Hezký den,
v počítači se mi objevil Google Chrome. Když ho dám odinstalovat, objeví se mi "Přidat nebo odebrat programy" (WIN10), kde však tato položka není...zástupce pak odkazuje na cíl, který má být někde v Program Files, kde ale nic také není. Patrně se jedná o virus. Můžete mi prosím pomoci? Už jsem to jednou manuálně odstranil, ale opět se v počítači objevil. Děkuji za radu.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Falešný Google Chrome?
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Falešný Google Chrome?
Zdravím!
Nenaistaloval jste si ho do Users\váš profil?
Nenaistaloval jste si ho do Users\váš profil?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Falešný Google Chrome?
Díky za reakci! Ale ne, tam nic není...
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Falešný Google Chrome?
OK. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Falešný Google Chrome?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:35:24, on 21.2.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x86__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\___\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\DllHost.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x86__8wekyb3d8bbwe\Video.UI.exe
C:\Windows\System32\smartscreen.exe
C:\Users\___\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [WindowsDefender] "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\___\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\system32\atiesrxx.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\STacSV.exe
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files\Wondershare\WAF\2.1.6.0\WsAppService.exe
--
End of file - 5737 bytes
Scan saved at 21:35:24, on 21.2.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x86__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\___\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\DllHost.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x86__8wekyb3d8bbwe\Video.UI.exe
C:\Windows\System32\smartscreen.exe
C:\Users\___\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [WindowsDefender] "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\___\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\system32\atiesrxx.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\STacSV.exe
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files\Wondershare\WAF\2.1.6.0\WsAppService.exe
--
End of file - 5737 bytes
Re: Falešný Google Chrome?
Pardon, tak tady je to:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-02-2017
Ran by ___ (administrator) on ___-PC (21-02-2017 21:43:38)
Running from C:\Users\___\Desktop
Loaded Profiles: ___ (Available Profiles: ___)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IEC) C:\Config.Msi\471587.rbf
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\AEstSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Wondershare) C:\Program Files\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x86__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\___\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6828448 2017-02-13] (SUPERAntiSpyware)
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3777728 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {5deb70af-e564-11e6-a70a-0027133b9d6d} - "F:\setup\rsrc\Autorun.exe"
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {80a30735-4d02-11e6-a6ca-0027133b9d6d} - "G:\Autorun.exe"
HKLM\...\Providers\4npy9w9v: C:\Program Files\Vgaentqafik Cloud\local32spl.dll
ShellExecuteHooks: No Name - {17F3D7BA-DE42-11E6-B7E8-64006A5CFC23} - C:\Users\___\AppData\Roaming\Anarech\Migosavocult.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ccb5779f-576b-4599-9771-04b6bcd1d09b}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: dsuxlskh.default
FF ProfilePath: C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default [2017-02-21]
FF Homepage: Mozilla\Firefox\Profiles\dsuxlskh.default -> hxxps://www.google.cz/
FF Extension: (Download Manager (S3)) - C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default\Extensions\s3download@statusbar.xpi [2017-01-28]
FF Extension: (Adblock Plus) - C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default\features\{6481995f-66e6-4a40-b7b6-593a3f766455}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF ProfilePath: C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default [2017-02-20]
FF Homepage: Firefox\Firefox\Profiles\dsuxlskh.default -> www.google.com/
FF Extension: (Czech (CZ) Language Pack) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-02-20] [not signed]
FF Extension: (Download Manager (S3)) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\Extensions\s3download@statusbar.xpi [2017-01-28]
FF Extension: (Adblock Plus) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\features\{6481995f-66e6-4a40-b7b6-593a3f766455}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-22] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/"
CHR Profile: C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-07] <==== ATTENTION
CHR Extension: (Vyhledávání Google) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Tabulky Google) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-31]
CHR Extension: (Dokumenty Google offline) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-31]
CHR Extension: (Avast Online Security) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-31]
CHR Extension: (Gmail) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-13] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [111104 2017-02-17] () [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1142464 2016-12-22] (Disc Soft Ltd)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\STacSV.exe [229458 2010-03-17] (IDT, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
S2 Prcule; C:\Program Files\Sipeied\PhehesyreefukMnt.dll [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [26168 2016-07-18] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [40504 2016-07-18] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R1 MpKslc2b53a44; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4E3911B9-42B7-438D-B415-9A723D97CE82}\MpKslc2b53a44.sys [39168 2017-02-20] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x86.sys [242688 2016-07-16] (Marvell)
U0 aswVmm; no ImagePath
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-21 21:43 - 2017-02-21 21:44 - 00012571 _____ C:\Users\___\Desktop\FRST.txt
2017-02-21 21:43 - 2017-02-21 21:43 - 00000000 ____D C:\FRST
2017-02-21 21:41 - 2017-02-21 21:41 - 00112640 _____ (forum.viry.cz) C:\Users\___\Desktop\FRSTLauncher.exe
2017-02-21 21:40 - 2017-02-21 21:40 - 01764864 _____ (Farbar) C:\Users\___\Desktop\FRST.exe
2017-02-21 21:33 - 2017-02-21 21:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\___\Downloads\hijackthis.exe
2017-02-21 20:19 - 2017-02-21 20:19 - 00000231 _____ C:\Users\___\Desktop\Žehlicí prkna od Méně než 1 000 Kč, Elektrické - Heureka.cz.URL
2017-02-21 20:11 - 2017-02-21 20:11 - 00000000 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky(1).avi
2017-02-21 18:05 - 2017-02-21 19:27 - 1469417870 _____ C:\Users\___\Downloads\Noční-zvířata-Nocturnal-Animals-(2016)-CZ-titulky.mp4
2017-02-21 16:52 - 2017-02-21 19:20 - 2527205430 _____ C:\Users\___\Downloads\Captain-America_Obcanska-valka---Captain-America_Civil-War-2016_cz.avi
2017-02-21 16:10 - 2017-02-21 16:10 - 00000000 ___HD C:\OneDriveTemp
2017-02-20 21:18 - 2017-02-20 22:49 - 1629626354 _____ C:\Users\___\Downloads\Bridge-of-Spies---Most-spionu---2015(1).avi
2017-02-20 21:17 - 2017-02-21 20:11 - 1677567641 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky(1).avi.part
2017-02-20 20:30 - 2017-02-20 20:31 - 00000000 ____D C:\Users\___\Desktop\tisk doučko
2017-02-20 20:25 - 2017-02-20 21:14 - 876511232 _____ C:\Users\___\Downloads\Bridge-of-Spies---Most-spionu---2015.avi.part
2017-02-20 20:25 - 2017-02-20 20:25 - 00000000 _____ C:\Users\___\Downloads\Bridge-of-Spies---Most-spionu---2015.avi
2017-02-20 20:24 - 2017-02-20 21:14 - 885832313 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky.avi.part
2017-02-20 20:24 - 2017-02-20 20:24 - 00000000 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky.avi
2017-02-20 17:42 - 2017-02-20 22:32 - 00000000 ____D C:\Program Files\BikaQRssReader
2017-02-20 17:42 - 2017-02-20 17:42 - 00000000 ____D C:\Program Files\WinSnare(4.1.2)
2017-02-20 16:21 - 2017-02-20 17:42 - 1439502082 _____ C:\Users\___\Downloads\Spotlight_2015_CZ-tit_82csfd_SvetN_.avi
2017-02-20 16:18 - 2017-02-20 17:40 - 1468306025 _____ C:\Users\___\Downloads\ozark.sharks.2016.mp4
2017-02-20 15:48 - 2017-02-20 15:48 - 00000000 ____D C:\Users\___\Documents\aMule Downloads
2017-02-19 20:15 - 2017-02-19 20:15 - 00093710 _____ C:\Users\___\Downloads\Hacksaw.Ridge.2016.WEB-DL.XviD.AC3-FGT.srt
2017-02-17 09:54 - 2017-02-20 22:32 - 00000000 ____D C:\Users\___\AppData\Roaming\aMule
2017-02-17 09:54 - 2017-02-20 17:42 - 00000000 ____D C:\Program Files\WinSnare(4.1.1)
