06:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-28 12:15 - 2015-08-15 06:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
2017-01-28 12:15 - 2015-08-15 06:30 - 00000000 ____D C:\ProgramData\Kingsoft
2017-01-28 12:15 - 2015-08-15 06:30 - 00000000 ____D C:\Program Files (x86)\Kingsoft
2017-01-28 12:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-01-28 12:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration
2017-01-28 12:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\IME
2017-01-28 12:06 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2017-01-28 12:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-28 12:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-28 12:05 - 2015-10-05 03:43 - 00000000 ____D C:\Users\vojtech\AppData\Local\Packages
2017-01-28 10:37 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-19 20:57 - 2016-12-13 21:47 - 00003294 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-19 20:57 - 2015-10-05 03:46 - 00002399 _____ C:\Users\vojtech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-19 20:57 - 2015-10-05 03:46 - 00000000 ___RD C:\Users\vojtech\OneDrive
==================== Files in the root of some directories =======
2017-01-28 10:34 - 2017-01-28 10:34 - 7316480 _____ () C:\Users\vojtech\AppData\Roaming\agent.dat
2017-01-28 10:34 - 2017-01-28 10:34 - 0070752 _____ () C:\Users\vojtech\AppData\Roaming\Config.xml
2017-01-28 10:34 - 2017-01-28 10:34 - 0019056 _____ () C:\Users\vojtech\AppData\Roaming\InstallationConfiguration.xml
2017-01-28 10:34 - 2017-01-28 10:34 - 0140288 _____ () C:\Users\vojtech\AppData\Roaming\Installer.dat
2017-01-28 10:34 - 2017-01-28 10:34 - 1908297 _____ () C:\Users\vojtech\AppData\Roaming\Isfind.tst
2017-01-28 10:34 - 2017-01-28 10:34 - 0018432 _____ () C:\Users\vojtech\AppData\Roaming\Main.dat
2017-01-28 10:34 - 2017-01-28 10:34 - 0005568 _____ () C:\Users\vojtech\AppData\Roaming\md.xml
2017-01-28 10:34 - 2017-01-28 10:34 - 0126464 _____ () C:\Users\vojtech\AppData\Roaming\noah.dat
2017-01-28 10:34 - 2017-01-28 10:34 - 0136827 _____ () C:\Users\vojtech\AppData\Roaming\Stronglex.bin
2017-01-28 10:34 - 2017-01-28 10:34 - 1938535 _____ () C:\Users\vojtech\AppData\Roaming\Toughhome.bin
2017-01-28 10:34 - 2017-01-28 10:34 - 0278517 _____ () C:\Users\vojtech\AppData\Roaming\TrueQuadis.bin
2017-02-16 10:34 - 2017-02-16 10:34 - 0029696 _____ () C:\Users\vojtech\AppData\Local\MSGBOX.EXE
2015-12-30 01:41 - 2015-12-30 01:41 - 0000000 _____ () C:\Users\vojtech\AppData\Local\{02AB8963-3A53-4256-95EB-F447ABDAC7A6}
2016-09-27 14:05 - 2016-09-27 14:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-29 10:28 - 2017-01-29 10:28 - 0326144 _____ () C:\ProgramData\smp2.exe
Files to move or delete:
====================
C:\ProgramData\smp2.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-15 14:37
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o moderatory o POMOC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
pepanovak111
- Návštěvník
- Příspěvky: 17
- Registrován: 16 úno 2017 10:42
Prosim o moderatory o POMOC
Naposledy upravil(a) pepanovak111 dne 17 úno 2017 16:19, celkem upraveno 1 x.
-
pepanovak111
- Návštěvník
- Příspěvky: 17
- Registrován: 16 úno 2017 10:42
Re: vyskakujici start okno na pozadi po naistalovani fake pr
Zdravím všechny. Po naistalování jednoho programu mi počítač dělá problémy. Naistalovalo se několik scaneru které sem smazal a udělal bod obnovy. Nicméně mi aspon jednou za hodinu vyskočí na pozadí okno jako start a hned zmizí. Snad jsem postupoval správně. Díky za pomoc
-
pepanovak111
- Návštěvník
- Příspěvky: 17
- Registrován: 16 úno 2017 10:42
Re: vyskakujici start okno na pozadi po naistalovani fake pr
Zde přidávám soubor addition
- Přílohy
-
- Addition.rar
- (7.97 KiB) Staženo 59 x
Re: vyskakujici start okno na pozadi po naistalovani fake pr
Krasny den Vam preju 
Pokud je Vas log dlouhy a nevejde se do jednoho prispevku (je delsi nez 100.000 znaku), pridejte do nazvu tematu informaci o tom, ze je log dlouhy a je rozdelen do vice casti (napr. "virus, 3 posty"). Primarne resime temata bez odpovedi, takze ve Vasem pripade to vypada, ze se Vam jiz nektery z kolegu venuje a tema snadno zapadne.
V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
Pokud je Vas log dlouhy a nevejde se do jednoho prispevku (je delsi nez 100.000 znaku), pridejte do nazvu tematu informaci o tom, ze je log dlouhy a je rozdelen do vice casti (napr. "virus, 3 posty"). Primarne resime temata bez odpovedi, takze ve Vasem pripade to vypada, ze se Vam jiz nektery z kolegu venuje a tema snadno zapadne. V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan (Skenovani), pote na Clean (Cisteni)
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
pepanovak111
- Návštěvník
- Příspěvky: 17
- Registrován: 16 úno 2017 10:42
Re: vyskakujici start okno na pozadi po naistalovani fake pr
# AdwCleaner v6.043 - Log vytvořen 17/02/2017 v 13:38:39
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-13.1 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : vojtech - DESKTOP-RMRMPGC
# Spuštěno z : C:\Users\vojtech\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: SMUpd
[-] Služba smazána: SMUpdd
***** [ Složky ] *****
[-] Složka smazána: C:\ProgramData\29d2af85-20a5-0
[-] Složka smazána: C:\ProgramData\29d2af85-4f17-1
[-] Složka smazána: C:\Users\vojtech\AppData\Local\BrowserAir
[-] Složka smazána: C:\Users\vojtech\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
[-] Složka smazána: C:\Users\vojtech\AppData\Roaming\System Healer
[-] Složka smazána: C:\Users\vojtech\AppData\Roaming\VDI
[#] Složka smazána po restartu: C:\Users\vojtech\AppData\Roaming\VDI\Shared\Product Updater
[-] Složka smazána: C:\Program Files\Common Files\Noobzo
[-] Složka smazána: C:\ProgramData\SearchModule
[-] Složka smazána: C:\ProgramData\Ronzap
[-] Složka smazána: C:\ProgramData\Ronzaps
[-] Složka smazána: C:\ProgramData\Logic Handler
[-] Složka smazána: C:\ProgramData\NetworkPacketManitor
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[-] Složka smazána: C:\Program Files (x86)\ContentPush
[-] Složka smazána: C:\Users\vojtech\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
***** [ Soubory ] *****
[-] Soubor smazán: C:\WINDOWS\SysNative\bi3.exe
[-] Soubor smazán: C:\ProgramData\smp2.exe
[#] Soubor smazán: C:\ProgramData\smp2.exe
[-] Soubor smazán: C:\WINDOWS\rsrcs.dll
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\md.xml
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\Config.xml
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\noah.dat
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\Installer.dat
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\InstallationConfiguration.xml
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\Main.dat
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\agent.dat
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\Mozilla\Firefox\Profiles\iaa2ha12.default\searchplugins\smod.xml
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[-] Zástupce vyléčen: C:\Users\Public\Desktop\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Zástupce vyléčen: C:\Users\vojtech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\vojtech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\vojtech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\vojtech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: IBUpd2
[-] Úloha smazána: SMW_P
***** [ Registry ] *****
[-] Klíč smazán: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: HKCU\Software\PRODUCTSETUP
[-] Klíč smazán: HKLM\SOFTWARE\BrowserAir
[-] Klíč smazán: HKLM\SOFTWARE\SearchModule
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
[#] Klíč smazán po restartu: [x64] HKCU\Software\PRODUCTSETUP
[-] Klíč smazán: [x64] HKLM\SOFTWARE\SearchModule
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[-] Klíč smazán: HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
[#] Klíč smazán po restartu: [x64] HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
***** [ Prohlížeče ] *****
[-] Firefox předvolby vyčištěny: "browser.newtab.url" - "hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h1szamobl20564bu,f16f4ce6-e01c-4a6f-9d81-6eacca2b216e,"
[-] Firefox předvolby vyčištěny: "browser.startup.homepage" - "hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h1szamobl20564bu,f16f4ce6-e01c-4a6f-9d81-6eacca2b216e,"
[-] Firefox předvolby vyčištěny: "keyword.URL" - "hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=h1szamobl20564bu,f16f4ce6-e01c-4a6f-9d81-6eacca2b216e,"
[-] [C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Smazáno: www-searching.com
[-] [C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Smazáno: hxxp://www-searching.com/?pid=s&s=h1szamobl20564bu,f16f4ce6-e01c-4a6f-9d81-6eacca2b216e,
[-] [C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [extension] Smazáno: jlcgehabolcakkjhgmgpkagpolbjlhfa
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [7392 Bajty] - [17/02/2017 13:38:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [8195 Bajty] - [17/02/2017 13:35:58]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7538 Bajty] ##########
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-13.1 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : vojtech - DESKTOP-RMRMPGC