2017-02-17 08:54 - 2017-02-17 08:54 - 00000000 ____D C:\Users\___\AppData\Local\Firefox
2017-02-17 08:53 - 2017-02-17 08:53 - 00000000 ____D C:\Users\___\AppData\Roaming\Firefox
2017-02-17 08:53 - 2017-02-17 08:53 - 00000000 ____D C:\ProgramData\Apple
2017-02-17 08:50 - 2017-02-21 16:06 - 00000144 _____ C:\Users\Public\Documents\temp.dat
2017-02-17 08:50 - 2017-02-20 20:55 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-02-14 16:38 - 2017-02-14 16:38 - 00000224 _____ C:\Users\___\Desktop\Rezervace Ceník Sokol Zábřeh.URL
2017-02-13 15:13 - 2017-02-17 09:54 - 00000000 ____D C:\Program Files\WinSnare(4.1.0)
2017-02-09 15:40 - 2017-02-09 15:40 - 00002457 _____ C:\Users\___\Desktop\TimeGate.lnk
2017-02-09 15:39 - 2017-02-09 15:40 - 78394880 _____ C:\Users\___\Downloads\timegate.exe
2017-02-08 21:38 - 2017-02-20 17:38 - 00029160 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-02-08 20:24 - 2017-02-13 15:13 - 00000000 ____D C:\Program Files\WinSnare(4.0.9)
2017-02-08 20:23 - 2017-02-20 17:38 - 00000000 ____D C:\Program Files\4npy9w9v
2017-02-07 20:28 - 2017-02-21 19:47 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-07 20:27 - 2017-02-08 22:05 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-02-07 20:27 - 2017-02-08 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-02-07 20:27 - 2017-02-08 22:05 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-02-07 20:27 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-07 20:27 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-07 20:27 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-07 20:25 - 2017-02-07 20:25 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\___\Downloads\mbam-setup-2.1.4.1018.exe
2017-01-29 10:05 - 2017-01-29 10:05 - 00001211 _____ C:\Users\___\Desktop\Return to Castle Wolfenstein (Single Player).lnk
2017-01-29 10:05 - 2017-01-29 10:05 - 00001211 _____ C:\Users\___\Desktop\Return to Castle Wolfenstein (Multiplayer).lnk
2017-01-29 10:04 - 2017-01-29 10:05 - 00000000 ____D C:\Program Files\Return to Castle Wolfenstein - Platinum Edition
2017-01-29 09:51 - 2017-01-29 10:05 - 00000000 ____D C:\Users\___\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein - Platinum Edition
2017-01-29 09:51 - 2017-01-29 09:51 - 00001097 _____ C:\Users\___\Desktop\Wolfenstein - Enemy Territory.lnk
2017-01-29 09:50 - 2017-01-29 09:57 - 00000000 ____D C:\Program Files\Wolfenstein - Enemy Territory
2017-01-29 09:43 - 2017-01-29 10:05 - 00001045 _____ C:\WINDOWS\Rtcwplat.INI
2017-01-29 09:41 - 2017-01-29 09:41 - 00000000 ____D C:\Users\___\Downloads\Return-to-Castle-Wolfenstein---Platinum-Edition-PC-iso-[ResourceRG-Games-by-KloWn]
2017-01-29 09:39 - 2017-01-29 09:39 - 00000000 ____D C:\ProgramData\Avira
2017-01-29 09:39 - 2017-01-29 09:39 - 00000000 ____D C:\ProgramData\Avg
2017-01-29 09:39 - 2017-01-29 09:39 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-29 09:38 - 2017-02-07 19:45 - 00000000 ____D C:\Users\___\AppData\Roaming\Anarech
2017-01-29 09:38 - 2017-01-29 09:38 - 00000000 ____D C:\Users\___\AppData\Local\Quncult
2017-01-29 09:37 - 2017-01-29 09:39 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-01-29 09:37 - 2017-01-29 09:37 - 00001999 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-01-29 09:37 - 2017-01-29 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-01-28 23:32 - 2017-01-29 00:30 - 1008856919 _____ C:\Users\___\Downloads\Return-to-Castle-Wolfenstein---Platinum-Edition-PC-iso-[ResourceRG-Games-by-KloWn].rar
2017-01-28 15:44 - 2017-01-28 15:44 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2017-01-28 15:44 - 2017-01-28 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-01-28 15:44 - 2017-01-28 15:44 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2017-01-28 15:43 - 2017-01-28 15:43 - 00000000 ___HD C:\Program Files\CanonBJ
2017-01-28 15:43 - 2017-01-28 15:43 - 00000000 ____D C:\WINDOWS\system32\STRING
2017-01-28 15:43 - 2012-06-14 17:18 - 00366592 _____ (CANON INC.) C:\WINDOWS\system32\CNMNPPM.DLL
2017-01-28 15:43 - 2012-06-14 17:18 - 00035840 _____ (CANON INC.) C:\WINDOWS\system32\CNMNPUI.DLL
2017-01-28 15:41 - 2017-02-08 22:26 - 00000000 ____D C:\Program Files\Canon
2017-01-28 15:40 - 2017-01-28 15:40 - 22842528 _____ C:\Users\___\Downloads\mast-win-mg3100-1_1-ucd.exe
2017-01-28 15:40 - 2017-01-28 15:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-28 15:40 - 2011-04-27 11:00 - 00323584 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARL.dll
2017-01-28 15:40 - 2011-03-31 10:07 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARU.dll
2017-01-28 15:40 - 2011-03-31 10:05 - 00286720 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARC.dll
2017-01-28 15:40 - 2011-03-31 10:05 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARI.dll
2017-01-28 15:40 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA.dll
2017-01-28 15:26 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-21 21:34 - 2016-01-16 16:09 - 00000000 ____D C:\Users\___\AppData\Local\VirtualStore
2017-02-21 21:32 - 2016-09-28 17:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-21 21:32 - 2016-01-27 20:13 - 00000000 ____D C:\Users\___\AppData\Roaming\vlc
2017-02-21 18:12 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-21 16:31 - 2016-11-18 13:20 - 00000000 ____D C:\Users\___\AppData\LocalLow\Mozilla
2017-02-21 16:10 - 2016-04-03 07:08 - 00000000 ___RD C:\Users\___\OneDrive
2017-02-20 21:15 - 2016-09-28 18:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-20 21:14 - 2016-07-16 03:22 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-20 21:13 - 2016-11-18 13:20 - 00001984 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-20 20:34 - 2016-03-01 18:31 - 00000000 ____D C:\Users\___\Documents\Soubory aplikace Outlook
2017-02-20 17:44 - 2016-01-16 16:23 - 00002030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-20 16:09 - 2016-01-31 11:43 - 00000000 ____D C:\Users\___\AppData\Local\Google
2017-02-20 16:02 - 2016-07-16 18:04 - 00000000 ____D C:\WINDOWS\RemotePackages
2017-02-20 16:02 - 2016-07-16 09:29 - 00000000 ____D C:\Program Files\Common Files\Services
2017-02-20 15:37 - 2016-07-16 09:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-19 22:48 - 2016-01-19 16:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-07 20:53 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-01-29 11:40 - 2016-11-18 11:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-29 11:40 - 2016-05-29 10:35 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-29 11:40 - 2016-01-16 16:23 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-01-29 11:39 - 2016-09-28 17:53 - 00000000 ____D C:\Users\___
2017-01-29 09:42 - 2016-07-18 17:44 - 00000000 ____D C:\Users\___\AppData\Roaming\DAEMON Tools Lite
2017-01-29 09:39 - 2016-06-16 13:07 - 00000000 ____D C:\Sygic
2017-01-29 09:39 - 2016-04-28 21:08 - 00000000 ____D C:\Kontakty telefon - záloha
2017-01-29 09:39 - 2016-01-31 11:49 - 00000000 ___RD C:\Program Files\Skype
2017-01-29 09:39 - 2016-01-16 18:26 - 00000000 ____D C:\Pepča
2017-01-29 09:39 - 2016-01-16 16:28 - 00000000 ____D C:\c607b7d8a7ac65340e4282ec44b422
2017-01-28 23:34 - 2016-10-04 13:44 - 00000000 ____D C:\Users\___\Documents\My Games
2017-01-28 23:34 - 2016-01-16 19:00 - 00000000 ____D C:\Hry
2017-01-28 23:34 - 2016-01-16 16:11 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-01-28 23:31 - 2016-02-13 13:12 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-28 15:44 - 2016-07-16 09:28 - 00000000 ____D C:\WINDOWS\INF
2017-01-28 15:40 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\Media
2017-01-28 15:30 - 2016-07-16 09:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 20:16 - 2016-04-03 07:08 - 00002421 _____ C:\Users\___\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-22 14:14 - 2016-11-18 13:21 - 00000030 _____ C:\AVScanner.ini
2017-01-22 14:14 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-22 14:14 - 2016-01-19 16:13 - 00000000 ____D C:\Users\___\AppData\Local\Adobe
2017-01-22 11:24 - 2016-05-03 09:49 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories =======
2016-10-06 20:56 - 2016-10-06 20:56 - 0000040 _____ () C:\ProgramData\ra3.ini
Some files in TEMP:
====================
2017-01-29 09:36 - 2017-01-29 09:36 - 0692488 _____ (Disc Soft Ltd.) C:\Users\___\AppData\Local\Temp\DAEMON Tools Lite.exe
2017-01-28 15:41 - 2011-05-10 15:49 - 0852080 ____N (CANON INC.) C:\Users\___\AppData\Local\Temp\MSETUP4.EXE
2016-08-16 08:48 - 2016-08-16 08:48 - 0488960 _____ () C:\Users\___\AppData\Local\Temp\sqlite3.exe
2017-01-28 15:43 - 2011-03-23 13:48 - 0349592 _____ (CANON INC.) C:\Users\___\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\___\Desktop" je 22180 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-02-2017
Ran by ___ (administrator) on ___-PC (21-02-2017 21:43:38)
Running from C:\Users\___\Desktop
Loaded Profiles: ___ (Available Profiles: ___)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IEC) C:\Config.Msi\471587.rbf