# Spuštěno z : C:\Users\vojtech\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: SMUpd
[-] Služba smazána: SMUpdd
***** [ Složky ] *****
[-] Složka smazána: C:\ProgramData\29d2af85-20a5-0
[-] Složka smazána: C:\ProgramData\29d2af85-4f17-1
[-] Složka smazána: C:\Users\vojtech\AppData\Local\BrowserAir
[-] Složka smazána: C:\Users\vojtech\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
[-] Složka smazána: C:\Users\vojtech\AppData\Roaming\System Healer
[-] Složka smazána: C:\Users\vojtech\AppData\Roaming\VDI
[#] Složka smazána po restartu: C:\Users\vojtech\AppData\Roaming\VDI\Shared\Product Updater
[-] Složka smazána: C:\Program Files\Common Files\Noobzo
[-] Složka smazána: C:\ProgramData\SearchModule
[-] Složka smazána: C:\ProgramData\Ronzap
[-] Složka smazána: C:\ProgramData\Ronzaps
[-] Složka smazána: C:\ProgramData\Logic Handler
[-] Složka smazána: C:\ProgramData\NetworkPacketManitor
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[-] Složka smazána: C:\Program Files (x86)\ContentPush
[-] Složka smazána: C:\Users\vojtech\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
***** [ Soubory ] *****
[-] Soubor smazán: C:\WINDOWS\SysNative\bi3.exe
[-] Soubor smazán: C:\ProgramData\smp2.exe
[#] Soubor smazán: C:\ProgramData\smp2.exe
[-] Soubor smazán: C:\WINDOWS\rsrcs.dll
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\md.xml
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\Config.xml
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\noah.dat
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\Installer.dat
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\InstallationConfiguration.xml
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\Main.dat
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\agent.dat
[-] Soubor smazán: C:\Users\vojtech\AppData\Roaming\Mozilla\Firefox\Profiles\iaa2ha12.default\searchplugins\smod.xml
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[-] Zástupce vyléčen: C:\Users\Public\Desktop\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Zástupce vyléčen: C:\Users\vojtech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\vojtech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\vojtech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\vojtech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: IBUpd2
[-] Úloha smazána: SMW_P
***** [ Registry ] *****
[-] Klíč smazán: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: HKCU\Software\PRODUCTSETUP
[-] Klíč smazán: HKLM\SOFTWARE\BrowserAir
[-] Klíč smazán: HKLM\SOFTWARE\SearchModule
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
[#] Klíč smazán po restartu: [x64] HKCU\Software\PRODUCTSETUP
[-] Klíč smazán: [x64] HKLM\SOFTWARE\SearchModule
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[-] Klíč smazán: HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
[#] Klíč smazán po restartu: [x64] HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
***** [ Prohlížeče ] *****
[-] Firefox předvolby vyčištěny: "browser.newtab.url" - "hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h1szamobl20564bu,f16f4ce6-e01c-4a6f-9d81-6eacca2b216e,"
[-] Firefox předvolby vyčištěny: "browser.startup.homepage" - "hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h1szamobl20564bu,f16f4ce6-e01c-4a6f-9d81-6eacca2b216e,"
[-] Firefox předvolby vyčištěny: "keyword.URL" - "hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=h1szamobl20564bu,f16f4ce6-e01c-4a6f-9d81-6eacca2b216e,"
[-] [C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Smazáno: www-searching.com
[-] [C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Smazáno: hxxp://www-searching.com/?pid=s&s=h1szamobl20564bu,f16f4ce6-e01c-4a6f-9d81-6eacca2b216e,
[-] [C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [extension] Smazáno: jlcgehabolcakkjhgmgpkagpolbjlhfa
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [7392 Bajty] - [17/02/2017 13:38:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [8195 Bajty] - [17/02/2017 13:35:58]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7538 Bajty] ##########
-
pepanovak111
- Návštěvník
- Příspěvky: 17
- Registrován: 16 úno 2017 10:42
Re: vyskakujici start okno na pozadi po naistalovani fake pr
Nikdo se mnou zatím toto téma neřeší a nevím jak změnit název topicu 
V odpovědi nademnou jsem postupoval dle vašeho návodu. Předem děkuji za pomoc
V odpovědi nademnou jsem postupoval dle vašeho návodu. Předem děkuji za pomoc
altrok píše:Krasny den Vam preju
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan (Skenovani), pote na Clean (Cisteni)
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi
Re: Prosim o moderatory o POMOC
Uz jsem si Vas vsiml a venuji se Vam, takze nazev tematu neni treba menit - je to spis rada pro priste. Bohuzel u PC nesedim neustale, takze si na dalsi odpovedi obcas budete muset pockat Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868
- Upozorneni: tento sken zabere od 30 minut po nekolik hodin
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
pepanovak111
- Návštěvník
- Příspěvky: 17
- Registrován: 16 úno 2017 10:42
Re: Prosim o moderatory o POMOC
V priloze zasilam log ktery sem ulozil po dokonceni skenu timto programem.
- Přílohy
-
- log text.rar
- (11.08 KiB) Staženo 50 x
Re: Prosim o moderatory o POMOC
No krasa. Vsechny nalezy smazte/presunte do karanteny. Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
pepanovak111
- Návštěvník
- Příspěvky: 17
- Registrován: 16 úno 2017 10:42
Re: Prosim o moderatory o POMOC
Zde log a v priloze addition. Dekuji
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by vojtech (administrator) on DESKTOP-RMRMPGC (20-02-2017 11:16:31)
Running from C:\Users\vojtech\Desktop
Loaded Profiles: vojtech (Available Profiles: vojtech)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0184b3a4-11af-4ee2-9ca2-7bea0f760317}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{850c9ace-eb40-4dd2-81c8-9ba0929ffd7e}: [DhcpNameServer] 10.65.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
FireFox:
========
FF DefaultProfile: iaa2ha12.default
FF ProfilePath: C:\Users\vojtech\AppData\Roaming\Mozilla\Firefox\Profiles\iaa2ha12.default [2017-02-20]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\iaa2ha12.default ->
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\vojtech\AppData\Roaming\Mozilla\Firefox\Profiles\iaa2ha12.default\features\{61297868-32ad-4a59-828c-77181458eafe}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.seznam.cz/
CHR Profile: C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-20] <==== ATTENTION
CHR Extension: (Prezentace Google) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-28]
CHR Extension: (Dokumenty Google) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-03]
CHR Extension: (Disk Google) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-03]
CHR Extension: (YouTube) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-03]
CHR Extension: (Vyhledávání Google) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows (R) Win 7 DDK provider)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-08-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdatesvr.exe [133480 2015-08-15] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-22] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-22] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-22] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2015-08-17] (Intel Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-12-03] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [46392 2015-12-03] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-19] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-19] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-19] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-20] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-12-03] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-20 11:16 - 2017-02-20 11:16 - 00015473 _____ C:\Users\vojtech\Desktop\FRST.txt
2017-02-20 11:16 - 2017-02-20 11:16 - 00000000 ____D C:\Users\vojtech\Desktop\FRST-OlderVersion
2017-02-19 11:51 - 2017-02-19 11:51 - 00011346 _____ C:\Users\vojtech\Desktop\log text.rar
2017-02-18 18:13 - 2017-02-20 11:15 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-18 18:13 - 2017-02-19 11:44 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-18 18:13 - 2017-02-19 11:44 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-18 18:13 - 2017-02-19 11:44 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-18 18:13 - 2017-02-18 18:13 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-18 18:13 - 2017-02-18 18:13 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-18 18:13 - 2017-02-18 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-18 18:13 - 2017-02-18 18:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-18 18:13 - 2017-02-18 18:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-18 18:13 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-18 18:12 - 2017-02-18 18:13 - 55566792 _____ (Malwarebytes ) C:\Users\vojtech\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-17 17:34 - 2017-02-17 17:34 - 00000000 ____D C:\Users\vojtech\Downloads\trainspotting-2-www-soundtrack-centrum-cz
2017-02-17 17:30 - 2017-02-17 17:34 - 69767258 _____ C:\Users\vojtech\Downloads\trainspotting-2-www-soundtrack-centrum-cz.rar
2017-02-17 17:28 - 2017-02-17 17:28 - 00000000 ____D C:\Users\vojtech\Downloads\Trainspotting-soundtrack-#2_2017
2017-02-17 17:19 - 2017-02-17 17:28 - 171820981 _____ C:\Users\vojtech\Downloads\Trainspotting-soundtrack-#2_2017.zip
2017-02-17 13:40 - 2017-02-17 13:40 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-17 13:33 - 2017-02-17 17:28 - 00000000 ____D C:\AdwCleaner
2017-02-17 13:33 - 2017-02-17 13:33 - 04015056 _____ C:\Users\vojtech\Downloads\adwcleaner_6.043.exe
2017-02-17 13:33 - 2017-02-17 13:33 - 04015056 _____ C:\Users\vojtech\Desktop\adwcleaner_6.043.exe
2017-02-16 10:52 - 2017-02-16 10:52 - 00008157 _____ C:\Users\vojtech\Desktop\Addition.rar
2017-02-16 10:34 - 2017-02-16 10:34 - 00112640 _____ (forum.viry.cz) C:\Users\vojtech\Downloads\FRSTLauncher.exe
2017-02-16 10:34 - 2017-02-16 10:34 - 00029696 _____ C:\Users\vojtech\AppData\Local\MSGBOX.EXE
2017-02-16 10:34 - 2017-02-16 10:34 - 00015327 _____ C:\Users\vojtech\Desktop\LM.bat
2017-02-16 10:33 - 2017-02-20 11:16 - 02422784 _____ (Farbar) C:\Users\vojtech\Desktop\FRST64.exe
2017-02-16 10:32 - 2017-02-20 11:16 - 00000000 ____D C:\FRST
2017-02-16 10:32 - 2017-02-16 10:32 - 02422272 _____ (Farbar) C:\Users\vojtech\Downloads\FRST64.exe
2017-01-31 11:52 - 2017-01-31 11:52 - 00000000 ____D C:\Users\vojtech\Downloads\Rytmus---Krstný-otec-(2016)