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\AEstSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Wondershare) C:\Program Files\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x86__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\___\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6828448 2017-02-13] (SUPERAntiSpyware)
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3777728 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {5deb70af-e564-11e6-a70a-0027133b9d6d} - "F:\setup\rsrc\Autorun.exe"
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {80a30735-4d02-11e6-a6ca-0027133b9d6d} - "G:\Autorun.exe"
HKLM\...\Providers\4npy9w9v: C:\Program Files\Vgaentqafik Cloud\local32spl.dll
ShellExecuteHooks: No Name - {17F3D7BA-DE42-11E6-B7E8-64006A5CFC23} - C:\Users\___\AppData\Roaming\Anarech\Migosavocult.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ccb5779f-576b-4599-9771-04b6bcd1d09b}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: dsuxlskh.default
FF ProfilePath: C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default [2017-02-21]
FF Homepage: Mozilla\Firefox\Profiles\dsuxlskh.default -> hxxps://www.google.cz/
FF Extension: (Download Manager (S3)) - C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default\Extensions\s3download@statusbar.xpi [2017-01-28]
FF Extension: (Adblock Plus) - C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default\features\{6481995f-66e6-4a40-b7b6-593a3f766455}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF ProfilePath: C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default [2017-02-20]
FF Homepage: Firefox\Firefox\Profiles\dsuxlskh.default -> www.google.com/
FF Extension: (Czech (CZ) Language Pack) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-02-20] [not signed]
FF Extension: (Download Manager (S3)) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\Extensions\s3download@statusbar.xpi [2017-01-28]
FF Extension: (Adblock Plus) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\features\{6481995f-66e6-4a40-b7b6-593a3f766455}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-22] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/"
CHR Profile: C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-07] <==== ATTENTION
CHR Extension: (Vyhledávání Google) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Tabulky Google) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-31]
CHR Extension: (Dokumenty Google offline) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-31]
CHR Extension: (Avast Online Security) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-31]
CHR Extension: (Gmail) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-13] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [111104 2017-02-17] () [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1142464 2016-12-22] (Disc Soft Ltd)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\STacSV.exe [229458 2010-03-17] (IDT, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
S2 Prcule; C:\Program Files\Sipeied\PhehesyreefukMnt.dll [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [26168 2016-07-18] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [40504 2016-07-18] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R1 MpKslc2b53a44; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4E3911B9-42B7-438D-B415-9A723D97CE82}\MpKslc2b53a44.sys [39168 2017-02-20] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x86.sys [242688 2016-07-16] (Marvell)
U0 aswVmm; no ImagePath
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-21 21:43 - 2017-02-21 21:44 - 00012571 _____ C:\Users\___\Desktop\FRST.txt
2017-02-21 21:43 - 2017-02-21 21:43 - 00000000 ____D C:\FRST
2017-02-21 21:41 - 2017-02-21 21:41 - 00112640 _____ (forum.viry.cz) C:\Users\___\Desktop\FRSTLauncher.exe
2017-02-21 21:40 - 2017-02-21 21:40 - 01764864 _____ (Farbar) C:\Users\___\Desktop\FRST.exe
2017-02-21 21:33 - 2017-02-21 21:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\___\Downloads\hijackthis.exe
2017-02-21 20:19 - 2017-02-21 20:19 - 00000231 _____ C:\Users\___\Desktop\Žehlicí prkna od Méně než 1 000 Kč, Elektrické - Heureka.cz.URL
2017-02-21 20:11 - 2017-02-21 20:11 - 00000000 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky(1).avi
2017-02-21 18:05 - 2017-02-21 19:27 - 1469417870 _____ C:\Users\___\Downloads\Noční-zvířata-Nocturnal-Animals-(2016)-CZ-titulky.mp4
2017-02-21 16:52 - 2017-02-21 19:20 - 2527205430 _____ C:\Users\___\Downloads\Captain-America_Obcanska-valka---Captain-America_Civil-War-2016_cz.avi
2017-02-21 16:10 - 2017-02-21 16:10 - 00000000 ___HD C:\OneDriveTemp
2017-02-20 21:18 - 2017-02-20 22:49 - 1629626354 _____ C:\Users\___\Downloads\Bridge-of-Spies---Most-spionu---2015(1).avi
2017-02-20 21:17 - 2017-02-21 20:11 - 1677567641 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky(1).avi.part
2017-02-20 20:30 - 2017-02-20 20:31 - 00000000 ____D C:\Users\___\Desktop\tisk doučko
2017-02-20 20:25 - 2017-02-20 21:14 - 876511232 _____ C:\Users\___\Downloads\Bridge-of-Spies---Most-spionu---2015.avi.part
2017-02-20 20:25 - 2017-02-20 20:25 - 00000000 _____ C:\Users\___\Downloads\Bridge-of-Spies---Most-spionu---2015.avi
2017-02-20 20:24 - 2017-02-20 21:14 - 885832313 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky.avi.part
2017-02-20 20:24 - 2017-02-20 20:24 - 00000000 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky.avi
2017-02-20 17:42 - 2017-02-20 22:32 - 00000000 ____D C:\Program Files\BikaQRssReader
2017-02-20 17:42 - 2017-02-20 17:42 - 00000000 ____D C:\Program Files\WinSnare(4.1.2)
2017-02-20 16:21 - 2017-02-20 17:42 - 1439502082 _____ C:\Users\___\Downloads\Spotlight_2015_CZ-tit_82csfd_SvetN_.avi
2017-02-20 16:18 - 2017-02-20 17:40 - 1468306025 _____ C:\Users\___\Downloads\ozark.sharks.2016.mp4
2017-02-20 15:48 - 2017-02-20 15:48 - 00000000 ____D C:\Users\___\Documents\aMule Downloads
2017-02-19 20:15 - 2017-02-19 20:15 - 00093710 _____ C:\Users\___\Downloads\Hacksaw.Ridge.2016.WEB-DL.XviD.AC3-FGT.srt
2017-02-17 09:54 - 2017-02-20 22:32 - 00000000 ____D C:\Users\___\AppData\Roaming\aMule
2017-02-17 09:54 - 2017-02-20 17:42 - 00000000 ____D C:\Program Files\WinSnare(4.1.1)
2017-02-17 08:54 - 2017-02-17 08:54 - 00000000 ____D C:\Users\___\AppData\Local\Firefox
2017-02-17 08:53 - 2017-02-17 08:53 - 00000000 ____D C:\Users\___\AppData\Roaming\Firefox
2017-02-17 08:53 - 2017-02-17 08:53 - 00000000 ____D C:\ProgramData\Apple
2017-02-17 08:50 - 2017-02-21 16:06 - 00000144 _____ C:\Users\Public\Documents\temp.dat
2017-02-17 08:50 - 2017-02-20 20:55 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-02-14 16:38 - 2017-02-14 16:38 - 00000224 _____ C:\Users\___\Desktop\Rezervace Ceník Sokol Zábřeh.URL
2017-02-13 15:13 - 2017-02-17 09:54 - 00000000 ____D C:\Program Files\WinSnare(4.1.0)
2017-02-09 15:40 - 2017-02-09 15:40 - 00002457 _____ C:\Users\___\Desktop\TimeGate.lnk
2017-02-09 15:39 - 2017-02-09 15:40 - 78394880 _____ C:\Users\___\Downloads\timegate.exe
2017-02-08 21:38 - 2017-02-20 17:38 - 00029160 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-02-08 20:24 - 2017-02-13 15:13 - 00000000 ____D C:\Program Files\WinSnare(4.0.9)
2017-02-08 20:23 - 2017-02-20 17:38 - 00000000 ____D C:\Program Files\4npy9w9v
2017-02-07 20:28 - 2017-02-21 19:47 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-07 20:27 - 2017-02-08 22:05 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-02-07 20:27 - 2017-02-08 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-02-07 20:27 - 2017-02-08 22:05 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-02-07 20:27 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-07 20:27 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-07 20:27 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-07 20:25 - 2017-02-07 20:25 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\___\Downloads\mbam-setup-2.1.4.1018.exe
2017-01-29 10:05 - 2017-01-29 10:05 - 00001211 _____ C:\Users\___\Desktop\Return to Castle Wolfenstein (Single Player).lnk
2017-01-29 10:05 - 2017-01-29 10:05 - 00001211 _____ C:\Users\___\Desktop\Return to Castle Wolfenstein (Multiplayer).lnk
2017-01-29 10:04 - 2017-01-29 10:05 - 00000000 ____D C:\Program Files\Return to Castle Wolfenstein - Platinum Edition
2017-01-29 09:51 - 2017-01-29 10:05 - 00000000 ____D C:\Users\___\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein - Platinum Edition
2017-01-29 09:51 - 2017-01-29 09:51 - 00001097 _____ C:\Users\___\Desktop\Wolfenstein - Enemy Territory.lnk
2017-01-29 09:50 - 2017-01-29 09:57 - 00000000 ____D C:\Program Files\Wolfenstein - Enemy Territory
2017-01-29 09:43 - 2017-01-29 10:05 - 00001045 _____ C:\WINDOWS\Rtcwplat.INI
2017-01-29 09:41 - 2017-01-29 09:41 - 00000000 ____D C:\Users\___\Downloads\Return-to-Castle-Wolfenstein---Platinum-Edition-PC-iso-[ResourceRG-Games-by-KloWn]
2017-01-29 09:39 - 2017-01-29 09:39 - 00000000 ____D C:\ProgramData\Avira
2017-01-29 09:39 - 2017-01-29 09:39 - 00000000 ____D C:\ProgramData\Avg
2017-01-29 09:39 - 2017-01-29 09:39 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-29 09:38 - 2017-02-07 19:45 - 00000000 ____D C:\Users\___\AppData\Roaming\Anarech
2017-01-29 09:38 - 2017-01-29 09:38 - 00000000 ____D C:\Users\___\AppData\Local\Quncult
2017-01-29 09:37 - 2017-01-29 09:39 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-01-29 09:37 - 2017-01-29 09:37 - 00001999 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-01-29 09:37 - 2017-01-29 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-01-28 23:32 - 2017-01-29 00:30 - 1008856919 _____ C:\Users\___\Downloads\Return-to-Castle-Wolfenstein---Platinum-Edition-PC-iso-[ResourceRG-Games-by-KloWn].rar
2017-01-28 15:44 - 2017-01-28 15:44 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2017-01-28 15:44 - 2017-01-28 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-01-28 15:44 - 2017-01-28 15:44 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2017-01-28 15:43 - 2017-01-28 15:43 - 00000000 ___HD C:\Program Files\CanonBJ
2017-01-28 15:43 - 2017-01-28 15:43 - 00000000 ____D C:\WINDOWS\system32\STRING
2017-01-28 15:43 - 2012-06-14 17:18 - 00366592 _____ (CANON INC.) C:\WINDOWS\system32\CNMNPPM.DLL
2017-01-28 15:43 - 2012-06-14 17:18 - 00035840 _____ (CANON INC.) C:\WINDOWS\system32\CNMNPUI.DLL
2017-01-28 15:41 - 2017-02-08 22:26 - 00000000 ____D C:\Program Files\Canon
2017-01-28 15:40 - 2017-01-28 15:40 - 22842528 _____ C:\Users\___\Downloads\mast-win-mg3100-1_1-ucd.exe
2017-01-28 15:40 - 2017-01-28 15:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-28 15:40 - 2011-04-27 11:00 - 00323584 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARL.dll
2017-01-28 15:40 - 2011-03-31 10:07 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARU.dll
2017-01-28 15:40 - 2011-03-31 10:05 - 00286720 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARC.dll
2017-01-28 15:40 - 2011-03-31 10:05 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARI.dll
2017-01-28 15:40 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA.dll
2017-01-28 15:26 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-21 21:34 - 2016-01-16 16:09 - 00000000 ____D C:\Users\___\AppData\Local\VirtualStore
2017-02-21 21:32 - 2016-09-28 17:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-21 21:32 - 2016-01-27 20:13 - 00000000 ____D C:\Users\___\AppData\Roaming\vlc
2017-02-21 18:12 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-21 16:31 - 2016-11-18 13:20 - 00000000 ____D C:\Users\___\AppData\LocalLow\Mozilla
2017-02-21 16:10 - 2016-04-03 07:08 - 00000000 ___RD C:\Users\___\OneDrive
2017-02-20 21:15 - 2016-09-28 18:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-20 21:14 - 2016-07-16 03:22 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-20 21:13 - 2016-11-18 13:20 - 00001984 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-20 20:34 - 2016-03-01 18:31 - 00000000 ____D C:\Users\___\Documents\Soubory aplikace Outlook
2017-02-20 17:44 - 2016-01-16 16:23 - 00002030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-20 16:09 - 2016-01-31 11:43 - 00000000 ____D C:\Users\___\AppData\Local\Google
2017-02-20 16:02 - 2016-07-16 18:04 - 00000000 ____D C:\WINDOWS\RemotePackages
2017-02-20 16:02 - 2016-07-16 09:29 - 00000000 ____D C:\Program Files\Common Files\Services
2017-02-20 15:37 - 2016-07-16 09:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-19 22:48 - 2016-01-19 16:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-07 20:53 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-01-29 11:40 - 2016-11-18 11:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-29 11:40 - 2016-05-29 10:35 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-29 11:40 - 2016-01-16 16:23 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-01-29 11:39 - 2016-09-28 17:53 - 00000000 ____D C:\Users\___
2017-01-29 09:42 - 2016-07-18 17:44 - 00000000 ____D C:\Users\___\AppData\Roaming\DAEMON Tools Lite
2017-01-29 09:39 - 2016-06-16 13:07 - 00000000 ____D C:\Sygic
2017-01-29 09:39 - 2016-04-28 21:08 - 00000000 ____D C:\Kontakty telefon - záloha
2017-01-29 09:39 - 2016-01-31 11:49 - 00000000 ___RD C:\Program Files\Skype
2017-01-29 09:39 - 2016-01-16 18:26 - 00000000 ____D C:\Pepča
2017-01-29 09:39 - 2016-01-16 16:28 - 00000000 ____D C:\c607b7d8a7ac65340e4282ec44b422
2017-01-28 23:34 - 2016-10-04 13:44 - 00000000 ____D C:\Users\___\Documents\My Games
2017-01-28 23:34 - 2016-01-16 19:00 - 00000000 ____D C:\Hry
2017-01-28 23:34 - 2016-01-16 16:11 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-01-28 23:31 - 2016-02-13 13:12 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-28 15:44 - 2016-07-16 09:28 - 00000000 ____D C:\WINDOWS\INF
2017-01-28 15:40 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\Media
2017-01-28 15:30 - 2016-07-16 09:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 20:16 - 2016-04-03 07:08 - 00002421 _____ C:\Users\___\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-22 14:14 - 2016-11-18 13:21 - 00000030 _____ C:\AVScanner.ini
2017-01-22 14:14 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-22 14:14 - 2016-01-19 16:13 - 00000000 ____D C:\Users\___\AppData\Local\Adobe
2017-01-22 11:24 - 2016-05-03 09:49 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories =======
2016-10-06 20:56 - 2016-10-06 20:56 - 0000040 _____ () C:\ProgramData\ra3.ini
Some files in TEMP:
====================
2017-01-29 09:36 - 2017-01-29 09:36 - 0692488 _____ (Disc Soft Ltd.) C:\Users\___\AppData\Local\Temp\DAEMON Tools Lite.exe
2017-01-28 15:41 - 2011-05-10 15:49 - 0852080 ____N (CANON INC.) C:\Users\___\AppData\Local\Temp\MSETUP4.EXE
2016-08-16 08:48 - 2016-08-16 08:48 - 0488960 _____ () C:\Users\___\AppData\Local\Temp\sqlite3.exe
2017-01-28 15:43 - 2011-03-23 13:48 - 0349592 _____ (CANON INC.) C:\Users\___\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\___\Desktop" je 22180 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Falešný Google Chrome?
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Falešný Google Chrome?
# AdwCleaner v6.043 - Log vytvořen 21/02/2017 v 22:14:13
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-20.3 [Server]
# Operační systém : Windows 10 Pro (X86)
# Uživatelské jméno : ___ - ___-PC
# Spuštěno z : C:\Users\___\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Program Files\WinSnare(4.0.9)
[-] Složka smazána: C:\Program Files\WinSnare(4.1.0)
[-] Složka smazána: C:\Program Files\WinSnare(4.1.1)
[-] Složka smazána: C:\Program Files\WinSnare(4.1.2)
[-] Složka smazána: C:\Users\___\AppData\Roaming\aMule
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKU\.DEFAULT\Software\ecb`nl
[-] Klíč smazán: HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\Software\WinSnare
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ecb`nl
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\WinSnare
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\Reimage
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\ecb`nl
[-] Klíč smazán: HKLM\SOFTWARE\amule-custom
[-] Klíč smazán: HKLM\SOFTWARE\InterSect Alliance
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSnare]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx]
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2325 Bajty] - [21/02/2017 22:14:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [2616 Bajty] - [21/02/2017 22:13:41]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2471 Bajty] ##########
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-20.3 [Server]
# Operační systém : Windows 10 Pro (X86)
# Uživatelské jméno : ___ - ___-PC
# Spuštěno z : C:\Users\___\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Program Files\WinSnare(4.0.9)
[-] Složka smazána: C:\Program Files\WinSnare(4.1.0)
[-] Složka smazána: C:\Program Files\WinSnare(4.1.1)
[-] Složka smazána: C:\Program Files\WinSnare(4.1.2)
[-] Složka smazána: C:\Users\___\AppData\Roaming\aMule
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKU\.DEFAULT\Software\ecb`nl
[-] Klíč smazán: HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\Software\WinSnare
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ecb`nl
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\WinSnare
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\Reimage
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\ecb`nl
[-] Klíč smazán: HKLM\SOFTWARE\amule-custom
[-] Klíč smazán: HKLM\SOFTWARE\InterSect Alliance
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSnare]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx]
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2325 Bajty] - [21/02/2017 22:14:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [2616 Bajty] - [21/02/2017 22:13:41]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2471 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Falešný Google Chrome?