2017-01-29 16:13 - 2017-01-29 16:20 - 118644551 _____ C:\Users\vojtech\Downloads\Rytmus---Krstný-otec-(2016).rar
2017-01-28 19:36 - 2017-01-28 19:36 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-01-28 13:28 - 2017-01-28 19:36 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-28 12:30 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-28 12:30 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 20:58 - 2017-01-25 20:58 - 00000000 ____D C:\Users\vojtech\AppData\Roaming\kingsoft
2017-01-25 20:58 - 2017-01-25 20:58 - 00000000 ____D C:\Users\vojtech\AppData\Local\kingsoft
2017-01-25 20:30 - 2017-01-28 12:15 - 00000000 ____D C:\ProgramData\ProductData
2017-01-25 20:30 - 2017-01-28 12:15 - 00000000 ____D C:\ProgramData\IObit
2017-01-25 20:30 - 2017-01-25 20:30 - 00000000 ____D C:\WINDOWS\IObit
2017-01-25 20:30 - 2017-01-25 20:30 - 00000000 ____D C:\ProgramData\Avg
2017-01-25 20:29 - 2017-01-25 20:29 - 00000000 ____D C:\Users\vojtech\AppData\Roaming\IObit
2017-01-25 20:29 - 2017-01-25 20:29 - 00000000 ____D C:\Users\Public\Thunder Network
2017-01-25 20:29 - 2017-01-25 20:29 - 00000000 ____D C:\ProgramData\Thunder Network
2017-01-25 10:44 - 2017-01-25 10:44 - 00024199 _____ C:\Users\vojtech\Downloads\Občanský průkaz, cestovní pas, evidence obyvatel.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-20 10:57 - 2016-09-27 14:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-19 19:39 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-19 19:38 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-19 19:37 - 2016-10-19 08:15 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-02-19 19:37 - 2016-09-27 14:06 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-19 19:37 - 2015-10-05 03:43 - 00000000 __SHD C:\Users\vojtech\IntelGraphicsProfiles
2017-02-19 11:47 - 2016-07-16 23:25 - 00585780 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-19 11:47 - 2016-07-16 23:25 - 00124130 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-19 11:47 - 2015-08-15 06:21 - 01723096 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-19 11:45 - 2016-09-27 14:11 - 00000000 ____D C:\Users\vojtech
2017-02-19 11:44 - 2016-09-27 14:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-19 11:41 - 2016-10-11 14:14 - 00000000 ____D C:\Users\vojtech\Downloads\Mafia-III-(Deluxe-Edition)-PC-game.TORRENT---2016
2017-02-19 11:40 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-18 16:22 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 18:17 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-17 17:22 - 2017-01-02 21:25 - 00000000 ____D C:\Users\vojtech\AppData\LocalLow\Mozilla
2017-02-17 13:39 - 2016-05-19 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-17 13:38 - 2016-05-19 10:58 - 00001124 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-17 13:38 - 2016-05-19 10:57 - 00001136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-17 13:38 - 2015-10-05 04:03 - 00001381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-17 13:38 - 2015-10-05 04:03 - 00001369 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-29 22:58 - 2015-08-15 06:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-01-29 22:58 - 2015-08-15 06:29 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-01-29 22:57 - 2016-05-19 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 19:36 - 2016-09-27 14:06 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-01-28 13:27 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-28 12:22 - 2016-05-04 10:50 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-28 12:16 - 2016-09-27 14:11 - 00000000 ____D C:\Users\joee
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-28 12:16 - 2015-07-10 12:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-28 12:15 - 2016-11-26 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Download Casino
2017-01-28 12:15 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-28 12:15 - 2015-08-15 06:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-28 12:15 - 2015-08-15 06:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
2017-01-28 12:15 - 2015-08-15 06:30 - 00000000 ____D C:\ProgramData\Kingsoft
2017-01-28 12:15 - 2015-08-15 06:30 - 00000000 ____D C:\Program Files (x86)\Kingsoft
2017-01-28 12:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-01-28 12:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration
2017-01-28 12:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\IME
2017-01-28 12:06 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2017-01-28 12:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-28 12:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-28 12:05 - 2015-10-05 03:43 - 00000000 ____D C:\Users\vojtech\AppData\Local\Packages
2017-01-28 10:37 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
==================== Files in the root of some directories =======
2017-02-16 10:34 - 2017-02-16 10:34 - 0029696 _____ () C:\Users\vojtech\AppData\Local\MSGBOX.EXE
2015-12-30 01:41 - 2015-12-30 01:41 - 0000000 _____ () C:\Users\vojtech\AppData\Local\{02AB8963-3A53-4256-95EB-F447ABDAC7A6}
2016-09-27 14:05 - 2016-09-27 14:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-15 14:37
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by vojtech (administrator) on DESKTOP-RMRMPGC (20-02-2017 11:16:31)
Running from C:\Users\vojtech\Desktop
Loaded Profiles: vojtech (Available Profiles: vojtech)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0184b3a4-11af-4ee2-9ca2-7bea0f760317}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{850c9ace-eb40-4dd2-81c8-9ba0929ffd7e}: [DhcpNameServer] 10.65.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
FireFox:
========
FF DefaultProfile: iaa2ha12.default
FF ProfilePath: C:\Users\vojtech\AppData\Roaming\Mozilla\Firefox\Profiles\iaa2ha12.default [2017-02-20]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\iaa2ha12.default ->
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\vojtech\AppData\Roaming\Mozilla\Firefox\Profiles\iaa2ha12.default\features\{61297868-32ad-4a59-828c-77181458eafe}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.seznam.cz/
CHR Profile: C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-20] <==== ATTENTION
CHR Extension: (Prezentace Google) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-28]
CHR Extension: (Dokumenty Google) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-03]
CHR Extension: (Disk Google) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-03]
CHR Extension: (YouTube) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-03]
CHR Extension: (Vyhledávání Google) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\vojtech\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows (R) Win 7 DDK provider)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-08-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdatesvr.exe [133480 2015-08-15] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-22] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-22] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-22] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2015-08-17] (Intel Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-12-03] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [46392 2015-12-03] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-19] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-19] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-19] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-20] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-12-03] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-20 11:16 - 2017-02-20 11:16 - 00015473 _____ C:\Users\vojtech\Desktop\FRST.txt
2017-02-20 11:16 - 2017-02-20 11:16 - 00000000 ____D C:\Users\vojtech\Desktop\FRST-OlderVersion
2017-02-19 11:51 - 2017-02-19 11:51 - 00011346 _____ C:\Users\vojtech\Desktop\log text.rar
2017-02-18 18:13 - 2017-02-20 11:15 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-18 18:13 - 2017-02-19 11:44 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-18 18:13 - 2017-02-19 11:44 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-18 18:13 - 2017-02-19 11:44 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-18 18:13 - 2017-02-18 18:13 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-18 18:13 - 2017-02-18 18:13 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-18 18:13 - 2017-02-18 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-18 18:13 - 2017-02-18 18:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-18 18:13 - 2017-02-18 18:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-18 18:13 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-18 18:12 - 2017-02-18 18:13 - 55566792 _____ (Malwarebytes ) C:\Users\vojtech\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-17 17:34 - 2017-02-17 17:34 - 00000000 ____D C:\Users\vojtech\Downloads\trainspotting-2-www-soundtrack-centrum-cz
2017-02-17 17:30 - 2017-02-17 17:34 - 69767258 _____ C:\Users\vojtech\Downloads\trainspotting-2-www-soundtrack-centrum-cz.rar
2017-02-17 17:28 - 2017-02-17 17:28 - 00000000 ____D C:\Users\vojtech\Downloads\Trainspotting-soundtrack-#2_2017
2017-02-17 17:19 - 2017-02-17 17:28 - 171820981 _____ C:\Users\vojtech\Downloads\Trainspotting-soundtrack-#2_2017.zip
2017-02-17 13:40 - 2017-02-17 13:40 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-17 13:33 - 2017-02-17 17:28 - 00000000 ____D C:\AdwCleaner
2017-02-17 13:33 - 2017-02-17 13:33 - 04015056 _____ C:\Users\vojtech\Downloads\adwcleaner_6.043.exe
2017-02-17 13:33 - 2017-02-17 13:33 - 04015056 _____ C:\Users\vojtech\Desktop\adwcleaner_6.043.exe
2017-02-16 10:52 - 2017-02-16 10:52 - 00008157 _____ C:\Users\vojtech\Desktop\Addition.rar
2017-02-16 10:34 - 2017-02-16 10:34 - 00112640 _____ (forum.viry.cz) C:\Users\vojtech\Downloads\FRSTLauncher.exe
2017-02-16 10:34 - 2017-02-16 10:34 - 00029696 _____ C:\Users\vojtech\AppData\Local\MSGBOX.EXE
2017-02-16 10:34 - 2017-02-16 10:34 - 00015327 _____ C:\Users\vojtech\Desktop\LM.bat
2017-02-16 10:33 - 2017-02-20 11:16 - 02422784 _____ (Farbar) C:\Users\vojtech\Desktop\FRST64.exe
2017-02-16 10:32 - 2017-02-20 11:16 - 00000000 ____D C:\FRST
2017-02-16 10:32 - 2017-02-16 10:32 - 02422272 _____ (Farbar) C:\Users\vojtech\Downloads\FRST64.exe
2017-01-31 11:52 - 2017-01-31 11:52 - 00000000 ____D C:\Users\vojtech\Downloads\Rytmus---Krstný-otec-(2016)
2017-01-29 16:13 - 2017-01-29 16:20 - 118644551 _____ C:\Users\vojtech\Downloads\Rytmus---Krstný-otec-(2016).rar
2017-01-28 19:36 - 2017-01-28 19:36 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-01-28 13:28 - 2017-01-28 19:36 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-28 12:30 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-28 12:30 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 20:58 - 2017-01-25 20:58 - 00000000 ____D C:\Users\vojtech\AppData\Roaming\kingsoft
2017-01-25 20:58 - 2017-01-25 20:58 - 00000000 ____D C:\Users\vojtech\AppData\Local\kingsoft
2017-01-25 20:30 - 2017-01-28 12:15 - 00000000 ____D C:\ProgramData\ProductData