Podle logu by měl být GCHr regulérní. Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Falešný Google Chrome?
can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2017
Ran by ___ (administrator) on ___-PC (22-02-2017 18:54:59)
Running from C:\Users\___\Desktop
Loaded Profiles: ___ (Available Profiles: ___)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\AEstSrv.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x86__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7870.57621.0_x86__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_e6e0ba45ad01c789\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6828448 2017-02-13] (SUPERAntiSpyware)
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3777728 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {5deb70af-e564-11e6-a70a-0027133b9d6d} - "F:\setup\rsrc\Autorun.exe"
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {80a30735-4d02-11e6-a6ca-0027133b9d6d} - "G:\Autorun.exe"
HKLM\...\Providers\4npy9w9v: C:\Program Files\Vgaentqafik Cloud\local32spl.dll
ShellExecuteHooks: No Name - {17F3D7BA-DE42-11E6-B7E8-64006A5CFC23} - C:\Users\___\AppData\Roaming\Anarech\Migosavocult.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ccb5779f-576b-4599-9771-04b6bcd1d09b}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: dsuxlskh.default
FF ProfilePath: C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default [2017-02-22]
FF Homepage: Mozilla\Firefox\Profiles\dsuxlskh.default -> hxxps://www.google.cz/
FF Extension: (Download Manager (S3)) - C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default\Extensions\s3download@statusbar.xpi [2017-01-28]
FF Extension: (Adblock Plus) - C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default\features\{6481995f-66e6-4a40-b7b6-593a3f766455}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF ProfilePath: C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default [2017-02-20]
FF Homepage: Firefox\Firefox\Profiles\dsuxlskh.default -> www.google.com/
FF Extension: (Czech (CZ) Language Pack) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-02-20] [not signed]
FF Extension: (Download Manager (S3)) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\Extensions\s3download@statusbar.xpi [2017-01-28]
FF Extension: (Adblock Plus) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\features\{6481995f-66e6-4a40-b7b6-593a3f766455}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-22] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/"
CHR Profile: C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-07] <==== ATTENTION
CHR Extension: (Vyhledávání Google) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Tabulky Google) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-31]
CHR Extension: (Dokumenty Google offline) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-31]
CHR Extension: (Avast Online Security) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-31]
CHR Extension: (Gmail) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-13] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [111104 2017-02-17] () [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1142464 2016-12-22] (Disc Soft Ltd)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\STacSV.exe [229458 2010-03-17] (IDT, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
S2 Prcule; C:\Program Files\Sipeied\PhehesyreefukMnt.dll [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [26168 2016-07-18] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [40504 2016-07-18] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R1 MpKsl2d63c6ec; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA209D3F-8EB0-4CB7-812C-B024B33ED11F}\MpKsl2d63c6ec.sys [39168 2017-02-22] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x86.sys [242688 2016-07-16] (Marvell)
U0 aswVmm; no ImagePath
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 18:51 - 2017-02-22 18:51 - 00000000 ____D C:\Users\___\Desktop\FRST-OlderVersion
2017-02-22 18:48 - 2017-02-22 18:07 - 01426310 _____ C:\Users\___\Desktop\Panák - ČK.pdf
2017-02-22 18:48 - 2017-02-22 18:07 - 00648540 _____ C:\Users\___\Desktop\01VM28ČJ4 Harry Potter a kámen mudrců - pracovní list.pdf
2017-02-22 18:07 - 2017-02-22 18:07 - 02972423 _____ C:\Users\___\Downloads\Fwd__Klubov%c3%a9_setk%c3%a1n%c3%ad_-_27._2._2017.zip
2017-02-22 17:57 - 2017-02-22 17:59 - 71603866 _____ C:\Users\___\Downloads\WP_20170221_18_14_42_Pro.mp4
2017-02-22 16:09 - 2017-02-22 16:09 - 00000000 ___HD C:\OneDriveTemp
2017-02-21 22:16 - 2017-02-22 16:00 - 00000016 _____ C:\Users\Public\Documents\temp.dat
2017-02-21 22:10 - 2017-02-21 22:14 - 00000000 ____D C:\AdwCleaner
2017-02-21 22:10 - 2017-02-21 22:10 - 04015056 _____ C:\Users\___\Desktop\adwcleaner_6.043.exe
2017-02-21 21:43 - 2017-02-22 18:55 - 00012713 _____ C:\Users\___\Desktop\FRST.txt
2017-02-21 21:43 - 2017-02-21 21:43 - 00000000 ____D C:\FRST
2017-02-21 21:40 - 2017-02-22 18:51 - 01764864 _____ (Farbar) C:\Users\___\Desktop\FRST.exe
2017-02-21 21:33 - 2017-02-21 21:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\___\Downloads\hijackthis.exe
2017-02-21 20:19 - 2017-02-21 20:19 - 00000231 _____ C:\Users\___\Desktop\Žehlicí prkna od Méně než 1 000 Kč, Elektrické - Heureka.cz.URL
2017-02-21 18:05 - 2017-02-21 19:27 - 1469417870 _____ C:\Users\___\Downloads\Noční-zvířata-Nocturnal-Animals-(2016)-CZ-titulky.mp4
2017-02-21 16:52 - 2017-02-21 19:20 - 2527205430 _____ C:\Users\___\Downloads\Captain-America_Obcanska-valka---Captain-America_Civil-War-2016_cz.avi
2017-02-20 21:18 - 2017-02-20 22:49 - 1629626354 _____ C:\Users\___\Downloads\Bridge-of-Spies---Most-spionu---2015(1).avi
2017-02-20 21:17 - 2017-02-22 17:01 - 2795733874 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky(1).avi
2017-02-20 20:30 - 2017-02-20 20:31 - 00000000 ____D C:\Users\___\Desktop\tisk doučko
2017-02-20 20:25 - 2017-02-20 21:14 - 876511232 _____ C:\Users\___\Downloads\Bridge-of-Spies---Most-spionu---2015.avi.part
2017-02-20 20:25 - 2017-02-20 20:25 - 00000000 _____ C:\Users\___\Downloads\Bridge-of-Spies---Most-spionu---2015.avi
2017-02-20 20:24 - 2017-02-20 21:14 - 885832313 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky.avi.part
2017-02-20 20:24 - 2017-02-20 20:24 - 00000000 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky.avi
2017-02-20 17:42 - 2017-02-20 22:32 - 00000000 ____D C:\Program Files\BikaQRssReader
2017-02-20 16:21 - 2017-02-20 17:42 - 1439502082 _____ C:\Users\___\Downloads\Spotlight_2015_CZ-tit_82csfd_SvetN_.avi
2017-02-20 16:18 - 2017-02-20 17:40 - 1468306025 _____ C:\Users\___\Downloads\ozark.sharks.2016.mp4
2017-02-20 15:48 - 2017-02-20 15:48 - 00000000 ____D C:\Users\___\Documents\aMule Downloads
2017-02-19 20:15 - 2017-02-19 20:15 - 00093710 _____ C:\Users\___\Downloads\Hacksaw.Ridge.2016.WEB-DL.XviD.AC3-FGT.srt
2017-02-17 08:54 - 2017-02-17 08:54 - 00000000 ____D C:\Users\___\AppData\Local\Firefox
2017-02-17 08:53 - 2017-02-17 08:53 - 00000000 ____D C:\Users\___\AppData\Roaming\Firefox
2017-02-17 08:53 - 2017-02-17 08:53 - 00000000 ____D C:\ProgramData\Apple
2017-02-14 16:38 - 2017-02-14 16:38 - 00000224 _____ C:\Users\___\Desktop\Rezervace Ceník Sokol Zábřeh.URL
2017-02-09 15:40 - 2017-02-09 15:40 - 00002457 _____ C:\Users\___\Desktop\TimeGate.lnk
2017-02-09 15:39 - 2017-02-09 15:40 - 78394880 _____ C:\Users\___\Downloads\timegate.exe
2017-02-08 21:38 - 2017-02-20 17:38 - 00029160 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-02-08 20:23 - 2017-02-20 17:38 - 00000000 ____D C:\Program Files\4npy9w9v
2017-02-07 20:28 - 2017-02-21 19:47 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-07 20:27 - 2017-02-08 22:05 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-02-07 20:27 - 2017-02-08 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-02-07 20:27 - 2017-02-08 22:05 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-02-07 20:27 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-07 20:27 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-07 20:27 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-07 20:25 - 2017-02-07 20:25 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\___\Downloads\mbam-setup-2.1.4.1018.exe
2017-01-29 10:05 - 2017-01-29 10:05 - 00001211 _____ C:\Users\___\Desktop\Return to Castle Wolfenstein (Single Player).lnk
2017-01-29 10:05 - 2017-01-29 10:05 - 00001211 _____ C:\Users\___\Desktop\Return to Castle Wolfenstein (Multiplayer).lnk
2017-01-29 10:04 - 2017-01-29 10:05 - 00000000 ____D C:\Program Files\Return to Castle Wolfenstein - Platinum Edition
2017-01-29 09:51 - 2017-01-29 10:05 - 00000000 ____D C:\Users\___\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein - Platinum Edition
2017-01-29 09:51 - 2017-01-29 09:51 - 00001097 _____ C:\Users\___\Desktop\Wolfenstein - Enemy Territory.lnk
2017-01-29 09:50 - 2017-01-29 09:57 - 00000000 ____D C:\Program Files\Wolfenstein - Enemy Territory
2017-01-29 09:43 - 2017-01-29 10:05 - 00001045 _____ C:\WINDOWS\Rtcwplat.INI
2017-01-29 09:41 - 2017-01-29 09:41 - 00000000 ____D C:\Users\___\Downloads\Return-to-Castle-Wolfenstein---Platinum-Edition-PC-iso-[ResourceRG-Games-by-KloWn]
2017-01-29 09:39 - 2017-01-29 09:39 - 00000000 ____D C:\ProgramData\Avira
2017-01-29 09:39 - 2017-01-29 09:39 - 00000000 ____D C:\ProgramData\Avg
2017-01-29 09:39 - 2017-01-29 09:39 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-29 09:38 - 2017-02-07 19:45 - 00000000 ____D C:\Users\___\AppData\Roaming\Anarech
2017-01-29 09:38 - 2017-01-29 09:38 - 00000000 ____D C:\Users\___\AppData\Local\Quncult
2017-01-29 09:37 - 2017-01-29 09:39 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-01-29 09:37 - 2017-01-29 09:37 - 00001999 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-01-29 09:37 - 2017-01-29 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-01-28 23:32 - 2017-01-29 00:30 - 1008856919 _____ C:\Users\___\Downloads\Return-to-Castle-Wolfenstein---Platinum-Edition-PC-iso-[ResourceRG-Games-by-KloWn].rar
2017-01-28 15:44 - 2017-01-28 15:44 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2017-01-28 15:44 - 2017-01-28 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-01-28 15:44 - 2017-01-28 15:44 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2017-01-28 15:43 - 2017-01-28 15:43 - 00000000 ___HD C:\Program Files\CanonBJ
2017-01-28 15:43 - 2017-01-28 15:43 - 00000000 ____D C:\WINDOWS\system32\STRING
2017-01-28 15:43 - 2012-06-14 17:18 - 00366592 _____ (CANON INC.) C:\WINDOWS\system32\CNMNPPM.DLL
2017-01-28 15:43 - 2012-06-14 17:18 - 00035840 _____ (CANON INC.) C:\WINDOWS\system32\CNMNPUI.DLL
2017-01-28 15:41 - 2017-02-08 22:26 - 00000000 ____D C:\Program Files\Canon
2017-01-28 15:40 - 2017-01-28 15:40 - 22842528 _____ C:\Users\___\Downloads\mast-win-mg3100-1_1-ucd.exe
2017-01-28 15:40 - 2017-01-28 15:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-28 15:40 - 2011-04-27 11:00 - 00323584 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARL.dll
2017-01-28 15:40 - 2011-03-31 10:07 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARU.dll
2017-01-28 15:40 - 2011-03-31 10:05 - 00286720 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARC.dll
2017-01-28 15:40 - 2011-03-31 10:05 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARI.dll
2017-01-28 15:40 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA.dll
2017-01-28 15:26 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 18:54 - 2016-11-18 13:20 - 00000000 ____D C:\Users\___\AppData\LocalLow\Mozilla
2017-02-22 18:48 - 2016-09-28 17:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-22 16:17 - 2016-07-16 09:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 16:17 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 16:09 - 2016-04-03 07:08 - 00000000 ___RD C:\Users\___\OneDrive
2017-02-21 22:16 - 2016-09-28 18:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-21 22:15 - 2016-07-16 03:22 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-21 21:34 - 2016-01-16 16:09 - 00000000 ____D C:\Users\___\AppData\Local\VirtualStore
2017-02-21 21:32 - 2016-01-27 20:13 - 00000000 ____D C:\Users\___\AppData\Roaming\vlc
2017-02-20 21:13 - 2016-11-18 13:20 - 00001984 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-20 20:34 - 2016-03-01 18:31 - 00000000 ____D C:\Users\___\Documents\Soubory aplikace Outlook
2017-02-20 17:44 - 2016-01-16 16:23 - 00002030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-20 16:09 - 2016-01-31 11:43 - 00000000 ____D C:\Users\___\AppData\Local\Google
2017-02-20 16:02 - 2016-07-16 18:04 - 00000000 ____D C:\WINDOWS\RemotePackages
2017-02-20 16:02 - 2016-07-16 09:29 - 00000000 ____D C:\Program Files\Common Files\Services
2017-02-19 22:48 - 2016-01-19 16:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-07 20:53 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-01-29 11:40 - 2016-11-18 11:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-29 11:40 - 2016-05-29 10:35 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-29 11:40 - 2016-01-16 16:23 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-01-29 11:39 - 2016-09-28 17:53 - 00000000 ____D C:\Users\___
2017-01-29 09:42 - 2016-07-18 17:44 - 00000000 ____D C:\Users\___\AppData\Roaming\DAEMON Tools Lite
2017-01-29 09:39 - 2016-06-16 13:07 - 00000000 ____D C:\Sygic
2017-01-29 09:39 - 2016-04-28 21:08 - 00000000 ____D C:\Kontakty telefon - záloha
2017-01-29 09:39 - 2016-01-31 11:49 - 00000000 ___RD C:\Program Files\Skype
2017-01-29 09:39 - 2016-01-16 18:26 - 00000000 ____D C:\Pepča
2017-01-29 09:39 - 2016-01-16 16:28 - 00000000 ____D C:\c607b7d8a7ac65340e4282ec44b422
2017-01-28 23:34 - 2016-10-04 13:44 - 00000000 ____D C:\Users\___\Documents\My Games
2017-01-28 23:34 - 2016-01-16 19:00 - 00000000 ____D C:\Hry
2017-01-28 23:34 - 2016-01-16 16:11 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-01-28 23:31 - 2016-02-13 13:12 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-28 15:44 - 2016-07-16 09:28 - 00000000 ____D C:\WINDOWS\INF
2017-01-28 15:40 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\Media
2017-01-28 15:30 - 2016-07-16 09:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 20:16 - 2016-04-03 07:08 - 00002421 _____ C:\Users\___\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
==================== Files in the root of some directories =======
2016-10-06 20:56 - 2016-10-06 20:56 - 0000040 _____ () C:\ProgramData\ra3.ini
Some files in TEMP:
====================
2017-01-29 09:36 - 2017-01-29 09:36 - 0692488 _____ (Disc Soft Ltd.) C:\Users\___\AppData\Local\Temp\DAEMON Tools Lite.exe
2017-01-28 15:41 - 2011-05-10 15:49 - 0852080 ____N (CANON INC.) C:\Users\___\AppData\Local\Temp\MSETUP4.EXE
2016-08-16 08:48 - 2016-08-16 08:48 - 0488960 _____ () C:\Users\___\AppData\Local\Temp\sqlite3.exe
2017-01-28 15:43 - 2011-03-23 13:48 - 0349592 _____ (CANON INC.) C:\Users\___\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-17 08:50
==================== End of FRST.txt ============================
Ran by ___ (administrator) on ___-PC (22-02-2017 18:54:59)
Running from C:\Users\___\Desktop
Loaded Profiles: ___ (Available Profiles: ___)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\AEstSrv.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x86__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7870.57621.0_x86__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_e6e0ba45ad01c789\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6828448 2017-02-13] (SUPERAntiSpyware)
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3777728 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {5deb70af-e564-11e6-a70a-0027133b9d6d} - "F:\setup\rsrc\Autorun.exe"
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {80a30735-4d02-11e6-a6ca-0027133b9d6d} - "G:\Autorun.exe"
HKLM\...\Providers\4npy9w9v: C:\Program Files\Vgaentqafik Cloud\local32spl.dll
ShellExecuteHooks: No Name - {17F3D7BA-DE42-11E6-B7E8-64006A5CFC23} - C:\Users\___\AppData\Roaming\Anarech\Migosavocult.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ccb5779f-576b-4599-9771-04b6bcd1d09b}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: dsuxlskh.default
FF ProfilePath: C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default [2017-02-22]
FF Homepage: Mozilla\Firefox\Profiles\dsuxlskh.default -> hxxps://www.google.cz/
FF Extension: (Download Manager (S3)) - C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default\Extensions\s3download@statusbar.xpi [2017-01-28]
FF Extension: (Adblock Plus) - C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\___\AppData\Roaming\Mozilla\Firefox\Profiles\dsuxlskh.default\features\{6481995f-66e6-4a40-b7b6-593a3f766455}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF ProfilePath: C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default [2017-02-20]
FF Homepage: Firefox\Firefox\Profiles\dsuxlskh.default -> www.google.com/
FF Extension: (Czech (CZ) Language Pack) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-02-20] [not signed]
FF Extension: (Download Manager (S3)) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\Extensions\s3download@statusbar.xpi [2017-01-28]
FF Extension: (Adblock Plus) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\___\AppData\Roaming\Firefox\Firefox\Profiles\dsuxlskh.default\features\{6481995f-66e6-4a40-b7b6-593a3f766455}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-22] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/"
CHR Profile: C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-07] <==== ATTENTION
CHR Extension: (Vyhledávání Google) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Tabulky Google) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-31]
CHR Extension: (Dokumenty Google offline) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-31]
CHR Extension: (Avast Online Security) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-31]