2017-01-25 20:30 - 2017-01-28 12:15 - 00000000 ____D C:\ProgramData\IObit
2017-01-25 20:30 - 2017-01-25 20:30 - 00000000 ____D C:\WINDOWS\IObit
2017-01-25 20:30 - 2017-01-25 20:30 - 00000000 ____D C:\ProgramData\Avg
2017-01-25 20:29 - 2017-01-25 20:29 - 00000000 ____D C:\Users\vojtech\AppData\Roaming\IObit
2017-01-25 20:29 - 2017-01-25 20:29 - 00000000 ____D C:\Users\Public\Thunder Network
2017-01-25 20:29 - 2017-01-25 20:29 - 00000000 ____D C:\ProgramData\Thunder Network
2017-01-25 10:44 - 2017-01-25 10:44 - 00024199 _____ C:\Users\vojtech\Downloads\Občanský průkaz, cestovní pas, evidence obyvatel.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-20 10:57 - 2016-09-27 14:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-19 19:39 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-19 19:38 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-19 19:37 - 2016-10-19 08:15 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-02-19 19:37 - 2016-09-27 14:06 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-19 19:37 - 2015-10-05 03:43 - 00000000 __SHD C:\Users\vojtech\IntelGraphicsProfiles
2017-02-19 11:47 - 2016-07-16 23:25 - 00585780 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-19 11:47 - 2016-07-16 23:25 - 00124130 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-19 11:47 - 2015-08-15 06:21 - 01723096 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-19 11:45 - 2016-09-27 14:11 - 00000000 ____D C:\Users\vojtech
2017-02-19 11:44 - 2016-09-27 14:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-19 11:41 - 2016-10-11 14:14 - 00000000 ____D C:\Users\vojtech\Downloads\Mafia-III-(Deluxe-Edition)-PC-game.TORRENT---2016
2017-02-19 11:40 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-18 16:22 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 18:17 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-17 17:22 - 2017-01-02 21:25 - 00000000 ____D C:\Users\vojtech\AppData\LocalLow\Mozilla
2017-02-17 13:39 - 2016-05-19 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-17 13:38 - 2016-05-19 10:58 - 00001124 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-17 13:38 - 2016-05-19 10:57 - 00001136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-17 13:38 - 2015-10-05 04:03 - 00001381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-17 13:38 - 2015-10-05 04:03 - 00001369 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-29 22:58 - 2015-08-15 06:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-01-29 22:58 - 2015-08-15 06:29 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-01-29 22:57 - 2016-05-19 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 19:36 - 2016-09-27 14:06 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-01-28 13:27 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-28 12:22 - 2016-05-04 10:50 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-28 12:16 - 2016-09-27 14:11 - 00000000 ____D C:\Users\joee
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-01-28 12:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-28 12:16 - 2015-07-10 12:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-28 12:15 - 2016-11-26 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Download Casino
2017-01-28 12:15 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-28 12:15 - 2015-08-15 06:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-28 12:15 - 2015-08-15 06:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
2017-01-28 12:15 - 2015-08-15 06:30 - 00000000 ____D C:\ProgramData\Kingsoft
2017-01-28 12:15 - 2015-08-15 06:30 - 00000000 ____D C:\Program Files (x86)\Kingsoft
2017-01-28 12:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-01-28 12:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration
2017-01-28 12:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\IME
2017-01-28 12:06 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2017-01-28 12:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-28 12:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-28 12:05 - 2015-10-05 03:43 - 00000000 ____D C:\Users\vojtech\AppData\Local\Packages
2017-01-28 10:37 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
==================== Files in the root of some directories =======
2017-02-16 10:34 - 2017-02-16 10:34 - 0029696 _____ () C:\Users\vojtech\AppData\Local\MSGBOX.EXE
2015-12-30 01:41 - 2015-12-30 01:41 - 0000000 _____ () C:\Users\vojtech\AppData\Local\{02AB8963-3A53-4256-95EB-F447ABDAC7A6}
2016-09-27 14:05 - 2016-09-27 14:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-15 14:37
==================== End of FRST.txt ============================
- Přílohy
-
- Addition.rar
- (8.16 KiB) Staženo 58 x
Re: Prosim o moderatory o POMOC
Po restartu dejte vedet, jak se PC chova.- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi
Kód: Vybrat vše
Start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd) GroupPolicy: Restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 2017-02-20 11:16 - 2017-02-20 11:16 - 00000000 ____D C:\Users\vojtech\Desktop\FRST-OlderVersion Folder: C:\ProgramData\Avg EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
pepanovak111
- Návštěvník
- Příspěvky: 17
- Registrován: 16 úno 2017 10:42
Re: Prosim o moderatory o POMOC
Pocitac po restartu funguje pomaleji. Malwarebytes pise ze vrstvy ochrany v realnem case byly vypnuty. Vyskakovaci okno co mi skakalo na pozadi jiz neskace,ale neustale je zmenena ikonka prohlizece chrome(viz fotka) ktera se zmenila po instalaci viru.