CHR Extension: (Gmail) - C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-13] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [111104 2017-02-17] () [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1142464 2016-12-22] (Disc Soft Ltd)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_7b6e808b01435efc\STacSV.exe [229458 2010-03-17] (IDT, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
S2 Prcule; C:\Program Files\Sipeied\PhehesyreefukMnt.dll [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [26168 2016-07-18] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [40504 2016-07-18] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R1 MpKsl2d63c6ec; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA209D3F-8EB0-4CB7-812C-B024B33ED11F}\MpKsl2d63c6ec.sys [39168 2017-02-22] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x86.sys [242688 2016-07-16] (Marvell)
U0 aswVmm; no ImagePath
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 18:51 - 2017-02-22 18:51 - 00000000 ____D C:\Users\___\Desktop\FRST-OlderVersion
2017-02-22 18:48 - 2017-02-22 18:07 - 01426310 _____ C:\Users\___\Desktop\Panák - ČK.pdf
2017-02-22 18:48 - 2017-02-22 18:07 - 00648540 _____ C:\Users\___\Desktop\01VM28ČJ4 Harry Potter a kámen mudrců - pracovní list.pdf
2017-02-22 18:07 - 2017-02-22 18:07 - 02972423 _____ C:\Users\___\Downloads\Fwd__Klubov%c3%a9_setk%c3%a1n%c3%ad_-_27._2._2017.zip
2017-02-22 17:57 - 2017-02-22 17:59 - 71603866 _____ C:\Users\___\Downloads\WP_20170221_18_14_42_Pro.mp4
2017-02-22 16:09 - 2017-02-22 16:09 - 00000000 ___HD C:\OneDriveTemp
2017-02-21 22:16 - 2017-02-22 16:00 - 00000016 _____ C:\Users\Public\Documents\temp.dat
2017-02-21 22:10 - 2017-02-21 22:14 - 00000000 ____D C:\AdwCleaner
2017-02-21 22:10 - 2017-02-21 22:10 - 04015056 _____ C:\Users\___\Desktop\adwcleaner_6.043.exe
2017-02-21 21:43 - 2017-02-22 18:55 - 00012713 _____ C:\Users\___\Desktop\FRST.txt
2017-02-21 21:43 - 2017-02-21 21:43 - 00000000 ____D C:\FRST
2017-02-21 21:40 - 2017-02-22 18:51 - 01764864 _____ (Farbar) C:\Users\___\Desktop\FRST.exe
2017-02-21 21:33 - 2017-02-21 21:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\___\Downloads\hijackthis.exe
2017-02-21 20:19 - 2017-02-21 20:19 - 00000231 _____ C:\Users\___\Desktop\Žehlicí prkna od Méně než 1 000 Kč, Elektrické - Heureka.cz.URL
2017-02-21 18:05 - 2017-02-21 19:27 - 1469417870 _____ C:\Users\___\Downloads\Noční-zvířata-Nocturnal-Animals-(2016)-CZ-titulky.mp4
2017-02-21 16:52 - 2017-02-21 19:20 - 2527205430 _____ C:\Users\___\Downloads\Captain-America_Obcanska-valka---Captain-America_Civil-War-2016_cz.avi
2017-02-20 21:18 - 2017-02-20 22:49 - 1629626354 _____ C:\Users\___\Downloads\Bridge-of-Spies---Most-spionu---2015(1).avi
2017-02-20 21:17 - 2017-02-22 17:01 - 2795733874 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky(1).avi
2017-02-20 20:30 - 2017-02-20 20:31 - 00000000 ____D C:\Users\___\Desktop\tisk doučko
2017-02-20 20:25 - 2017-02-20 21:14 - 876511232 _____ C:\Users\___\Downloads\Bridge-of-Spies---Most-spionu---2015.avi.part
2017-02-20 20:25 - 2017-02-20 20:25 - 00000000 _____ C:\Users\___\Downloads\Bridge-of-Spies---Most-spionu---2015.avi
2017-02-20 20:24 - 2017-02-20 21:14 - 885832313 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky.avi.part
2017-02-20 20:24 - 2017-02-20 20:24 - 00000000 _____ C:\Users\___\Downloads\Az-na-vrchol-2015-Dokument-CZ.titulky.avi
2017-02-20 17:42 - 2017-02-20 22:32 - 00000000 ____D C:\Program Files\BikaQRssReader
2017-02-20 16:21 - 2017-02-20 17:42 - 1439502082 _____ C:\Users\___\Downloads\Spotlight_2015_CZ-tit_82csfd_SvetN_.avi
2017-02-20 16:18 - 2017-02-20 17:40 - 1468306025 _____ C:\Users\___\Downloads\ozark.sharks.2016.mp4
2017-02-20 15:48 - 2017-02-20 15:48 - 00000000 ____D C:\Users\___\Documents\aMule Downloads
2017-02-19 20:15 - 2017-02-19 20:15 - 00093710 _____ C:\Users\___\Downloads\Hacksaw.Ridge.2016.WEB-DL.XviD.AC3-FGT.srt
2017-02-17 08:54 - 2017-02-17 08:54 - 00000000 ____D C:\Users\___\AppData\Local\Firefox
2017-02-17 08:53 - 2017-02-17 08:53 - 00000000 ____D C:\Users\___\AppData\Roaming\Firefox
2017-02-17 08:53 - 2017-02-17 08:53 - 00000000 ____D C:\ProgramData\Apple
2017-02-14 16:38 - 2017-02-14 16:38 - 00000224 _____ C:\Users\___\Desktop\Rezervace Ceník Sokol Zábřeh.URL
2017-02-09 15:40 - 2017-02-09 15:40 - 00002457 _____ C:\Users\___\Desktop\TimeGate.lnk
2017-02-09 15:39 - 2017-02-09 15:40 - 78394880 _____ C:\Users\___\Downloads\timegate.exe
2017-02-08 21:38 - 2017-02-20 17:38 - 00029160 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-02-08 20:23 - 2017-02-20 17:38 - 00000000 ____D C:\Program Files\4npy9w9v
2017-02-07 20:28 - 2017-02-21 19:47 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-07 20:27 - 2017-02-08 22:05 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-02-07 20:27 - 2017-02-08 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-02-07 20:27 - 2017-02-08 22:05 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-02-07 20:27 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-07 20:27 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-07 20:27 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-07 20:25 - 2017-02-07 20:25 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\___\Downloads\mbam-setup-2.1.4.1018.exe
2017-01-29 10:05 - 2017-01-29 10:05 - 00001211 _____ C:\Users\___\Desktop\Return to Castle Wolfenstein (Single Player).lnk
2017-01-29 10:05 - 2017-01-29 10:05 - 00001211 _____ C:\Users\___\Desktop\Return to Castle Wolfenstein (Multiplayer).lnk
2017-01-29 10:04 - 2017-01-29 10:05 - 00000000 ____D C:\Program Files\Return to Castle Wolfenstein - Platinum Edition
2017-01-29 09:51 - 2017-01-29 10:05 - 00000000 ____D C:\Users\___\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein - Platinum Edition
2017-01-29 09:51 - 2017-01-29 09:51 - 00001097 _____ C:\Users\___\Desktop\Wolfenstein - Enemy Territory.lnk
2017-01-29 09:50 - 2017-01-29 09:57 - 00000000 ____D C:\Program Files\Wolfenstein - Enemy Territory
2017-01-29 09:43 - 2017-01-29 10:05 - 00001045 _____ C:\WINDOWS\Rtcwplat.INI
2017-01-29 09:41 - 2017-01-29 09:41 - 00000000 ____D C:\Users\___\Downloads\Return-to-Castle-Wolfenstein---Platinum-Edition-PC-iso-[ResourceRG-Games-by-KloWn]
2017-01-29 09:39 - 2017-01-29 09:39 - 00000000 ____D C:\ProgramData\Avira
2017-01-29 09:39 - 2017-01-29 09:39 - 00000000 ____D C:\ProgramData\Avg
2017-01-29 09:39 - 2017-01-29 09:39 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-29 09:38 - 2017-02-07 19:45 - 00000000 ____D C:\Users\___\AppData\Roaming\Anarech
2017-01-29 09:38 - 2017-01-29 09:38 - 00000000 ____D C:\Users\___\AppData\Local\Quncult
2017-01-29 09:37 - 2017-01-29 09:39 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-01-29 09:37 - 2017-01-29 09:37 - 00001999 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-01-29 09:37 - 2017-01-29 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-01-28 23:32 - 2017-01-29 00:30 - 1008856919 _____ C:\Users\___\Downloads\Return-to-Castle-Wolfenstein---Platinum-Edition-PC-iso-[ResourceRG-Games-by-KloWn].rar
2017-01-28 15:44 - 2017-01-28 15:44 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2017-01-28 15:44 - 2017-01-28 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-01-28 15:44 - 2017-01-28 15:44 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2017-01-28 15:43 - 2017-01-28 15:43 - 00000000 ___HD C:\Program Files\CanonBJ
2017-01-28 15:43 - 2017-01-28 15:43 - 00000000 ____D C:\WINDOWS\system32\STRING
2017-01-28 15:43 - 2012-06-14 17:18 - 00366592 _____ (CANON INC.) C:\WINDOWS\system32\CNMNPPM.DLL
2017-01-28 15:43 - 2012-06-14 17:18 - 00035840 _____ (CANON INC.) C:\WINDOWS\system32\CNMNPUI.DLL
2017-01-28 15:41 - 2017-02-08 22:26 - 00000000 ____D C:\Program Files\Canon
2017-01-28 15:40 - 2017-01-28 15:40 - 22842528 _____ C:\Users\___\Downloads\mast-win-mg3100-1_1-ucd.exe
2017-01-28 15:40 - 2017-01-28 15:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-28 15:40 - 2011-04-27 11:00 - 00323584 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARL.dll
2017-01-28 15:40 - 2011-03-31 10:07 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARU.dll
2017-01-28 15:40 - 2011-03-31 10:05 - 00286720 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARC.dll
2017-01-28 15:40 - 2011-03-31 10:05 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ARI.dll
2017-01-28 15:40 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA.dll
2017-01-28 15:26 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 18:54 - 2016-11-18 13:20 - 00000000 ____D C:\Users\___\AppData\LocalLow\Mozilla
2017-02-22 18:48 - 2016-09-28 17:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-22 16:17 - 2016-07-16 09:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 16:17 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 16:09 - 2016-04-03 07:08 - 00000000 ___RD C:\Users\___\OneDrive
2017-02-21 22:16 - 2016-09-28 18:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-21 22:15 - 2016-07-16 03:22 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-21 21:34 - 2016-01-16 16:09 - 00000000 ____D C:\Users\___\AppData\Local\VirtualStore
2017-02-21 21:32 - 2016-01-27 20:13 - 00000000 ____D C:\Users\___\AppData\Roaming\vlc
2017-02-20 21:13 - 2016-11-18 13:20 - 00001984 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-20 20:34 - 2016-03-01 18:31 - 00000000 ____D C:\Users\___\Documents\Soubory aplikace Outlook
2017-02-20 17:44 - 2016-01-16 16:23 - 00002030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-20 16:09 - 2016-01-31 11:43 - 00000000 ____D C:\Users\___\AppData\Local\Google
2017-02-20 16:02 - 2016-07-16 18:04 - 00000000 ____D C:\WINDOWS\RemotePackages
2017-02-20 16:02 - 2016-07-16 09:29 - 00000000 ____D C:\Program Files\Common Files\Services
2017-02-19 22:48 - 2016-01-19 16:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-07 20:53 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-01-29 11:40 - 2016-11-18 11:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-29 11:40 - 2016-05-29 10:35 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-29 11:40 - 2016-01-16 16:23 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-01-29 11:39 - 2016-09-28 17:53 - 00000000 ____D C:\Users\___
2017-01-29 09:42 - 2016-07-18 17:44 - 00000000 ____D C:\Users\___\AppData\Roaming\DAEMON Tools Lite
2017-01-29 09:39 - 2016-06-16 13:07 - 00000000 ____D C:\Sygic
2017-01-29 09:39 - 2016-04-28 21:08 - 00000000 ____D C:\Kontakty telefon - záloha
2017-01-29 09:39 - 2016-01-31 11:49 - 00000000 ___RD C:\Program Files\Skype
2017-01-29 09:39 - 2016-01-16 18:26 - 00000000 ____D C:\Pepča
2017-01-29 09:39 - 2016-01-16 16:28 - 00000000 ____D C:\c607b7d8a7ac65340e4282ec44b422
2017-01-28 23:34 - 2016-10-04 13:44 - 00000000 ____D C:\Users\___\Documents\My Games
2017-01-28 23:34 - 2016-01-16 19:00 - 00000000 ____D C:\Hry
2017-01-28 23:34 - 2016-01-16 16:11 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-01-28 23:31 - 2016-02-13 13:12 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-28 15:44 - 2016-07-16 09:28 - 00000000 ____D C:\WINDOWS\INF
2017-01-28 15:40 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\Media
2017-01-28 15:30 - 2016-07-16 09:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 20:16 - 2016-04-03 07:08 - 00002421 _____ C:\Users\___\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
==================== Files in the root of some directories =======
2016-10-06 20:56 - 2016-10-06 20:56 - 0000040 _____ () C:\ProgramData\ra3.ini
Some files in TEMP:
====================
2017-01-29 09:36 - 2017-01-29 09:36 - 0692488 _____ (Disc Soft Ltd.) C:\Users\___\AppData\Local\Temp\DAEMON Tools Lite.exe
2017-01-28 15:41 - 2011-05-10 15:49 - 0852080 ____N (CANON INC.) C:\Users\___\AppData\Local\Temp\MSETUP4.EXE
2016-08-16 08:48 - 2016-08-16 08:48 - 0488960 _____ () C:\Users\___\AppData\Local\Temp\sqlite3.exe
2017-01-28 15:43 - 2011-03-23 13:48 - 0349592 _____ (CANON INC.) C:\Users\___\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-17 08:50
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Falešný Google Chrome?
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {5deb70af-e564-11e6-a70a-0027133b9d6d} - "F:\setup\rsrc\Autorun.exe"
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {80a30735-4d02-11e6-a6ca-0027133b9d6d} - "G:\Autorun.exe"
ShellExecuteHooks: No Name - {17F3D7BA-DE42-11E6-B7E8-64006A5CFC23} - C:\Users\___\AppData\Roaming\Anarech\Migosavocult.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
CHR Profile: C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-07] <==== ATTENTION
U0 aswVmm; no ImagePath
U3 idsvc; no ImagePath
C:\Program Files\4npy9w9v
C:\WINDOWS\LastGood.Tmp
C:\Users\___\AppData\Local\Temp
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Falešný Google Chrome?
Fix result of Farbar Recovery Scan Tool (x86) Version: 22-02-2017
Ran by ___ (22-02-2017 20:15:22) Run:1
Running from C:\Users\___\Desktop
Loaded Profiles: ___ (Available Profiles: ___)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {5deb70af-e564-11e6-a70a-0027133b9d6d} - "F:\setup\rsrc\Autorun.exe"
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {80a30735-4d02-11e6-a6ca-0027133b9d6d} - "G:\Autorun.exe"
ShellExecuteHooks: No Name - {17F3D7BA-DE42-11E6-B7E8-64006A5CFC23} - C:\Users\___\AppData\Roaming\Anarech\Migosavocult.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
CHR Profile: C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-07] <==== ATTENTION
U0 aswVmm; no ImagePath
U3 idsvc; no ImagePath
C:\Program Files\4npy9w9v
C:\WINDOWS\LastGood.Tmp
C:\Users\___\AppData\Local\Temp
EmptyTemp:
End
*****************
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5deb70af-e564-11e6-a70a-0027133b9d6d} => key removed successfully.
HKCR\CLSID\{5deb70af-e564-11e6-a70a-0027133b9d6d} => key not found.
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80a30735-4d02-11e6-a6ca-0027133b9d6d} => key removed successfully.
HKCR\CLSID\{80a30735-4d02-11e6-a6ca-0027133b9d6d} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{17F3D7BA-DE42-11E6-B7E8-64006A5CFC23} => value removed successfully.
HKCR\CLSID\{17F3D7BA-DE42-11E6-B7E8-64006A5CFC23} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully.
aswVmm => service removed successfully.
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully.
idsvc => service removed successfully.
C:\Program Files\4npy9w9v => moved successfully
C:\WINDOWS\LastGood.Tmp => moved successfully
"C:\Users\___\AppData\Local\Temp" folder move:
Could not move "C:\Users\___\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 4425805 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 427511813 B
Java, Flash, Steam htmlcache => 2622 B
Windows/system/drivers => 20465181 B
Edge => 9216 B
Chrome => 0 B
Firefox => 372205855 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 10731587 B
LocalService => 16779978 B
NetworkService => 8324 B
___ => 460341136 B
RecycleBin => 2070874101 B
EmptyTemp: => 3.2 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-02-2017 20:20:16)
C:\Users\___\AppData\Local\Temp => moved successfully
==== End of Fixlog 20:20:17 ====
Ran by ___ (22-02-2017 20:15:22) Run:1
Running from C:\Users\___\Desktop
Loaded Profiles: ___ (Available Profiles: ___)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {5deb70af-e564-11e6-a70a-0027133b9d6d} - "F:\setup\rsrc\Autorun.exe"
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\...\MountPoints2: {80a30735-4d02-11e6-a6ca-0027133b9d6d} - "G:\Autorun.exe"
ShellExecuteHooks: No Name - {17F3D7BA-DE42-11E6-B7E8-64006A5CFC23} - C:\Users\___\AppData\Roaming\Anarech\Migosavocult.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
CHR Profile: C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-07] <==== ATTENTION
U0 aswVmm; no ImagePath
U3 idsvc; no ImagePath
C:\Program Files\4npy9w9v
C:\WINDOWS\LastGood.Tmp
C:\Users\___\AppData\Local\Temp
EmptyTemp:
End
*****************
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5deb70af-e564-11e6-a70a-0027133b9d6d} => key removed successfully.
HKCR\CLSID\{5deb70af-e564-11e6-a70a-0027133b9d6d} => key not found.
HKU\S-1-5-21-2560992328-1218912883-2014096760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80a30735-4d02-11e6-a6ca-0027133b9d6d} => key removed successfully.
HKCR\CLSID\{80a30735-4d02-11e6-a6ca-0027133b9d6d} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{17F3D7BA-DE42-11E6-B7E8-64006A5CFC23} => value removed successfully.
HKCR\CLSID\{17F3D7BA-DE42-11E6-B7E8-64006A5CFC23} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Users\___\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully.
aswVmm => service removed successfully.
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully.
idsvc => service removed successfully.
C:\Program Files\4npy9w9v => moved successfully
C:\WINDOWS\LastGood.Tmp => moved successfully
"C:\Users\___\AppData\Local\Temp" folder move:
Could not move "C:\Users\___\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 4425805 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 427511813 B
Java, Flash, Steam htmlcache => 2622 B
Windows/system/drivers => 20465181 B
Edge => 9216 B
Chrome => 0 B
Firefox => 372205855 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 10731587 B
LocalService => 16779978 B
NetworkService => 8324 B
___ => 460341136 B
RecycleBin => 2070874101 B
EmptyTemp: => 3.2 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-02-2017 20:20:16)
C:\Users\___\AppData\Local\Temp => moved successfully
==== End of Fixlog 20:20:17 ====
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Falešný Google Chrome?
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Falešný Google Chrome?
Super, Google Chrome už se znovu sám nenainstaloval zatím.. Ještě bych se zeptal, ono se to instalovalo ještě společně s nějakou aplikací aMuleC - bez mého vědomí...tu jsem 2x odinstaloval a již je pokoj...nemohlo po této aplikaci zůstat něco v PC?
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Falešný Google Chrome?
V logách jsem nic takového neviděl.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?