Fix result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by vojtech (20-02-2017 14:27:06) Run:1
Running from C:\Users\vojtech\Desktop
Loaded Profiles: vojtech (Available Profiles: vojtech)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2017-02-20 11:16 - 2017-02-20 11:16 - 00000000 ____D C:\Users\vojtech\Desktop\FRST-OlderVersion
Folder: C:\ProgramData\Avg
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value removed successfully
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\Users\vojtech\Desktop\FRST-OlderVersion => moved successfully
========================= Folder: C:\ProgramData\Avg ========================
2017-01-25 20:30 - 2017-01-25 20:30 - 0000000 ____D () C:\ProgramData\Avg\AV
2017-01-25 20:30 - 2017-01-25 20:30 - 0000000 ____D () C:\ProgramData\Avg\AV\DB
2017-01-25 20:30 - 2017-01-25 20:30 - 0020480 _____ () C:\ProgramData\Avg\AV\DB\exceptions.dat
====== End of Folder: ======
=========== EmptyTemp: ==========
BITS transfer queue => 35212 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9584450 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 13444540 B
Edge => 0 B
Chrome => 9437385 B
Firefox => 11353128 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 4934 B
NetworkService => 0 B
vojtech => 57560678 B
joee => 103220 B
RecycleBin => 69650 B
EmptyTemp: => 96.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:27:51 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by vojtech (20-02-2017 14:27:06) Run:1
Running from C:\Users\vojtech\Desktop
Loaded Profiles: vojtech (Available Profiles: vojtech)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2907154185-3220450674-2821832196-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2017-02-20 11:16 - 2017-02-20 11:16 - 00000000 ____D C:\Users\vojtech\Desktop\FRST-OlderVersion
Folder: C:\ProgramData\Avg
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value removed successfully
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2907154185-3220450674-2821832196-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\Users\vojtech\Desktop\FRST-OlderVersion => moved successfully
========================= Folder: C:\ProgramData\Avg ========================
2017-01-25 20:30 - 2017-01-25 20:30 - 0000000 ____D () C:\ProgramData\Avg\AV
2017-01-25 20:30 - 2017-01-25 20:30 - 0000000 ____D () C:\ProgramData\Avg\AV\DB
2017-01-25 20:30 - 2017-01-25 20:30 - 0020480 _____ () C:\ProgramData\Avg\AV\DB\exceptions.dat
====== End of Folder: ======
=========== EmptyTemp: ==========
BITS transfer queue => 35212 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9584450 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 13444540 B
Edge => 0 B
Chrome => 9437385 B
Firefox => 11353128 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 4934 B
NetworkService => 0 B
vojtech => 57560678 B
joee => 103220 B
RecycleBin => 69650 B
EmptyTemp: => 96.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:27:51 ====
- Přílohy
-
- screen plocha.png (54.8 KiB) Zobrazeno 1814 x
Re: Prosim o moderatory o POMOC
Na obrazku je jaky prohlizec? Edge? Malwarebytes Antimalware odinstalujte. V PC mate drivery, ktere patri k McAfee, ale mezi nainstalovanymi programy McAfee neni - pouzivate jej? Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/
- spuste dvojklikem a extrahujte na plochu
- kliknete na Next
- aktualizujte virovou databazi klikem na Update a pokracujte na Next
- vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 20 minut)
- zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
- kliknete na Cleanup a souhlaste s restartem - Yes
- obsah logu ulozene na plose v mbar\mbar-log-2017-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
pepanovak111
- Návštěvník
- Příspěvky: 17
- Registrován: 16 úno 2017 10:42
Re: Prosim o moderatory o POMOC
Na obrazku je prohlizec Google Chrome. Zapnu ho klasickym znakem chrome(na obrazku vedle sipky)ale po otevreni ma znak toho bileho papiru ktery je pod sipkou.
McAfee nepouzivam.
Vami doporuceny program jsem nainstaloval,scanoval ale zadne malware nenasel.
McAfee nepouzivam.
Vami doporuceny program jsem nainstaloval,scanoval ale zadne malware nenasel.
Re: Prosim o moderatory o POMOC
Pouzijte prosim Junkware Removal Tool a vlozte log z jeho cinnosti https://www.bleepingcomputer.com/downlo ... oval-tool/
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?